| <?php |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| if (!defined('IN_PHPBB')) |
| { |
| exit; |
| } |
| |
| |
| |
| |
| |
| class session |
| { |
| var $cookie_data = array(); |
| var $page = array(); |
| var $data = array(); |
| var $browser = ''; |
| var $forwarded_for = ''; |
| var $host = ''; |
| var $session_id = ''; |
| var $ip = ''; |
| var $load = 0; |
| var $time_now = 0; |
| var $update_session_page = true; |
| |
| |
| |
| |
| |
| |
| function extract_current_page($root_path) |
| { |
| $page_array = array(); |
| |
| |
| $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); |
| $args = (!empty($_SERVER['QUERY_STRING'])) ? explode('&', $_SERVER['QUERY_STRING']) : explode('&', getenv('QUERY_STRING')); |
| |
| |
| if (!$script_name) |
| { |
| $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); |
| $script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name; |
| $page_array['failover'] = 1; |
| } |
| |
| |
| $script_name = str_replace(array('\\', '//'), '/', $script_name); |
| |
| |
| $use_args = array(); |
| |
| |
| |
| $find = array('"', "'", '<', '>'); |
| $replace = array('%22', '%27', '%3C', '%3E'); |
| |
| foreach ($args as $key => $argument) |
| { |
| if (strpos($argument, 'sid=') === 0) |
| { |
| continue; |
| } |
| |
| $use_args[] = str_replace($find, $replace, $argument); |
| } |
| unset($args); |
| |
| |
| |
| |
| $query_string = trim(implode('&', $use_args)); |
| |
| |
| $page_name = basename($script_name); |
| $page_name = urlencode(htmlspecialchars($page_name)); |
| |
| |
| $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path))); |
| $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./'))); |
| $intersection = array_intersect_assoc($root_dirs, $page_dirs); |
| |
| $root_dirs = array_diff_assoc($root_dirs, $intersection); |
| $page_dirs = array_diff_assoc($page_dirs, $intersection); |
| |
| $page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); |
| |
| if ($page_dir && substr($page_dir, -1, 1) == '/') |
| { |
| $page_dir = substr($page_dir, 0, -1); |
| } |
| |
| |
| $page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : ''); |
| |
| |
| $script_path = trim(str_replace('\\', '/', dirname($script_name))); |
| |
| |
| $script_dirs = explode('/', $script_path); |
| array_splice($script_dirs, -sizeof($page_dirs)); |
| $root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : ''); |
| |
| |
| if (!$root_script_path) |
| { |
| $root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path; |
| } |
| |
| $script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/'; |
| $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; |
| |
| $page_array += array( |
| 'page_name' => $page_name, |
| 'page_dir' => $page_dir, |
| |
| 'query_string' => $query_string, |
| 'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)), |
| 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), |
| |
| 'page' => $page, |
| 'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0, |
| ); |
| |
| return $page_array; |
| } |
| |
| |
| |
| |
| function extract_current_hostname() |
| { |
| global $config; |
| |
| |
| $host = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); |
| |
| |
| $host = (string) strtolower($host); |
| |
| |
| if ((isset($config['cookie_domain']) && $host === $config['cookie_domain']) || (isset($config['server_name']) && $host === $config['server_name'])) |
| { |
| return $host; |
| } |
| |
| |
| if (long2ip(ip2long($host)) === $host) |
| { |
| return $host; |
| } |
| |
| |
| $host = @parse_url('http://' . $host); |
| $host = (!empty($host['host'])) ? $host['host'] : ''; |
| |
| |
| $host = str_replace('#', '', $host); |
| |
| |
| if (empty($host)) |
| { |
| if (!empty($config['server_name'])) |
| { |
| $host = $config['server_name']; |
| } |
| else if (!empty($config['cookie_domain'])) |
| { |
| $host = (strpos($config['cookie_domain'], '.') === 0) ? substr($config['cookie_domain'], 1) : $config['cookie_domain']; |
| } |
| else |
| { |
| |
| $host = (function_exists('php_uname')) ? php_uname('n') : 'localhost'; |
| } |
| } |
| |
| |
| return $host; |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function session_begin($update_session_page = true) |
| { |
| global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; |
| |
| |
| $this->time_now = time(); |
| $this->cookie_data = array('u' => 0, 'k' => ''); |
| $this->update_session_page = $update_session_page; |
| $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; |
| $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; |
| $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; |
| |
| $this->host = $this->extract_current_hostname(); |
| $this->page = $this->extract_current_page($phpbb_root_path); |
| |
| |
| if ($config['forwarded_for_check']) |
| { |
| $this->forwarded_for = preg_replace('#, +#', ', ', $this->forwarded_for); |
| |
| |
| $ips = explode(', ', $this->forwarded_for); |
| foreach ($ips as $ip) |
| { |
| |
| if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) |
| { |
| |
| $this->forwarded_for = ''; |
| break; |
| } |
| } |
| } |
| else |
| { |
| $this->forwarded_for = ''; |
| } |
| |
| if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) |
| { |
| $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); |
| $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); |
| $this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true); |
| |
| $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; |
| $_SID = (defined('NEED_SID')) ? $this->session_id : ''; |
| |
| if (empty($this->session_id)) |
| { |
| $this->session_id = $_SID = request_var('sid', ''); |
| $SID = '?sid=' . $this->session_id; |
| $this->cookie_data = array('u' => 0, 'k' => ''); |
| } |
| } |
| else |
| { |
| $this->session_id = $_SID = request_var('sid', ''); |
| $SID = '?sid=' . $this->session_id; |
| } |
| |
| $_EXTRA_URL = array(); |
| |
| |
| |
| $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; |
| $this->load = false; |
| |
| |
| if ($config['limit_load'] || $config['limit_search_load']) |
| { |
| if ((function_exists('sys_getloadavg') && $load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg')))) |
