/**
* Returns the active virtual session object or null.
*
* @param string $sessionID
* @return \wcf\data\session\virtual\SessionVirtual
*/
public static function getExistingSession($sessionID)
{
$sql = "SELECT\t*\n\t\t\tFROM\t" . static::getDatabaseTableName() . "\n\t\t\tWHERE\tsessionID = ?\n\t\t\t\tAND ipAddress = ?\n\t\t\t\tAND userAgent = ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array($sessionID, UserUtil::getIpAddress(), UserUtil::getUserAgent()));
return $statement->fetchObject(__CLASS__);
}
/**
* @see \wcf\system\event\listener\IParameterizedEventListener::execute()
*/
public function execute($eventObj, $className, $eventName, array &$parameters)
{
if (WCF::getUser()->userID && WCF::getSession()->getPermission('admin.general.canUseAcp') && !defined(get_class($eventObj) . '::DO_NOT_LOG')) {
// try to find existing session log
$sql = "SELECT\tsessionLogID\n\t\t\t\tFROM\twcf" . WCF_N . "_acp_session_log\n\t\t\t\tWHERE\tsessionID = ?\n\t\t\t\t\tAND lastActivityTime >= ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array(WCF::getSession()->sessionID, TIME_NOW - SESSION_TIMEOUT));
$row = $statement->fetchArray();
if (!empty($row['sessionLogID'])) {
$sessionLogID = $row['sessionLogID'];
$sessionLogEditor = new ACPSessionLogEditor(new ACPSessionLog(null, array('sessionLogID' => $sessionLogID)));
$sessionLogEditor->update(array('lastActivityTime' => TIME_NOW));
} else {
// create new session log
$sessionLog = ACPSessionLogEditor::create(array('sessionID' => WCF::getSession()->sessionID, 'userID' => WCF::getUser()->userID, 'ipAddress' => UserUtil::getIpAddress(), 'hostname' => @gethostbyaddr(WCF::getSession()->ipAddress), 'userAgent' => WCF::getSession()->userAgent, 'time' => TIME_NOW, 'lastActivityTime' => TIME_NOW));
$sessionLogID = $sessionLog->sessionLogID;
}
// format request uri
$requestURI = WCF::getSession()->requestURI;
// remove directories
$URIComponents = explode('/', $requestURI);
$requestURI = array_pop($URIComponents);
// remove session url
$requestURI = preg_replace('/(?:\\?|&)s=[a-f0-9]{40}/', '', $requestURI);
// save access
ACPSessionAccessLogEditor::create(array('sessionLogID' => $sessionLogID, 'ipAddress' => UserUtil::getIpAddress(), 'time' => TIME_NOW, 'requestURI' => $requestURI, 'requestMethod' => WCF::getSession()->requestMethod, 'className' => get_class($eventObj)));
}
}
/**
* Attention: This method does not always return a new object, in case a matching virtual session
* already exists, the existing session will be returned rather than a new session being created.
*
* @see \wcf\data\AbstractDatabaseObjectAction::create()
*/
public function create()
{
// try to find an existing virtual session
$baseClass = call_user_func(array($this->className, 'getBaseClass'));
$virtualSession = call_user_func(array($baseClass, 'getExistingSession'), $this->parameters['data']['sessionID']);
if ($virtualSession !== null) {
return $virtualSession;
}
if (!isset($this->parameters['data']['lastActivityTime'])) {
$this->parameters['data']['lastActivityTime'] = TIME_NOW;
}
if (!isset($this->parameters['data']['ipAddress'])) {
$this->parameters['data']['ipAddress'] = UserUtil::getIpAddress();
}
if (!isset($this->parameters['data']['userAgent'])) {
$this->parameters['data']['userAgent'] = UserUtil::getUserAgent();
}
return parent::create();
}
/**
* Validates response.
*
* @param string $response
*/
public function validate($response)
{
// fail if response is empty to avoid sending api requests
if (empty($response)) {
throw new UserInputException('recaptchaString', 'false');
}
$request = new HTTPRequest('https://www.google.com/recaptcha/api/siteverify?secret=' . rawurlencode(RECAPTCHA_PRIVATEKEY) . '&response=' . rawurlencode($response) . '&remoteip=' . rawurlencode(UserUtil::getIpAddress()), array('timeout' => 10));
try {
$request->execute();
$reply = $request->getReply();
$data = JSON::decode($reply['body']);
if ($data['success']) {
// yeah
} else {
throw new UserInputException('recaptchaString', 'false');
}
} catch (SystemException $e) {
// log error, but accept captcha
$e->getExceptionID();
}
WCF::getSession()->register('recaptchaDone', true);
}
/**
* Queries server to verify successful response.
