// if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username'])) { message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__); } // // Did the user submit? In this case build a query to update the users profile in the DB // // Begin PNphpBB2 Module if (isset($_POST['changeprofile'])) { // Zikula change user info System::redirect(ModUtil::url(System::getVar('profilemodule', ''), 'user', 'modify')); } if (isset($_POST['refreshprofile'])) { $user_id = intval($_POST['user_id']); // ZphpBB2 => Main user synchronization if (ZphpBB2_Util::phpBBupdateAccountById($user_id)) { $message = $lang['Profile_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index") . '">', '</a>'); $template->assign_vars(array("META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("profile&mode=editprofile") . '">')); message_die(GENERAL_MESSAGE, $message); } // <= ZphpBB2 } if (isset($_POST['getpnavatar'])) { $user_id = intval($_POST['user_id']); // Get Zikula Avatar // ZphpBB2 => $userZkAttrib = UserUtil::getVar('__ATTRIBUTES__'); if ($userZkAttrib['avatar'] != "blank.gif") { $sql = "UPDATE " . USERS_TABLE . " SET user_avatar = '" . DataUtil::formatForStore($userZkAttrib['avatar']) . "', user_avatar_type = 3 WHERE user_id = " . $user_id; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $SID; $cookiename = $board_config['cookie_name']; $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; if (isset($_COOKIE[$cookiename . '_sid']) || isset($_COOKIE[$cookiename . '_data'])) { $session_id = isset($_COOKIE[$cookiename . '_sid']) ? $_COOKIE[$cookiename . '_sid'] : ''; $sessiondata = isset($_COOKIE[$cookiename . '_data']) ? unserialize(stripslashes($_COOKIE[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_METHOD_COOKIE; } else { $sessiondata = array(); $session_id = isset($_GET['sid']) ? $_GET['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } // if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { $session_id = ''; } $page_id = (int) $page_id; $last_visit = 0; $current_time = time(); // Begin PNphpBB2 Module /* // // Are auto-logins allowed? // If allow_autologin is not set or is true then they are // (same behaviour as old 2.0.x session code) // if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin']) { $enable_autologin = $sessiondata['autologinid'] = false; } // // First off attempt to join with the autologin value if we have one // If not, just use the user_id value // $userdata = array(); if ($user_id != ANONYMOUS) { if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id) { $sql = 'SELECT u.* FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k WHERE u.user_id = ' . (int) $user_id . " AND u.user_active = 1 AND k.user_id = u.user_id AND k.key_id = '" . md5($sessiondata['autologinid']) . "'"; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); $enable_autologin = $login = 1; } else if (!$auto_create) { $sessiondata['autologinid'] = ''; $sessiondata['userid'] = $user_id; $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id . ' AND user_active = 1'; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); $login = 1; } } // // At this point either $userdata should be populated or // one of the below is true // * Key didn't match one in the DB // * User does not exist // * User is inactive // if (!sizeof($userdata) || !is_array($userdata) || !$userdata) { $sessiondata['autologinid'] = ''; $sessiondata['userid'] = $user_id = ANONYMOUS; $enable_autologin = $login = 0; $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); } */ if (UserUtil::isLoggedIn()) { $user_id = UserUtil::getVar('uid'); // Does the user have admin rights? $admin = SecurityUtil::checkPermission('ZphpBB2::', '::', ACCESS_ADMIN) ? 1 : 0; // ZphpBB2 => Main user synchronization ZphpBB2_Util::phpBBupdateAccountById($user_id); // <= ZphpBB2 } else { $user_id = ANONYMOUS; // -1 } $sql = "SELECT * \n FROM " . USERS_TABLE . " \n WHERE user_id = {$user_id}"; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); if ($user_id != ANONYMOUS) { if ($auto_create) { if ($userdata['user_active']) { // We have to login automagically $login = 1; } else { // Autologin is not set. Don't login, set as anonymous user $login = 0; $user_id = $userdata['user_id'] = ANONYMOUS; $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; $result = $db->sql_query($sql); $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); } } else { $login = 1; } } else { $login = 0; } // End PNphpBB2 Module // // Initial ban check against user id, IP and email address // preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts); $sql = "SELECT ban_ip, ban_userid, ban_email \n FROM " . BANLIST_TABLE . " \n WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')\n OR ban_userid = {$user_id}"; if ($user_id != ANONYMOUS) { $sql .= " OR ban_email LIKE '" . str_replace("\\'", "''", $userdata['user_email']) . "' \n OR ban_email LIKE '" . substr(str_replace("\\'", "''", $userdata['user_email']), strpos(str_replace("\\'", "''", $userdata['user_email']), "@")) . "'"; } if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql); } if ($ban_info = $db->sql_fetchrow($result)) { if ($ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email']) { message_die(CRITICAL_MESSAGE, 'You_been_banned'); } } // // Create or update the session // // Begin PNphpBB2 Module // -- Remove session_admin // $sql = "UPDATE " . SESSIONS_TABLE . " // SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin // WHERE session_id = '" . $session_id . "' // AND session_ip = '$user_ip'"; $sql = "UPDATE " . SESSIONS_TABLE . "\n SET session_user_id = {$user_id}, session_start = {$current_time}, session_time = {$current_time}, session_page = {$page_id}, session_logged_in = {$login}\n WHERE session_id = '" . $session_id . "' \n AND session_ip = '{$user_ip}'"; // End PNphpBB2 Module if (!$db->sql_query($sql) || !$db->sql_affectedrows()) { $session_id = md5(dss_rand()); // Begin PNphpBB2 Module // -- Remove session_admin // $sql = "INSERT INTO " . SESSIONS_TABLE . " // (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) // VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; $sql = "INSERT INTO " . SESSIONS_TABLE . "\n (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)\n VALUES ('{$session_id}', {$user_id}, {$current_time}, {$current_time}, '{$user_ip}', {$page_id}, {$login})"; // End PNphpBB2 Module if (!$db->sql_query($sql)) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); } } if ($user_id != ANONYMOUS) { $last_visit = $userdata['user_session_time'] > 0 ? $userdata['user_session_time'] : $current_time; // Begin PNphpBB2 Module // if (!$admin) // { // End PNphpBB2 Module $sql = "UPDATE " . USERS_TABLE . " \n SET user_session_time = {$current_time}, user_session_page = {$page_id}, user_lastvisit = {$last_visit}\n WHERE user_id = {$user_id}"; if (!$db->sql_query($sql)) { message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); } // Begin PNphpBB2 Module // } // End PNphpBB2 Module $userdata['user_lastvisit'] = $last_visit; // Begin PNphpBB2 Module /* // // Regenerate the auto-login key // if ($enable_autologin) { $auto_login_key = dss_rand() . dss_rand(); if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') { $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time WHERE key_id = '" . md5($sessiondata['autologinid']) . "'"; } else { $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login) VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)"; } if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); } $sessiondata['autologinid'] = $auto_login_key; unset($auto_login_key); } else { $sessiondata['autologinid'] = ''; } // $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; */ // End PNphpBB2 Module $sessiondata['userid'] = $user_id; } $userdata['session_id'] = $session_id; $userdata['session_ip'] = $user_ip; $userdata['session_user_id'] = $user_id; $userdata['session_logged_in'] = $login; $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; // Begin PNphpBB2 Module // $userdata['session_admin'] = $admin; // $userdata['session_key'] = $sessiondata['autologinid']; // End PNphpBB2 Module setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); $SID = 'sid=' . $session_id; return $userdata; }