| { |
| $this->load = array_slice($load, 0, 1); |
| $this->load = floatval($this->load[0]); |
| } |
| else |
| { |
| set_config('limit_load', '0'); |
| set_config('limit_search_load', '0'); |
| } |
| } |
| |
| |
| if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) |
| { |
| $sql = 'SELECT u.*, s.* |
| FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u |
| WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "' |
| AND u.user_id = s.session_user_id"; |
| $result = $db->sql_query($sql); |
| $this->data = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| |
| |
| if (isset($this->data['user_id'])) |
| { |
| |
| |
| |
| |
| if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false) |
| { |
| $s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']); |
| $u_ip = short_ipv6($this->ip, $config['ip_check']); |
| } |
| else |
| { |
| $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check'])); |
| $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); |
| } |
| |
| $s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : ''; |
| $u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : ''; |
| |
| $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; |
| $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; |
| |
| |
| |
| $check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH); |
| $referer_valid = true; |
| |
| |
| if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') |
| { |
| $referer_valid = $this->validate_referer($check_referer_path); |
| } |
| |
| if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) |
| { |
| $session_expired = false; |
| |
| |
| $method = basename(trim($config['auth_method'])); |
| include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); |
| |
| $method = 'validate_session_' . $method; |
| if (function_exists($method)) |
| { |
| if (!$method($this->data)) |
| { |
| $session_expired = true; |
| } |
| } |
| |
| if (!$session_expired) |
| { |
| |
| |
| if (!$this->data['session_autologin']) |
| { |
| if ($this->data['session_time'] < $this->time_now - ($config['session_length'] + 60)) |
| { |
| $session_expired = true; |
| } |
| } |
| else if (!$config['allow_autologin'] || ($config['max_autologin_time'] && $this->data['session_time'] < $this->time_now - (86400 * (int) $config['max_autologin_time']) + 60)) |
| { |
| $session_expired = true; |
| } |
| } |
| |
| if (!$session_expired) |
| { |
| |
| if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) |
| { |
| $sql_ary = array('session_time' => $this->time_now); |
| |
| if ($this->update_session_page) |
| { |
| $sql_ary['session_page'] = substr($this->page['page'], 0, 199); |
| $sql_ary['session_forum_id'] = $this->page['forum']; |
| } |
| |
| $db->sql_return_on_error(true); |
| |
| $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " |
| WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; |
| $result = $db->sql_query($sql); |
| |
| $db->sql_return_on_error(false); |
| |
| |
| |
| if ($result === false) |
| { |
| unset($sql_ary['session_forum_id']); |
| |
| $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " |
| WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; |
| $db->sql_query($sql); |
| } |
| } |
| |
| $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; |
| $this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false; |
| $this->data['user_lang'] = basename($this->data['user_lang']); |
| |
| return true; |
| } |
| } |
| else |
| { |
| |
| if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) |
| { |
| if ($referer_valid) |
| { |
| add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); |
| } |
| else |
| { |
| add_log('critical', 'LOG_REFERER_INVALID', $this->referer); |
| } |
| } |
| } |
| } |
| } |
| |
| |
| return $this->session_create(); |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true) |
| { |
| global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx; |
| |
| $this->data = array(); |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| if (!$config['allow_autologin']) |
| { |
| $this->cookie_data['k'] = $persist_login = false; |
| } |
| |
| |
| |
| |
| |
| |
| |
| $bot = false; |
| $active_bots = $cache->obtain_bots(); |
| |
| foreach ($active_bots as $row) |
| { |
| if ($row['bot_agent'] && preg_match('#' . str_replace('\*', '.*?', preg_quote($row['bot_agent'], '#')) . '#i', $this->browser)) |
| { |
| $bot = $row['user_id']; |
| } |
| |
| |
| if ($row['bot_ip'] && ($bot || !$row['bot_agent'])) |
| { |
| |
| $bot = false; |
| |
| foreach (explode(',', $row['bot_ip']) as $bot_ip) |
| { |
| if (strpos($this->ip, $bot_ip) === 0) |
| { |
| $bot = (int) $row['user_id']; |
| break; |
| } |
| } |
| } |
| |
| if ($bot) |
| { |
| break; |
| } |
| } |
| |
| $method = basename(trim($config['auth_method'])); |
| include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); |
| |
| $method = 'autologin_' . $method; |
| if (function_exists($method)) |
| { |
| $this->data = $method(); |
| |
| if (sizeof($this->data)) |
| { |
| $this->cookie_data['k'] = ''; |
| $this->cookie_data['u'] = $this->data['user_id']; |
| } |
| } |
| |
| |
| |
| if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) |
| { |
| $sql = 'SELECT u.* |
| FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k |
| WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' |
| AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") |
| AND k.user_id = u.user_id |
| AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; |
| $result = $db->sql_query($sql); |
| $this->data = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| $bot = false; |
| } |
| else if ($user_id !== false && !sizeof($this->data)) |
| { |
| $this->cookie_data['k'] = ''; |
| $this->cookie_data['u'] = $user_id; |
| |
| $sql = 'SELECT * |
| FROM ' . USERS_TABLE . ' |
| WHERE user_id = ' . (int) $this->cookie_data['u'] . ' |
| AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; |
| $result = $db->sql_query($sql); |
| $this->data = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| $bot = false; |
| } |
| |
| |
| |
| |
| |
| |
| if (!sizeof($this->data) || !is_array($this->data)) |
