public function online($sql, $block, $block_title, $unset_legend = false) { global $user; static $user_bots; if (!isset($user_bots)) { obtain_bots($bots); $bots = w(); foreach ($bots as $row) { $user_bots[$row['user_id']] = true; } } foreach (w('last_user_id users_visible users_hidden users_guests users_bots last_ip users_online') as $v) { ${$v} = 0; } _style($block, array( 'L_TITLE' => lang($block_title)) ); _style($block . '.members'); $is_founder = $user->is('founder'); $result = sql_rowset($sql); foreach ($result as $row) { if ($row['user_id'] != GUEST) { if ($row['user_id'] != $last_user_id) { $is_bot = isset($user_bots[$row['user_id']]); if (!$row['user_hideuser']) { $username = $row['username']; if ($is_bot) { $users_bots++; } else { $users_visible++; } } else { $username = '******' . $row['username']; $users_hidden++; } if (((!$row['user_hideuser'] || $is_founder) && !$is_bot) || ($is_bot && $is_founder)) { _style($block . '.members.item', array( 'USERNAME' => $username, 'PROFILE' => s_link('m', $row['username_base'])) ); } } $last_user_id = $row['user_id']; } else { if ($row['session_ip'] != $last_ip) { $users_guests++; } $last_ip = $row['session_ip']; } } $users_total = $users_visible + $users_hidden + $users_guests + $users_bots; if (!($users_visible + $users_hidden) || (!$users_visible && $users_hidden)) { _style($block . '.members.none'); } _style($block . '.legend'); $online_ary = array( 'MEMBERS_TOTAL' => $users_total, 'MEMBERS_VISIBLE' => $users_visible, 'MEMBERS_GUESTS' => $users_guests, 'MEMBERS_HIDDEN' => $users_hidden, 'MEMBERS_BOT' => $users_bots ); if ($unset_legend !== false) { unset($online_ary[$unset_legend]); } foreach ($online_ary as $lk => $vk) { if (!$vk && $lk != 'MEMBERS_TOTAL') { continue; } _style($block . '.legend.item', array( 'L_MEMBERS' => lang($lk . (($vk != 1) ? '2' : '')), 'ONLINE_VALUE' => $vk) ); } return; }
/** * Create a new session * * If upon trying to start a session we discover there is nothing existing we * jump here. Additionally this method is called directly during login to regenerate * the session for the specific user. In this method we carry out a number of tasks; * garbage collection, (search)bot checking, banned user comparison. Basically * though this method will result in a new session for a specific user. */ public function session_create($user_id = false, $set_admin = false, $update_page = true, $is_inactive = false) { global $config; $this->data = w(); if (strpos($this->page, 'signin')) { $this->page = ''; } // Garbage collection ... remove old sessions updating user information // if necessary. It means (potentially) 11 queries but only infrequently if ($this->time > $config['session_last_gc'] + $config['session_gc']) { $this->session_gc(); } /** * Here we do a bot check. We loop through the list of bots defined by * the admin and see if we have any useragent and/or IP matches. If we * do, this is a bot, act accordingly */ $bot = false; $active_bots = w(); obtain_bots($active_bots); foreach ($active_bots as $row) { if ($row['bot_agent'] && strpos(strtolower($this->browser), strtolower($row['bot_agent'])) !== false) { $bot = $row['user_id']; } // If ip is supplied, we will make sure the ip is matching too... if ($row['bot_ip'] && ($bot || !$row['bot_agent'])) { // Set bot to false, then we only have to set it to true if it is matching $bot = false; foreach (explode(',', $row['bot_ip']) as $bot_ip) { if (strpos($this->ip, $bot_ip) === 0) { $bot = (int) $row['user_id']; break; } } } if ($bot) { break; } } // If we've been passed a user_id we'll grab data based on that if ($user_id !== false) { $this->cookie_data['u'] = $user_id; $sql = 'SELECT * FROM _members WHERE user_id = ? AND user_type <> ?'; $this->data = sql_fieldrow(sql_filter($sql, $this->cookie_data['u'], USER_INACTIVE)); } // If no data was returned one or more of the following occured: // User does not exist // User is inactive // User is bot if (!sizeof($this->data) || !is_array($this->data)) { $this->cookie_data['u'] = ($bot) ? $bot : GUEST; $sql = 'SELECT * FROM _members WHERE user_id = ?'; $this->data = sql_fieldrow(sql_filter($sql, $this->cookie_data['u'])); } if ($this->data['user_id'] != 1) { $sql = 'SELECT session_time, session_id FROM _sessions WHERE session_user_id = ? ORDER BY session_time DESC LIMIT 1'; if ($sdata = sql_fieldrow(sql_filter($sql, $this->data['user_id']))) { $this->data = array_merge($sdata, $this->data); unset($sdata); $this->session_id = $this->data['session_id']; } $this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : $this->time); } else { $this->data['session_last_visit'] = $this->time; } // At this stage we should have a filled data array, defined cookie u and k data. // data array should contain recent session info if we're a real user and a recent // session exists in which case session_id will also be set // Is user banned? Are they excluded? Won't return on ban, exists within method // @todo Change to !$this->data['user_type'] & USER_FOUNDER && !$this->data['user_type'] & USER_BOT in time // Fix 1 day problem //if ($this->data['user_type'] != USER_FOUNDER) { //$this->check_ban(); //} // // Do away with ultimately? $this->data['is_member'] = (!$bot && $this->data['user_id'] != 1) ? true : false; $this->data['is_bot'] = ($bot) ? true : false; $this->data['is_founder'] = ($this->data['user_id'] != 1 && $this->data['user_type'] == USER_FOUNDER && !$this->data['is_bot']) ? true : false; // // // Create or update the session $sql_ary = array( 'session_user_id' => (int) $this->data['user_id'], 'session_start' => (int) $this->time, 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time, 'session_browser' => (string) $this->browser, 'session_ip' => (string) $this->ip, 'session_admin' => ($set_admin) ? 1 : 0 ); if ($update_page) { $sql_ary['session_page'] = (string) $this->page; $this->data['session_page'] = $sql_ary['session_page']; } $sql = 'UPDATE _sessions SET ?? WHERE session_id = ?'; sql_query(sql_filter($sql, sql_build('UPDATE', $sql_ary), $this->session_id)); if (!$this->session_id || !sql_affectedrows()) { $this->session_id = $this->data['session_id'] = md5(unique_id()); $sql_ary['session_id'] = (string) $this->session_id; sql_insert('sessions', $sql_ary); } if (!$bot) { $cookie_expire = $this->time + 31536000; $this->set_cookie('u', $this->cookie_data['u'], $cookie_expire); $this->set_cookie('sid', $this->session_id, 0); if ($this->data['is_member']) { $this->register_ip(); } unset($cookie_expire); } return true; }