*
* @param string $challenge
* @param string $response
*/
protected function verify($challenge, $response)
{
$request = new HTTPRequest('http://www.google.com/recaptcha/api/verify', array('timeout' => 10), array('privatekey' => $this->privateKey, 'remoteip' => UserUtil::getIpAddress(), 'challenge' => $challenge, 'response' => $response));
try {
$request->execute();
$reply = $request->getReply();
$reCaptchaResponse = explode("\n", $reply['body']);
if (StringUtil::trim($reCaptchaResponse[0]) === "true") {
return self::VALID_ANSWER;
} else {
return StringUtil::trim($reCaptchaResponse[1]);
}
} catch (SystemException $e) {
return self::ERROR_NOT_REACHABLE;
}
}
/**
* Searches for existing session of a search spider.
*
* @param integer $spiderID
* @return \wcf\data\session\Session
*/
protected function getExistingSpiderSession($spiderID)
{
$sql = "SELECT\t*\n\t\t\tFROM\twcf" . WCF_N . "_session\n\t\t\tWHERE\tspiderID = ?\n\t\t\t\tAND userID IS NULL";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array($spiderID));
$row = $statement->fetchArray();
if ($row !== false) {
// fix session validation
$row['ipAddress'] = UserUtil::getIpAddress();
$row['userAgent'] = UserUtil::getUserAgent();
// return session object
return new $this->sessionClassName(null, $row);
}
return null;
}
/**
* Updates user session on shutdown.
*/
public function update() {
if ($this->doNotUpdate) return;
// set up data
$data = array(
'ipAddress' => UserUtil::getIpAddress(),
'userAgent' => $this->userAgent,
'requestURI' => $this->requestURI,
'requestMethod' => $this->requestMethod,
'lastActivityTime' => TIME_NOW
);
if (PACKAGE_ID && RequestHandler::getInstance()->getActiveRequest() && RequestHandler::getInstance()->getActiveRequest()->getRequestObject() instanceof ITrackablePage && RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->isTracked()) {
$data['controller'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getController();
$data['parentObjectType'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getParentObjectType();
$data['parentObjectID'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getParentObjectID();
$data['objectType'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getObjectType();
$data['objectID'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getObjectID();
}
if ($this->variablesChanged) {
$data['sessionVariables'] = serialize($this->variables);
}
// update session
$sessionEditor = new $this->sessionEditorClassName($this->session);
$sessionEditor->update($data);
}
/**
* @see \wcf\form\IForm::submit()
*/
public function submit()
{
parent::submit();
// save authentication failure
if (ENABLE_USER_AUTHENTICATION_FAILURE) {
if ($this->errorField == 'username' || $this->errorField == 'password') {
$action = new UserAuthenticationFailureAction(array(), 'create', array('data' => array('environment' => RequestHandler::getInstance()->isACPRequest() ? 'admin' : 'user', 'userID' => $this->user !== null ? $this->user->userID : null, 'username' => $this->username, 'time' => TIME_NOW, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent())));
$action->executeAction();
if ($this->captchaObjectType) {
$this->captchaObjectType->getProcessor()->reset();
}
}
}
}
/**
* Creates a new session.
*/
protected function create()
{
// create new session hash
$sessionID = StringUtil::getRandomID();
// get user automatically
$this->user = UserAuthenticationFactory::getUserAuthentication()->loginAutomatically(call_user_func(array($this->sessionClassName, 'supportsPersistentLogins')));
// create user
if ($this->user === null) {
// no valid user found
// create guest user
$this->user = new User(null);
}
if ($this->user->userID != 0) {
// user is no guest
// delete all other sessions of this user
call_user_func(array($this->sessionEditorClassName, 'deleteUserSessions'), array($this->user->userID));
}
// save session
$this->session = call_user_func(array($this->sessionEditorClassName, 'create'), array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'userID' => $this->user->userID, 'username' => $this->user->username === null ? '' : $this->user->username, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : ''));
}