| { |
| $this->cookie_data['k'] = ''; |
| $this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS; |
| |
| if (!$bot) |
| { |
| $sql = 'SELECT * |
| FROM ' . USERS_TABLE . ' |
| WHERE user_id = ' . (int) $this->cookie_data['u']; |
| } |
| else |
| { |
| |
| $sql = 'SELECT u.*, s.* |
| FROM ' . USERS_TABLE . ' u |
| LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) |
| WHERE u.user_id = ' . (int) $bot; |
| } |
| |
| $result = $db->sql_query($sql); |
| $this->data = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| } |
| |
| if ($this->data['user_id'] != ANONYMOUS && !$bot) |
| { |
| $this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time()); |
| } |
| else |
| { |
| $this->data['session_last_visit'] = $this->time_now; |
| } |
| |
| |
| $this->data['user_id'] = (int) $this->data['user_id']; |
| |
| |
| |
| |
| |
| |
| if ($this->data['user_type'] != USER_FOUNDER) |
| { |
| if (!$config['forwarded_for_check']) |
| { |
| $this->check_ban($this->data['user_id'], $this->ip); |
| } |
| else |
| { |
| $ips = explode(', ', $this->forwarded_for); |
| $ips[] = $this->ip; |
| $this->check_ban($this->data['user_id'], $ips); |
| } |
| } |
| |
| $this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; |
| $this->data['is_bot'] = ($bot) ? true : false; |
| |
| |
| if ($this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id']) |
| { |
| |
| if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false) |
| { |
| $s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']); |
| $u_ip = short_ipv6($this->ip, $config['ip_check']); |
| } |
| else |
| { |
| $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check'])); |
| $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); |
| } |
| |
| $s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : ''; |
| $u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : ''; |
| |
| $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; |
| $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; |
| |
| if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for) |
| { |
| $this->session_id = $this->data['session_id']; |
| |
| |
| if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) |
| { |
| $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now; |
| |
| $sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0); |
| |
| if ($this->update_session_page) |
| { |
| $sql_ary['session_page'] = substr($this->page['page'], 0, 199); |
| $sql_ary['session_forum_id'] = $this->page['forum']; |
| } |
| |
| $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " |
| WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; |
| $db->sql_query($sql); |
| |
| |
| $sql = 'UPDATE ' . USERS_TABLE . ' |
| SET user_lastvisit = ' . (int) $this->data['session_time'] . ' |
| WHERE user_id = ' . (int) $this->data['user_id']; |
| $db->sql_query($sql); |
| } |
| |
| $SID = '?sid='; |
| $_SID = ''; |
| return true; |
| } |
| else |
| { |
| |
| $db->sql_query('DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $this->data['user_id']); |
| } |
| } |
| |
| $session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true : false; |
| $set_admin = ($set_admin && $this->data['is_registered']) ? true : false; |
| |
| |
| $sql_ary = array( |
| 'session_user_id' => (int) $this->data['user_id'], |
| 'session_start' => (int) $this->time_now, |
| 'session_last_visit' => (int) $this->data['session_last_visit'], |
| 'session_time' => (int) $this->time_now, |
| 'session_browser' => (string) trim(substr($this->browser, 0, 149)), |
| 'session_forwarded_for' => (string) $this->forwarded_for, |
| 'session_ip' => (string) $this->ip, |
| 'session_autologin' => ($session_autologin) ? 1 : 0, |
| 'session_admin' => ($set_admin) ? 1 : 0, |
| 'session_viewonline' => ($viewonline) ? 1 : 0, |
| ); |
| |
| if ($this->update_session_page) |
| { |
| $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); |
| $sql_ary['session_forum_id'] = $this->page['forum']; |
| } |
| |
| $db->sql_return_on_error(true); |
| |
| $sql = 'DELETE |
| FROM ' . SESSIONS_TABLE . ' |
| WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\' |
| AND session_user_id = ' . ANONYMOUS; |
| |
| if (!defined('IN_ERROR_HANDLER') && (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows())) |
| { |
| |
| if (empty($this->data['session_time']) && $config['active_sessions']) |
| { |
| |
| |
| $sql = 'SELECT COUNT(session_id) AS sessions |
| FROM ' . SESSIONS_TABLE . ' |
| WHERE session_time >= ' . ($this->time_now - 60); |
| $result = $db->sql_query($sql); |
| $row = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| |
| if ((int) $row['sessions'] > (int) $config['active_sessions']) |
| { |
| header('HTTP/1.1 503 Service Unavailable'); |
| trigger_error('BOARD_UNAVAILABLE'); |
| } |
| } |
| } |
| |
| |
| |
| |
| |
| $this->session_id = $this->data['session_id'] = md5(unique_id()); |
| |
| $sql_ary['session_id'] = (string) $this->session_id; |
| $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); |
| $sql_ary['session_forum_id'] = $this->page['forum']; |
| |
| $sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); |
| $db->sql_query($sql); |
| |
| $db->sql_return_on_error(false); |
| |
| |
| if ($session_autologin) |
| { |
| $this->set_login_key(); |
| } |
| |
| |
| $SID = '?sid=' . $this->session_id; |
| $_SID = $this->session_id; |
| $this->data = array_merge($this->data, $sql_ary); |
| |
| if (!$bot) |
| { |
| $cookie_expire = $this->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000); |
| |
| $this->set_cookie('u', $this->cookie_data['u'], $cookie_expire); |
| $this->set_cookie('k', $this->cookie_data['k'], $cookie_expire); |
| $this->set_cookie('sid', $this->session_id, $cookie_expire); |
| |
| unset($cookie_expire); |
| |
| $sql = 'SELECT COUNT(session_id) AS sessions |
| FROM ' . SESSIONS_TABLE . ' |
| WHERE session_user_id = ' . (int) $this->data['user_id'] . ' |
| AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime']))); |
| $result = $db->sql_query($sql); |
| $row = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| |
| if ((int) $row['sessions'] <= 1 || empty($this->data['user_form_salt'])) |
| { |
