/**
* Set up a new session / Restore an existing one that was lost.
*
* @param MEMBER Logged in member
* @param BINARY Whether the session should be considered confirmed
* @param boolean Whether the session should be invisible
* @return AUTO_LINK New session ID
*/
function create_session($member, $session_confirmed = 0, $invisible = false)
{
global $SESSION_CACHE;
global $MEMBER_CACHED;
$MEMBER_CACHED = $member;
if ($invisible && get_option('is_on_invisibility') == '0') {
$invisible = false;
}
$new_session = mixed();
$restored_session = delete_expired_sessions_or_recover($member);
if (is_null($restored_session)) {
// Generate random session
$new_session = mt_rand(0, mt_getrandmax() - 1);
// Store session
$username = $GLOBALS['FORUM_DRIVER']->get_username($member);
$new_session_row = array('the_session' => $new_session, 'last_activity' => time(), 'the_user' => $member, 'ip' => get_ip_address(3), 'session_confirmed' => $session_confirmed, 'session_invisible' => $invisible ? 1 : 0, 'cache_username' => $username, 'the_title' => '', 'the_zone' => get_zone_name(), 'the_page' => substr(get_page_name(), 0, 80), 'the_type' => substr(get_param('type', '', true), 0, 80), 'the_id' => substr(either_param('id', ''), 0, 80));
$GLOBALS['SITE_DB']->query_insert('sessions', $new_session_row, false, true);
$SESSION_CACHE[$new_session] = $new_session_row;
$big_change = true;
} else {
$new_session = $restored_session;
$prior_session_row = $SESSION_CACHE[$new_session];
$new_session_row = array('the_title' => '', 'the_zone' => get_zone_name(), 'the_page' => get_page_name(), 'the_type' => substr(either_param('type', ''), 0, 80), 'the_id' => substr(either_param('id', ''), 0, 80), 'last_activity' => time(), 'ip' => get_ip_address(3), 'session_confirmed' => $session_confirmed);
$big_change = $prior_session_row['last_activity'] < time() - 10 || $prior_session_row['session_confirmed'] != $session_confirmed || $prior_session_row['ip'] != $new_session_row['ip'];
if ($big_change) {
$GLOBALS['SITE_DB']->query_update('sessions', $new_session_row, array('the_session' => $new_session), '', 1, NULL, false, true);
}
$SESSION_CACHE[$new_session] = array_merge($SESSION_CACHE[$new_session], $new_session_row);
}
if ($big_change) {
if (get_value('session_prudence') !== '1') {
// With session prudence we don't store all these in persistant cache due to the size of it all. So only re-save if that's not on.
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
set_session_id($new_session);
// We won't set it true here, but something that really needs it to persist might come back and re-set it
// New sessions = Login points
if (!is_null($member) && addon_installed('points') && addon_installed('stats') && !is_guest($member)) {
$points_per_daily_visit = intval(get_option('points_per_daily_visit', true));
if ($points_per_daily_visit != 0) {
// See if this is the first visit today
$test = $GLOBALS['SITE_DB']->query_value('stats', 'MAX(date_and_time)', array('the_user' => $member));
if (!is_null($test)) {
require_code('temporal');
require_code('tempcode');
if (date('d/m/Y', tz_time($test, get_site_timezone())) != date('d/m/Y', tz_time(time(), get_site_timezone()))) {
require_code('points');
$_before = point_info($member);
if (array_key_exists('points_gained_given', $_before)) {
$GLOBALS['FORUM_DRIVER']->set_custom_field($member, 'points_gained_given', strval(intval($_before['points_gained_given']) + $points_per_daily_visit));
}
}
}
}
}
$GLOBALS['SESSION_CONFIRMED'] = $session_confirmed;
return $new_session;
}
/**
* Get the ID of the currently active member.
