Example #1
0
function rss_session_end()
{
    global $db, $user;
    $session_id = $user->data['session_id'];
    $user_id = $user->data['user_id'];
    $sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\tWHERE session_id = '" . $db->sql_escape($session_id) . "'\n\t\tAND session_user_id = {$user_id}";
    $db->sql_return_on_error(true);
    $result = $db->sql_query($sql);
    $db->sql_return_on_error(false);
    if (!$result) {
        ExitWithHeader("500 Internal Server Error", "Error delete session");
    }
}
function rss_session_begin($user_id, $user_ip, $page_id)
{
    global $db, $board_config, $HTTP_SERVER_VARS;
    $page_id = (int) $page_id;
    $user_id = (int) $user_id;
    $password = md5($HTTP_SERVER_VARS['PHP_AUTH_PW']);
    $last_visit = 0;
    $current_time = time();
    $expiry_time = $current_time - $board_config['session_length'];
    $sql = "SELECT *\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE user_id = {$user_id}";
    if (!($result = $db->sql_query($sql))) {
        ExitWithHeader('500 Internal Server Error', 'Could not obtain lastvisit data from user table');
    }
    $userdata = $db->sql_fetchrow($result);
    if ($user_id != ANONYMOUS && (!$userdata || $password != $userdata['user_password'])) {
        ExitWithHeader('500 Internal Server Error', 'Error while create session');
    }
    $login = $user_id != ANONYMOUS ? 1 : 0;
    //
    // Initial ban check against user id, IP and email address
    //
    preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
    $sql = "SELECT ban_ip, ban_userid, ban_email\n\t\tFROM " . BANLIST_TABLE . "\n\t\tWHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')\n\t\t\tOR ban_userid = {$user_id}";
    if ($user_id != ANONYMOUS) {
        $sql .= " OR ban_email LIKE '" . str_replace("\\'", "''", $userdata['user_email']) . "'\n\t\t\tOR ban_email LIKE '" . substr(str_replace("\\'", "''", $userdata['user_email']), strpos(str_replace("\\'", "''", $userdata['user_email']), "@")) . "'";
    }
    if (!($result = $db->sql_query($sql))) {
        ExitWithHeader("500 Internal Server Error", "Could not obtain ban information");
    }
    if ($ban_info = $db->sql_fetchrow($result)) {
        if ($ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email']) {
            ExitWithHeader("403 Forbidden", "You been banned");
        }
    }
    $session_id = md5(uniqid($user_ip));
    $sql = "INSERT INTO " . SESSIONS_TABLE . "\n\t\t\t(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)\n\t\t\tVALUES ('{$session_id}', {$user_id}, {$current_time}, {$current_time}, '{$user_ip}', {$page_id}, {$login})";
    if (!$db->sql_query($sql)) {
        ExitWithHeader("500 Internal Server Error", "Error creating new session");
    }
    $last_visit = $userdata['user_session_time'] > 0 ? $userdata['user_session_time'] : $current_time;
    $sql = "UPDATE " . USERS_TABLE . " SET user_session_time = {$current_time}, user_session_page = {$page_id}, user_lastvisit = {$last_visit} ";
    if (LV_MOD_INSTALLED) {
        $sql .= ",user_lastlogon={$current_time}, user_totallogon=user_totallogon+1";
    }
    $sql .= " WHERE user_id = {$user_id}";
    if (!$db->sql_query($sql)) {
        ExitWithHeader("500 Internal Server Error", 'Error updating last visit time');
    }
    $userdata['user_lastvisit'] = $last_visit;
    $userdata['session_id'] = $session_id;
    $userdata['session_ip'] = $user_ip;
    $userdata['session_user_id'] = $user_id;
    $userdata['session_logged_in'] = $login;
    $userdata['session_page'] = $page_id;
    $userdata['session_start'] = $current_time;
    $userdata['session_time'] = $current_time;
    return $userdata;
}
Example #3
0
		}
	}
	// Check for E-Tag
	if($LastPostTime == 0)
	{
		$LastPostTime = $deadline;
	}
	$MyETag = '"RSS' . gmdate('YmdHis', $LastPostTime) . $verinfo . '"';
	$MyGMTtime = gmdate('D, d M Y H:i:s', $LastPostTime) . ' GMT';
	if(isset($_SERVER['HTTP_IF_NONE_MATCH'])&& ($_SERVER['HTTP_IF_NONE_MATCH']== $MyETag))
	{
		ExitWithHeader('304 Not Modified');
	}
	if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && ($_SERVER['HTTP_IF_MODIFIED_SINCE'] == $MyGMTtime))
	{
		ExitWithHeader('304 Not Modified');
	}

	// BEGIN XML and nocaching headers (copied from page_header.php)
	if(!empty($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache/2'))
	{
		header('Cache-Control: no-cache, pre-check=0, post-check=0, max-age=0');
	}
	else
	{
		header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
	}
	header('Last-Modified: ' . $MyGMTtime);
	header('Etag: ' . $MyETag);
	header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
	header('Content-Type: text/xml; charset=' . $encoding_charset);
Example #4
0
         if (!$db->sql_query($sql)) {
             ExitWithHeader("500 Internal Server Error", 'Error updating user totalpages ');
         }
     }
 }
 // Check for E-Tag
 if ($LastPostTime == 0) {
     $LastPostTime = $deadline;
 }
 $MyETag = '"RSS' . gmdate("YmdHis", $LastPostTime) . $verinfo . '"';
 $MyGMTtime = gmdate("D, d M Y H:i:s", $LastPostTime) . " GMT";
 if (isset($HTTP_SERVER_VARS['HTTP_IF_NONE_MATCH']) && $HTTP_SERVER_VARS['HTTP_IF_NONE_MATCH'] == $MyETag) {
     ExitWithHeader("304 Not Modified");
 }
 if (isset($HTTP_SERVER_VARS['HTTP_IF_MODIFIED_SINCE']) && $HTTP_SERVER_VARS['HTTP_IF_MODIFIED_SINCE'] == $MyGMTtime) {
     ExitWithHeader("304 Not Modified");
 }
 //
 // BEGIN XML and nocaching headers (copied from page_header.php)
 //
 if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) {
     header('Cache-Control: no-cache, pre-check=0, post-check=0, max-age=0');
 } else {
     header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
 }
 header("Last-Modified: " . $MyGMTtime);
 header("Etag: " . $MyETag);
 header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
 header('Content-Type: text/xml; charset=' . $lang['ENCODING']);
 //
 // End XML and nocaching headers