| $this->data['user_form_salt'] = unique_id(); |
| |
| $sql = 'UPDATE ' . USERS_TABLE . ' |
| SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\' |
| WHERE user_id = ' . (int) $this->data['user_id']; |
| $db->sql_query($sql); |
| } |
| } |
| else |
| { |
| $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now; |
| |
| |
| $sql = 'UPDATE ' . USERS_TABLE . ' |
| SET user_lastvisit = ' . (int) $this->data['session_time'] . ' |
| WHERE user_id = ' . (int) $this->data['user_id']; |
| $db->sql_query($sql); |
| |
| $SID = '?sid='; |
| $_SID = ''; |
| } |
| |
| return true; |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function session_kill($new_session = true) |
| { |
| global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx; |
| |
| $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
| WHERE session_id = '" . $db->sql_escape($this->session_id) . "' |
| AND session_user_id = " . (int) $this->data['user_id']; |
| $db->sql_query($sql); |
| |
| |
| $method = basename(trim($config['auth_method'])); |
| include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); |
| |
| $method = 'logout_' . $method; |
| if (function_exists($method)) |
| { |
| $method($this->data, $new_session); |
| } |
| |
| if ($this->data['user_id'] != ANONYMOUS) |
| { |
| |
| if (!isset($this->data['session_time'])) |
| { |
| $this->data['session_time'] = time(); |
| } |
| |
| $sql = 'UPDATE ' . USERS_TABLE . ' |
| SET user_lastvisit = ' . (int) $this->data['session_time'] . ' |
| WHERE user_id = ' . (int) $this->data['user_id']; |
| $db->sql_query($sql); |
| |
| if ($this->cookie_data['k']) |
| { |
| $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' |
| WHERE user_id = ' . (int) $this->data['user_id'] . " |
| AND key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; |
| $db->sql_query($sql); |
| } |
| |
| |
| $this->data = array(); |
| |
| $sql = 'SELECT * |
| FROM ' . USERS_TABLE . ' |
| WHERE user_id = ' . ANONYMOUS; |
| $result = $db->sql_query($sql); |
| $this->data = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| } |
| |
| $cookie_expire = $this->time_now - 31536000; |
| $this->set_cookie('u', '', $cookie_expire); |
| $this->set_cookie('k', '', $cookie_expire); |
| $this->set_cookie('sid', '', $cookie_expire); |
| unset($cookie_expire); |
| |
| $SID = '?sid='; |
| $this->session_id = $_SID = ''; |
| |
| |
| if ($new_session) |
| { |
| $this->session_create(ANONYMOUS); |
| } |
| |
| return true; |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function session_gc() |
| { |
| global $db, $config; |
| |
| $batch_size = 10; |
| |
| if (!$this->time_now) |
| { |
| $this->time_now = time(); |
| } |
| |
| |
| $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' |
| WHERE session_user_id = ' . ANONYMOUS . ' |
| AND session_time < ' . (int) ($this->time_now - $config['session_length']); |
| $db->sql_query($sql); |
| |
| |
| $sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time |
| FROM ' . SESSIONS_TABLE . ' |
| WHERE session_time < ' . ($this->time_now - $config['session_length']) . ' |
| GROUP BY session_user_id, session_page'; |
| $result = $db->sql_query_limit($sql, $batch_size); |
| |
| $del_user_id = array(); |
| $del_sessions = 0; |
| |
| while ($row = $db->sql_fetchrow($result)) |
| { |
| $sql = 'UPDATE ' . USERS_TABLE . ' |
| SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' |
| WHERE user_id = " . (int) $row['session_user_id']; |
| $db->sql_query($sql); |
| |
| $del_user_id[] = (int) $row['session_user_id']; |
| $del_sessions++; |
| } |
| $db->sql_freeresult($result); |
| |
| if (sizeof($del_user_id)) |
| { |
| |
| $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' |
| WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . ' |
| AND session_time < ' . ($this->time_now - $config['session_length']); |
| $db->sql_query($sql); |
| } |
| |
| if ($del_sessions < $batch_size) |
| { |
| |
| |
| set_config('session_last_gc', $this->time_now, true); |
| |
| if ($config['max_autologin_time']) |
| { |
| $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' |
| WHERE last_login < ' . (time() - (86400 * (int) $config['max_autologin_time'])); |
| $db->sql_query($sql); |
| } |
| $this->confirm_gc(); |
| } |
| |
| return; |
| } |
| |
| function confirm_gc($type = 0) |
| { |
| global $db, $config; |
| |
| $sql = 'SELECT DISTINCT c.session_id |
| FROM ' . CONFIRM_TABLE . ' c |
| LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id) |
| WHERE s.session_id IS NULL' . |
| ((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type); |
| $result = $db->sql_query($sql); |
| |
| if ($row = $db->sql_fetchrow($result)) |
| { |
| $sql_in = array(); |
| do |
| { |
| $sql_in[] = (string) $row['session_id']; |
| } |
| while ($row = $db->sql_fetchrow($result)); |
| |
| if (sizeof($sql_in)) |
| { |
| $sql = 'DELETE FROM ' . CONFIRM_TABLE . ' |
| WHERE ' . $db->sql_in_set('session_id', $sql_in); |
| $db->sql_query($sql); |
| } |
| } |
| $db->sql_freeresult($result); |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function set_cookie($name, $cookiedata, $cookietime) |
| { |
| global $config; |
| |
| $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); |
| $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); |
| $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']; |
| |
| header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false); |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false) |
| { |
| global $config, $db; |
| |
| if (defined('IN_CHECK_BAN')) |
| { |
| return; |
| } |
| |
| $banned = false; |
| $cache_ttl = 3600; |
| $where_sql = array(); |
| |
| $sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end |
| FROM ' . BANLIST_TABLE . ' |
| WHERE '; |
| |
| |
| if ($user_email === false) |
| { |
| $where_sql[] = "ban_email = ''"; |
| } |
| |
| if ($user_ips === false) |
| { |
| $where_sql[] = "(ban_ip = '' OR ban_exclude = 1)"; |
| } |
| |
| if ($user_id === false) |
| { |
| $where_sql[] = '(ban_userid = 0 OR ban_exclude = 1)'; |
| } |
| else |
| { |
| $cache_ttl = ($user_id == ANONYMOUS) ? 3600 : 0; |
| $_sql = '(ban_userid = ' . $user_id; |
| |