* It see's if the session exists / cookie is valid -- and gets the member id accordingly
*
* @param boolean Whether to just do a quick check, don't establish new sessions
* @return MEMBER The member requesting this web page (possibly the guest member - which strictly speaking, is not a member)
*/
function get_member($quick_only = false)
{
global $SESSION_CACHE, $MEMBER_CACHED, $GETTING_MEMBER, $SITE_INFO;
if ($MEMBER_CACHED !== NULL) {
$GETTING_MEMBER = false;
return $MEMBER_CACHED;
}
// If lots of aging sessions, clean out
reset($SESSION_CACHE);
if (count($SESSION_CACHE) > 50 && $SESSION_CACHE[key($SESSION_CACHE)]['last_activity'] < time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
delete_expired_sessions_or_recover();
}
// Try via backdoor that someone with full server access can place
$backdoor_ip_address = mixed();
// Enable to a real IP address to force login from FTP access (if lost admin password)
if (array_key_exists('backdoor_ip', $SITE_INFO)) {
$backdoor_ip_address = $SITE_INFO['backdoor_ip'];
}
if (is_string($backdoor_ip_address) && get_ip_address() == $backdoor_ip_address) {
require_code('users_active_actions');
$MEMBER_CACHED = restricted_manually_enabled_backdoor();
// Will have created a session in here already
return $MEMBER_CACHED;
}
if ($GETTING_MEMBER) {
if (!isset($GLOBALS['FORUM_DRIVER'])) {
return db_get_first_id();
}
// :S
return $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
$GETTING_MEMBER = true;
global $FORCE_INVISIBLE_GUEST;
if ($FORCE_INVISIBLE_GUEST) {
$GETTING_MEMBER = false;
if (!isset($GLOBALS['FORUM_DRIVER'])) {
fatal_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
$MEMBER_CACHED = $GLOBALS['FORUM_DRIVER']->get_guest_id();
return $MEMBER_CACHED;
}
$member = NULL;
$cookie_bits = explode(':', str_replace('|', ':', get_member_cookie()));
$base = $cookie_bits[0];
// Try by session
$session = get_session_id();
if ($session != -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
$ip = get_ip_address(3);
// I hope AOL can cope with this
$allow_unbound_guest = true;
// Note: Guest sessions are not IP bound
$member_row = NULL;
if ($SESSION_CACHE !== NULL && array_key_exists($session, $SESSION_CACHE) && $SESSION_CACHE[$session] !== NULL && array_key_exists('the_user', $SESSION_CACHE[$session]) && (get_option('ip_strict_for_sessions') == '0' || $SESSION_CACHE[$session]['ip'] == $ip || is_guest($SESSION_CACHE[$session]['the_user']) && $allow_unbound_guest || $SESSION_CACHE[$session]['session_confirmed'] == 0 && !is_guest($SESSION_CACHE[$session]['the_user'])) && $SESSION_CACHE[$session]['last_activity'] > time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
$member_row = $SESSION_CACHE[$session];
}
if ($member_row !== NULL && (!array_key_exists($base, $_COOKIE) || !is_guest($member_row['the_user']))) {
$member = $member_row['the_user'];
if ($member !== NULL && time() - $member_row['last_activity'] > 10) {
//$GLOBALS['SITE_DB']->query_update('sessions',array('last_activity'=>time(),'the_zone'=>get_zone_name(),'the_page'=>get_page_name()),array('the_session'=>$session),'',1); Done in get_page_title now
$SESSION_CACHE[$session]['last_activity'] = time();
if (get_value('session_prudence') !== '1') {
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
global $SESSION_CONFIRMED;
$SESSION_CONFIRMED = $member_row['session_confirmed'];
if (get_forum_type() == 'ocf') {
$GLOBALS['FORUM_DRIVER']->ocf_flood_control($member);
}
if (!is_guest($member) && $GLOBALS['FORUM_DRIVER']->is_banned($member)) {
warn_exit(do_lang_tempcode('USER_BANNED'));
}
// Test this member still exists
if ($GLOBALS['FORUM_DRIVER']->get_username($member) === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
if (array_key_exists($base, $_COOKIE)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
}
} else {
require_code('users_inactive_occasionals');
set_session_id(-1);
}
}
if ($member === NULL && get_session_id() == -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
// Try by cookie (will defer to forum driver to authorise against detected cookie)
require_code('users_inactive_occasionals');
$member = try_cookie_login();
// Can forum driver help more directly?
if (method_exists($GLOBALS['FORUM_DRIVER'], 'get_member')) {
$member = $GLOBALS['FORUM_DRIVER']->get_member();
}
}
// Try via additional login providers. They can choose whether to respect existing $member of get_session_id() settings. Some may do an account linkage, so we need to let them decide what to do.
$hooks = find_all_hooks('systems', 'login_providers');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/login_providers/' . $hook);
$ob = object_factory('Hook_login_provider_' . $hook);
$member = $ob->try_login($member);
}
// Guest or banned
if ($member === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
$is_guest = true;
} else {
$is_guest = is_guest($member);
}
// If we are doing a very quick init, bomb out now - no need to establish session etc
global $SITE_INFO;
if ($quick_only) {
$GETTING_MEMBER = false;
return $member;
}
// If one of the try_* functions hasn't actually created the session, call it here
$session = get_session_id();
if ($session == -1) {
require_code('users_inactive_occasionals');
create_session($member);
}
// If we are logged in, maybe do some further processing
if (!$is_guest) {
// Is there a su operation?
$ks = get_param('keep_su', '');
if ($ks != '') {
require_code('users_inactive_occasionals');
$member = try_su_login($member);
}
// Run hooks, if any exist
$hooks = find_all_hooks('systems', 'upon_login');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/upon_login/' . filter_naughty($hook));
$ob = object_factory('upon_login' . filter_naughty($hook), true);
if ($ob === NULL) {
continue;
}
$ob->run(false, NULL, $member);
// false means "not a new login attempt"
}
}
// Ok we have our answer
$MEMBER_CACHED = $member;
$GETTING_MEMBER = false;
// We call this to ensure any HTTP-auth specific code has a chance to run
is_httpauth_login();
return $member;
}