| if ($user_email !== false) |
| { |
| $_sql .= " OR ban_email <> ''"; |
| } |
| |
| if ($user_ips !== false) |
| { |
| $_sql .= " OR ban_ip <> ''"; |
| } |
| |
| $_sql .= ')'; |
| |
| $where_sql[] = $_sql; |
| } |
| |
| $sql .= (sizeof($where_sql)) ? implode(' AND ', $where_sql) : ''; |
| $result = $db->sql_query($sql, $cache_ttl); |
| |
| $ban_triggered_by = 'user'; |
| while ($row = $db->sql_fetchrow($result)) |
| { |
| if ($row['ban_end'] && $row['ban_end'] < time()) |
| { |
| continue; |
| } |
| |
| $ip_banned = false; |
| if (!empty($row['ban_ip'])) |
| { |
| if (!is_array($user_ips)) |
| { |
| $ip_banned = preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ips); |
| } |
| else |
| { |
| foreach ($user_ips as $user_ip) |
| { |
| if (preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ip)) |
| { |
| $ip_banned = true; |
| break; |
| } |
| } |
| } |
| } |
| |
| if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) || |
| $ip_banned || |
| (!empty($row['ban_email']) && preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_email'], '#')) . '$#i', $user_email))) |
| { |
| if (!empty($row['ban_exclude'])) |
| { |
| $banned = false; |
| break; |
| } |
| else |
| { |
| $banned = true; |
| $ban_row = $row; |
| |
| if (!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) |
| { |
| $ban_triggered_by = 'user'; |
| } |
| else if ($ip_banned) |
| { |
| $ban_triggered_by = 'ip'; |
| } |
| else |
| { |
| $ban_triggered_by = 'email'; |
| } |
| |
| |
| } |
| } |
| } |
| $db->sql_freeresult($result); |
| |
| if ($banned && !$return) |
| { |
| global $template; |
| |
| |
| if (empty($this->session_id)) |
| { |
| |
| |
| } |
| |
| |
| $this->setup(); |
| |
| |
| if ($this->data['user_id'] != ANONYMOUS) |
| { |
| $this->session_kill(); |
| } |
| |
| |
| if (defined('IN_LOGIN') && $this->data['user_id'] == ANONYMOUS) |
| { |
| global $phpEx; |
| |
| $this->setup('ucp'); |
| $this->data['is_registered'] = $this->data['is_bot'] = false; |
| |
| |
| define('IN_CHECK_BAN', 1); |
| |
| login_box("index.$phpEx"); |
| |
| |
| $this->session_kill(false); |
| } |
| |
| |
| |
| if (empty($this->session_id) && defined('IN_CHECK_BAN')) |
| { |
| $this->session_create(ANONYMOUS); |
| } |
| |
| |
| |
| $till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : ''; |
| $message = ($ban_row['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; |
| |
| $message = sprintf($this->lang[$message], $till_date, '<a href="mailto:' . $config['board_contact'] . '">', '</a>'); |
| $message .= ($ban_row['ban_give_reason']) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : ''; |
| $message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>'; |
| |
| |
| $this->session_kill(false); |
| |
| |
| if (defined('IN_CRON')) |
| { |
| garbage_collection(); |
| exit_handler(); |
| exit; |
| } |
| |
| trigger_error($message); |
| } |
| |
| return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function check_dnsbl($mode, $ip = false) |
| { |
| if ($ip === false) |
| { |
| $ip = $this->ip; |
| } |
| |
| $dnsbl_check = array( |
| 'sbl-xbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=', |
| ); |
| |
| if ($mode == 'register') |
| { |
| $dnsbl_check['bl.spamcop.net'] = 'http://spamcop.net/bl.shtml?'; |
| } |
| |
| if ($ip) |
| { |
| $quads = explode('.', $ip); |
| $reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0]; |
| |
| |
| $listed = true; |
| $info = array(); |
| |
| foreach ($dnsbl_check as $dnsbl => $lookup) |
| { |
| if (phpbb_checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true) |
| { |
| $info = array($dnsbl, $lookup . $ip); |
| } |
| else |
| { |
| $listed = false; |
| } |
| } |
| |
| if ($listed) |
| { |
| return $info; |
| } |
| } |
| |
| return false; |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function set_login_key($user_id = false, $key = false, $user_ip = false) |
| { |
| global $config, $db; |
| |
| $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; |
| $user_ip = ($user_ip === false) ? $this->ip : $user_ip; |
| $key = ($key === false) ? (($this->cookie_data['k']) ? $this->cookie_data['k'] : false) : $key; |
| |
| $key_id = unique_id(hexdec(substr($this->session_id, 0, 8))); |
| |
| $sql_ary = array( |
| 'key_id' => (string) md5($key_id), |
| 'last_ip' => (string) $this->ip, |
| 'last_login' => (int) time() |
| ); |
| |
| if (!$key) |
| { |
| $sql_ary += array( |
| 'user_id' => (int) $user_id |
| ); |
| } |
| |
| if ($key) |
| { |
| $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . ' |
| SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' |
| WHERE user_id = ' . (int) $user_id . " |
| AND key_id = '" . $db->sql_escape(md5($key)) . "'"; |
| } |
| else |
| { |
| $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); |
| } |
| $db->sql_query($sql); |
| |
| $this->cookie_data['k'] = $key_id; |
| |
| return false; |
| } |
| |
| |
| |
| |
| |
| |
| |
| function reset_login_keys($user_id = false) |
| { |
| global $config, $db; |
| |
| $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; |
| |
| $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' |
| WHERE user_id = ' . (int) $user_id; |
| $db->sql_query($sql); |
| |
| |
| |
| $sql_where = 'session_user_id = ' . (int) $user_id; |
| $sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; |
| |
| $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
| WHERE $sql_where"; |
| $db->sql_query($sql); |
| |
| |
| |
| if ($user_id === $this->data['user_id'] && $this->cookie_data['k']) |
| { |
| $this->set_login_key($user_id); |
| } |
| } |
| |
| |
| |
| |
| |
| |
| function validate_referer($check_script_path = false) |
| { |
| |
| if (empty($this->referer) || empty($this->host)) |
| { |
| return true; |
| } |
| |
| $host = htmlspecialchars($this->host); |
| $ref = substr($this->referer, strpos($this->referer, '://') + 3); |
| |
| if (!(stripos($ref, $host) === 0)) |
| { |
| return false; |
| } |
| else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '') |
| { |
| $ref = substr($ref, strlen($host)); |
| $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); |
| |
| if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) |
| { |
| $ref = substr($ref, strlen(":$server_port")); |
| } |
| |
| if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) |
| { |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| |
| function unset_admin() |
| { |
| global $db; |
| $sql = 'UPDATE ' . SESSIONS_TABLE . ' |
| SET session_admin = 0 |
| WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\''; |
| $db->sql_query($sql); |
| } |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| class user extends session |
| { |
| var $lang = array(); |
| var $help = array(); |
| var $theme = array(); |
| var $date_format; |
| var $timezone; |
| var $dst; |
| |
| var $lang_name = false; |
| var $lang_id = false; |
| var $lang_path; |
| var $img_lang; |
| var $img_array = array(); |
| |
| |
| var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10); |
| var $keyvalues = array(); |
| |
| |
| |
| |
| function user() |
| { |
| global $phpbb_root_path; |
| |
| $this->lang_path = $phpbb_root_path . 'language/'; |
| } |
| |
| |
| |
| |
| |
| |
| |
| function set_custom_lang_path($lang_path) |
| { |
| $this->lang_path = $lang_path; |
| |
| if (substr($this->lang_path, -1) != '/') |
| { |
| $this->lang_path .= '/'; |
| } |
| } |
| |
| |
| |
| |
| function setup($lang_set = false, $style = false) |
| { |
| global $db, $template, $config, $auth, $phpEx, $phpbb_root_path, $cache; |
| |
| if ($this->data['user_id'] != ANONYMOUS) |
| { |
| $this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); |
| |
| $this->date_format = $this->data['user_dateformat']; |
| $this->timezone = $this->data['user_timezone'] * 3600; |
| $this->dst = $this->data['user_dst'] * 3600; |
| } |
| else |
| { |
| $this->lang_name = basename($config['default_lang']); |
| $this->date_format = $config['default_dateformat']; |
| $this->timezone = $config['board_timezone'] * 3600; |
| $this->dst = $config['board_dst'] * 3600; |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| } |
| |
| |
| $lang = &$this->lang; |
| |
| if ((@include $this->lang_path . $this->lang_name . "/common.$phpEx") === false) |
| { |
| die('Language file ' . $this->lang_path . $this->lang_name . "/common.$phpEx" . " couldn't be opened."); |
| } |
| |
| $this->add_lang($lang_set); |
| unset($lang_set); |
| |
| if (!empty($_GET['style']) && $auth->acl_get('a_styles')) |
| { |
| global $SID, $_EXTRA_URL; |
| |
| $style = request_var('style', 0); |
| $SID .= '&style=' . $style; |
| $_EXTRA_URL = array('style=' . $style); |
| } |
| else |
| { |
| |
| $style = ($style) ? $style : ((!$config['override_user_style']) ? $this->data['user_style'] : $config['default_style']); |
| } |
| |
| $sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, t.template_inherits_id, t.template_inherit_path, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name |
| FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i |
| WHERE s.style_id = $style |
| AND t.template_id = s.template_id |
| AND c.theme_id = s.theme_id |
| AND i.imageset_id = s.imageset_id"; |
| $result = $db->sql_query($sql, 3600); |
| $this->theme = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| |
| |
| if (!$this->theme && $style == $this->data['user_style']) |
| { |
| $style = $this->data['user_style'] = $config['default_style']; |
| |
| $sql = 'UPDATE ' . USERS_TABLE . " |
| SET user_style = $style |
| WHERE user_id = {$this->data['user_id']}"; |
| $db->sql_query($sql); |
| |
| $sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name |
| FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i |
| WHERE s.style_id = $style |
| AND t.template_id = s.template_id |
| AND c.theme_id = s.theme_id |
| AND i.imageset_id = s.imageset_id"; |
| $result = $db->sql_query($sql, 3600); |
| $this->theme = $db->sql_fetchrow($result); |
| $db->sql_freeresult($result); |
| } |
| |
| if (!$this->theme) |
| { |
| trigger_error('Could not get style data', E_USER_ERROR); |
| } |
| |
| |
| $parsed_items = $cache->obtain_cfg_items($this->theme); |
| |
| |
| $parsed_items = $parsed_items['theme']; |
| |
| $check_for = array( |
| 'parse_css_file' => (int) 0, |
| 'pagination_sep' => (string) ', ' |
| ); |
| |
| foreach ($check_for as $key => $default_value) |
| { |
| $this->theme[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value; |
| settype($this->theme[$key], gettype($default_value)); |
| |
| if (is_string($default_value)) |
| { |
| $this->theme[$key] = htmlspecialchars($this->theme[$key]); |
| } |
| } |
| |
| |
| |
| |
| if (!$this->theme['theme_storedb'] && $this->theme['parse_css_file']) |
| { |
| $this->theme['theme_storedb'] = 1; |
| |
| $stylesheet = file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/stylesheet.css"); |
| |
| $matches = array(); |
| preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches); |
| |
| if (sizeof($matches)) |
| { |
| $content = ''; |
| foreach ($matches[0] as $idx => $match) |
| { |
| if ($content = @file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/" . $matches[1][$idx])) |
| { |
| $content = trim($content); |
| } |
| else |
| { |
| $content = ''; |
| } |
| $stylesheet = str_replace($match, $content, $stylesheet); |
| } |
| unset($content); |
| } |
| |
| $stylesheet = str_replace('./', 'styles/' . $this->theme['theme_path'] . '/theme/', $stylesheet); |
| |
| $sql_ary = array( |
| 'theme_data' => $stylesheet, |
| 'theme_mtime' => time(), |
| 'theme_storedb' => 1 |
| ); |
| |
| $sql = 'UPDATE ' . STYLES_THEME_TABLE . ' |
| SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' |
| WHERE theme_id = ' . $this->theme['theme_id']; |
| $db->sql_query($sql); |
| |
| unset($sql_ary); |
| } |
| |
| $template->set_template(); |
| |
| $this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang']; |
| |
| $sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width |
| FROM ' . STYLES_IMAGESET_DATA_TABLE . ' |
| WHERE imageset_id = ' . $this->theme['imageset_id'] . " |
| AND image_filename <> '' |
| AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')"; |
| $result = $db->sql_query($sql, 3600); |
| |
| $localised_images = false; |
| while ($row = $db->sql_fetchrow($result)) |
| { |
| if ($row['image_lang']) |
| { |
| $localised_images = true; |
| } |
| |
| $row['image_filename'] = rawurlencode($row['image_filename']); |
| $this->img_array[$row['image_name']] = $row; |
| } |
| $db->sql_freeresult($result); |
| |
| |
| if (!$localised_images) |
| { |
| |
| |
| $sql_ary = array(); |
| |
| $db->sql_transaction('begin'); |
| |
| $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . ' |
| WHERE imageset_id = ' . $this->theme['imageset_id'] . ' |
| AND image_lang = \'' . $db->sql_escape($this->img_lang) . '\''; |
| $result = $db->sql_query($sql); |
| |
| if (@file_exists("{$phpbb_root_path}styles/{$this->theme['imageset_path']}/imageset/{$this->img_lang}/imageset.cfg")) |
| { |
| $cfg_data_imageset_data = parse_cfg_file("{$phpbb_root_path}styles/{$this->theme['imageset_path']}/imageset/{$this->img_lang}/imageset.cfg"); |
| foreach ($cfg_data_imageset_data as $image_name => $value) |
| { |
| if (strpos($value, '*') !== false) |
| { |
| if (substr($value, -1, 1) === '*') |
| { |
| list($image_filename, $image_height) = explode('*', $value); |
| $image_width = 0; |
| } |
| else |
| { |
| list($image_filename, $image_height, $image_width) = explode('*', $value); |
| } |
| } |
| else |
| { |
| $image_filename = $value; |
| $image_height = $image_width = 0; |
| } |
| |
| if (strpos($image_name, 'img_') === 0 && $image_filename) |
| { |
| $image_name = substr($image_name, 4); |
| $sql_ary[] = array( |
| 'image_name' => (string) $image_name, |
| 'image_filename' => (string) $image_filename, |
| 'image_height' => (int) $image_height, |
| 'image_width' => (int) $image_width, |
| 'imageset_id' => (int) $this->theme['imageset_id'], |
| 'image_lang' => (string) $this->img_lang, |
| ); |
| } |
| } |
| } |
| |
| if (sizeof($sql_ary)) |
| { |
| $db->sql_multi_insert(STYLES_IMAGESET_DATA_TABLE, $sql_ary); |
| $db->sql_transaction('commit'); |
| $cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE); |
| |
| add_log('admin', 'LOG_IMAGESET_LANG_REFRESHED', $this->theme['imageset_name'], $this->img_lang); |
| } |
| else |
| { |
| $db->sql_transaction('commit'); |
| add_log('admin', 'LOG_IMAGESET_LANG_MISSING', $this->theme['imageset_name'], $this->img_lang); |
| } |
| } |
| |
| |
| |
| phpbb_user_session_handler(); |
| |
| |
| if (defined('IN_ERROR_HANDLER')) |
| { |
| return; |
| } |
| |
| |
| |
| if (!defined('DEBUG_EXTRA') && !defined('ADMIN_START') && !defined('IN_INSTALL') && !defined('IN_LOGIN') && file_exists($phpbb_root_path . 'install')) |
| { |
| |
| if ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) |
| { |
| $message = 'REMOVE_INSTALL'; |
| } |
| else |
| { |
| $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; |
| } |
| trigger_error($message); |
| } |
| |
| |
| if ($config['board_disable'] && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) |
| { |
| header('HTTP/1.1 503 Service Unavailable'); |
| |
| $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; |
| trigger_error($message); |
| } |
| |
| |
| if ($config['limit_load'] && $this->load !== false) |
| { |
| if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN')) |
| { |
| |
| $config['board_disable'] = '1'; |
| |
| if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) |
| { |
| header('HTTP/1.1 503 Service Unavailable'); |
| trigger_error('BOARD_UNAVAILABLE'); |
| } |
| } |
| } |
| |
| if (isset($this->data['session_viewonline'])) |
| { |
| |
| if (!$this->data['session_viewonline']) |
| { |
| |
| if (!$auth->acl_get('u_hideonline')) |
| { |
| $sql = 'UPDATE ' . SESSIONS_TABLE . ' |
| SET session_viewonline = 1 |
| WHERE session_user_id = ' . $this->data['user_id']; |
| $db->sql_query($sql); |
| $this->data['session_viewonline'] = 1; |
| } |
| } |
| else if (!$this->data['user_allow_viewonline']) |
| { |
| |
| if ($auth->acl_get('u_hideonline')) |
| { |
| $sql = 'UPDATE ' . SESSIONS_TABLE . ' |
| SET session_viewonline = 0 |
| WHERE session_user_id = ' . $this->data['user_id']; |
| $db->sql_query($sql); |
| $this->data['session_viewonline'] = 0; |
| } |
| } |
| } |
| |
| |
| |
| |
| if (!defined('IN_ADMIN') && !defined('ADMIN_START') && $config['chg_passforce'] && $this->data['is_registered'] && $auth->acl_get('u_chgpasswd') && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) |
| { |
| if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx") |
| { |
| redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&mode=reg_details')); |
| } |
| } |
| |
| return; |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function lang() |
| { |
| $args = func_get_args(); |
| $key = $args[0]; |
| |
| if (is_array($key)) |
| { |
| $lang = &$this->lang[array_shift($key)]; |
| |
| foreach ($key as $_key) |
| { |
| $lang = &$lang[$_key]; |
| } |
| } |
| else |
| { |
| $lang = &$this->lang[$key]; |
| } |
| |
| |
| if (!isset($lang) || (!is_string($lang) && !is_array($lang))) |
| { |
| return $key; |
| } |
| |
| |
| if (is_string($lang)) |
| { |
| if (sizeof($args) == 1) |
| { |
| return $lang; |
| } |
| |
| |
| $args[0] = $lang; |
| return call_user_func_array('sprintf', $args); |
| } |
| |
| |
| $key_found = false; |
| |
| |
| for ($i = 1, $num_args = sizeof($args); $i < $num_args; $i++) |
| { |
| if (is_int($args[$i])) |
| { |
| $numbers = array_keys($lang); |
| |
| foreach ($numbers as $num) |
| { |
| if ($num > $args[$i]) |
| { |
| break; |
| } |
| |
| $key_found = $num; |
| } |
| } |
| } |
| |
| |
| if ($key_found === false) |
| { |
| $numbers = array_keys($lang); |
| $key_found = end($numbers); |
| } |
| |
| |
| $args[0] = $lang[$key_found]; |
| return call_user_func_array('sprintf', $args); |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function add_lang($lang_set, $use_db = false, $use_help = false) |
| { |
| global $phpEx; |
| |
| if (is_array($lang_set)) |
| { |
| foreach ($lang_set as $key => $lang_file) |
| { |
| |
| |
| $key = (string) $key; |
| |
| if ($key == 'db') |
| { |
| $this->add_lang($lang_file, true, $use_help); |
| } |
| else if ($key == 'help') |
| { |
| $this->add_lang($lang_file, $use_db, true); |
| } |
| else if (!is_array($lang_file)) |
| { |
| $this->set_lang($this->lang, $this->help, $lang_file, $use_db, $use_help); |
| } |
| else |
| { |
| $this->add_lang($lang_file, $use_db, $use_help); |
| } |
| } |
| unset($lang_set); |
| } |
| else if ($lang_set) |
| { |
| $this->set_lang($this->lang, $this->help, $lang_set, $use_db, $use_help); |
| } |
| } |
| |
| |
| |
| |
| |
| function set_lang(&$lang, &$help, $lang_file, $use_db = false, $use_help = false) |
| { |
| global $phpEx; |
| |
| |
| if (!$this->lang_name) |
| { |
| global $config; |
| $this->lang_name = basename($config['default_lang']); |
| } |
| |
| |
| |
| |
| if (!$use_db) |
| { |
| if ($use_help && strpos($lang_file, '/') !== false) |
| { |
| $language_filename = $this->lang_path . $this->lang_name . '/' . substr($lang_file, 0, stripos($lang_file, '/') + 1) . 'help_' . substr($lang_file, stripos($lang_file, '/') + 1) . '.' . $phpEx; |
| } |
| else |
| { |
| $language_filename = $this->lang_path . $this->lang_name . '/' . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; |
| } |
| |
| if ((@include $language_filename) === false) |
| { |
| trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR); |
| } |
| } |
| else if ($use_db) |
| { |
| |
| |
| |
| } |
| } |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| function format_date($gmepoch, $format = false, $forcedate = false) |
| { |
| static $midnight; |
| static $date_cache; |
| |
| $format = (!$format) ? $this->date_format : $format; |
| $now = time(); |
| $delta = $now - $gmepoch; |
| |
| if (!isset($date_cache[$format])) |
| { |
| |
| $date_cache[$format] = array( |
| 'is_short' => strpos($format, '|'), |
| 'zone_offset' => $this->timezone + $this->dst, |
| 'format_short' => substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1), |
| 'format_long' => str_replace('|', '', $format), |
| 'lang' => $this->lang['datetime'], |
| ); |
| |
| |
| if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false)) |
| { |
| $date_cache[$format]['lang']['May'] = $this->lang['datetime']['May_short']; |
| } |
| } |
| |
| |
| |
| if ($delta <= 3600 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) |
| { |
| return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60))); |
| } |
| |
| if (!$midnight) |
| { |
| list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $date_cache[$format]['zone_offset'])); |
| $midnight = gmmktime(0, 0, 0, $m, $d, $y) - $date_cache[$format]['zone_offset']; |
| } |
| |
| if ($date_cache[$format]['is_short'] !== false && !$forcedate) |
| { |
| $day = false; |
| |
| if ($gmepoch > $midnight + 86400) |
| { |
| $day = 'TOMORROW'; |
| } |
| else if ($gmepoch > $midnight) |
| { |
| $day = 'TODAY'; |
| } |
| else if ($gmepoch > $midnight - 86400) |
| { |
| $day = 'YESTERDAY'; |
| } |
| |
| if ($day !== false) |
| { |
| return str_replace('||', $this->lang['datetime'][$day], strtr(@gmdate($date_cache[$format]['format_short'], $gmepoch + $date_cache[$format]['zone_offset']), $date_cache[$format]['lang'])); |
| } |
| } |
| |
| return strtr(@gmdate($date_cache[$format]['format_long'], $gmepoch + $date_cache[$format]['zone_offset']), $date_cache[$format]['lang']); |
| } |
| |
| |
| |
| |
| function get_iso_lang_id() |
| { |
| global $config, $db; |
| |
| if (!empty($this->lang_id)) |
| { |
| return $this->lang_id; |
| } |
| |
| if (!$this->lang_name) |
| { |
| $this->lang_name = $config['default_lang']; |
| } |
| |
| $sql = 'SELECT lang_id |
| FROM ' . LANG_TABLE . " |
| WHERE lang_iso = '" . $db->sql_escape($this->lang_name) . "'"; |
| $result = $db->sql_query($sql); |
| $this->lang_id = (int) $db->sql_fetchfield('lang_id'); |
| $db->sql_freeresult($result); |
| |
| return $this->lang_id; |
| } |
| |
| |
| |
| |
| function get_profile_fields($user_id) |
| { |
| global $db; |
| |
| if (isset($this->profile_fields)) |
| { |
| return; |
| } |
| |
| $sql = 'SELECT * |
| FROM ' . PROFILE_FIELDS_DATA_TABLE . " |
| WHERE user_id = $user_id"; |
| $result = $db->sql_query_limit($sql, 1); |
| $this->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row; |
| $db->sql_freeresult($result); |
| } |
| |
| |
| |
| |
| |
| function img($img, $alt = '', $width = false, $suffix = '', $type = 'full_tag') |
| { |
| static $imgs; |
| global $phpbb_root_path; |
| |
| $img_data = &$imgs[$img]; |
| |
| if (empty($img_data)) |
| { |
| if (!isset($this->img_array[$img])) |
| { |
| |
| $img_data = ''; |
| return $img_data; |
| } |
| |
| $img_data['src'] = $phpbb_root_path . 'styles/' . $this->theme['imageset_path'] . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; |
| $img_data['width'] = $this->img_array[$img]['image_width']; |
| $img_data['height'] = $this->img_array[$img]['image_height']; |
| } |
| |
| $alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt; |
| |
| switch ($type) |
| { |
| case 'src': |
| return $img_data['src']; |
| break; |
| |
| case 'width': |
| return ($width === false) ? $img_data['width'] : $width; |
| break; |
| |
| case 'height': |
| return $img_data['height']; |
| break; |
| |
| default: |
| $use_width = ($width === false) ? $img_data['width'] : $width; |
| |
| return '<img src="' . $img_data['src'] . '"' . (($use_width) ? ' width="' . $use_width . '"' : '') . (($img_data['height']) ? ' height="' . $img_data['height'] . '"' : '') . ' alt="' . $alt . '" title="' . $alt . '" />'; |
| break; |
| } |
| } |
| |
| |
| |
| |
| function optionget($key, $data = false) |
| { |
| if (!isset($this->keyvalues[$key])) |
| { |
| $var = ($data) ? $data : $this->data['user_options']; |
| $this->keyvalues[$key] = ($var & 1 << $this->keyoptions[$key]) ? true : false; |
| } |
| |
| return $this->keyvalues[$key]; |
| } |
| |
| |
| |
| |
| function optionset($key, $value, $data = false) |
| { |
| $var = ($data) ? $data : $this->data['user_options']; |
| |
| if ($value && !($var & 1 << $this->keyoptions[$key])) |
| { |
| $var += 1 << $this->keyoptions[$key]; |
| } |
| else if (!$value && ($var & 1 << $this->keyoptions[$key])) |
| { |
| $var -= 1 << $this->keyoptions[$key]; |
| } |
| else |
| { |
| return ($data) ? $var : false; |
| } |
| |
| if (!$data) |
| { |
| $this->data['user_options'] = $var; |
| return true; |
| } |
| else |
| { |
| return $var; |
| } |
| } |
| } |
| |
| ?> |