/** * Gets the user id from Session ID * * Returns the userID associated with the given session, based on * the given session lifespan $cookietime and the given remote IP * address. If no match found, returns 0. * * @param string $sessid Session ID to get user ID from * @param string $cookietime Used to query DB for valid sessions * @param string $remote_ip Used to pull session we need * @return int User ID */ function SESS_getUserIdFromSession($sessid, $cookietime, $remote_ip) { global $_CONF, $_TABLES; $uid = 0; $mintime = time() - $cookietime; $sql = "SELECT uid,start_time,remote_ip,browser FROM {$_TABLES['sessions']} WHERE " . "(md5_sess_id = '" . DB_escapeString($sessid) . "') AND (start_time > {$mintime})"; $result = DB_query($sql, 1); if (DB_error()) { DB_query("REPAIR TABLE {$_TABLES['sessions']}"); COM_errorLog("**** REPAIRING SESSION TABLE ******"); $result = DB_query($sql, 1); } $row = DB_fetchArray($result); if (!$row) { return 0; } $uid = (int) $row['uid']; $server_ip = $row['remote_ip']; $ipmatch = false; $ipmatch = _ipCheck($server_ip, $remote_ip, true); $browser = !empty($_SERVER['HTTP_USER_AGENT']) ? md5((string) $_SERVER['HTTP_USER_AGENT']) : ''; $browsermatch = false; if ($browser != $row['browser']) { $browsermatch = false; } else { $browsermatch = true; } if ($ipmatch == false || $browsermatch == false) { // destroy old session if (session_id()) { session_unset(); session_destroy(); } DB_delete($_TABLES['sessions'], 'md5_sess_id', DB_escapeString($sessid)); return 0; } if ($row['start_time'] + 60 < time()) { SESS_updateSessionTime($sessid); } return $uid; }
/** * This gets the state for the user * * Much of this code if from phpBB (www.phpbb.org). This checks the session * cookie and long term cookie to get the users state. * * @return array returns $_USER array * */ function SESS_sessionCheck() { global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE; if ($_SESS_VERBOSE) { COM_errorLog("***Inside SESS_sessionCheck***", 1); } unset($_USER); // We MUST do this up here, so it's set even if the cookie's not present. $user_logged_in = 0; $logged_in = 0; $userdata = array(); // Check for a cookie on the users's machine. If the cookie exists, build // an array of the users info and setup the theme. if (isset($_COOKIE[$_CONF['cookie_session']])) { $sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]); if ($_SESS_VERBOSE) { COM_errorLog("got {$sessid} as the session id from lib-sessions.php", 1); } $userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']); if ($_SESS_VERBOSE) { COM_errorLog("Got {$userid} as User ID from the session ID", 1); } if ($userid > 1) { // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { $user_logged_in = 1; SESS_updateSessionTime($sessid, $_CONF['cookie_ip']); $userdata = SESS_getUserDataFromId($userid); if ($_SESS_VERBOSE) { COM_errorLog("Got " . count($userdata) . " pieces of data from userdata", 1); COM_errorLog(COM_debug($userdata), 1); } $_USER = $userdata; $_USER['auto_login'] = false; } } else { // Session probably expired, now check permanent cookie if (isset($_COOKIE[$_CONF['cookie_name']])) { $userid = $_COOKIE[$_CONF['cookie_name']]; if (empty($userid) || $userid == 'deleted') { unset($userid); } else { $userid = COM_applyFilter($userid, true); $cookie_password = ''; $userpass = ''; if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) { $cookie_password = $_COOKIE[$_CONF['cookie_password']]; $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}"); } if (empty($cookie_password) || $cookie_password != $userpass) { // User may have modified their UID in cookie, ignore them } else { if ($userid > 1) { // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { $user_logged_in = 1; $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); $userdata = SESS_getUserDataFromId($userid); $_USER = $userdata; $_USER['auto_login'] = true; } } } } } } } else { if ($_SESS_VERBOSE) { COM_errorLog('session cookie not found from lib-sessions.php', 1); } // Check if the persistent cookie exists if (isset($_COOKIE[$_CONF['cookie_name']])) { // Session cookie doesn't exist but a permanent cookie does. // Start a new session cookie; if ($_SESS_VERBOSE) { COM_errorLog('perm cookie found from lib-sessions.php', 1); } $userid = $_COOKIE[$_CONF['cookie_name']]; if (empty($userid) || $userid == 'deleted') { unset($userid); } else { $userid = COM_applyFilter($userid, true); $cookie_password = ''; $userpass = ''; if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) { $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}"); $cookie_password = $_COOKIE[$_CONF['cookie_password']]; } if (empty($cookie_password) || $cookie_password != $userpass) { // User could have modified UID in cookie, don't do shit } else { if ($userid > 1) { // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { $user_logged_in = 1; // Create new session and write cookie $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); $userdata = SESS_getUserDataFromId($userid); $_USER = $userdata; $_USER['auto_login'] = true; } } } } } } if ($_SESS_VERBOSE) { COM_errorLog("***Leaving SESS_sessionCheck***", 1); } // Ensure $_USER is set to avoid warnings (path exposure...) if (isset($_USER)) { return $_USER; } else { return NULL; } }
/** * This gets the state for the user * * Much of this code if from phpBB (www.phpbb.org). This checks the session * cookie and long term cookie to get the users state. * * @return void * */ function SESS_sessionCheck() { global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE; if ($_SESS_VERBOSE) { COM_errorLog("*** Inside SESS_sessionCheck ***", 1); } $_USER = array(); // Check for a cookie on the users's machine. If the cookie exists, build // an array of the users info and setup the theme. // Flag indicates if session cookie and session data exist $session_exists = true; if (isset($_COOKIE[$_CONF['cookie_session']])) { $sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]); if ($_SESS_VERBOSE) { COM_errorLog("Got {$sessid} as the session ID", 1); } $userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']); if ($_SESS_VERBOSE) { COM_errorLog("Got {$userid} as User ID from the session ID", 1); } if ($userid > 1) { // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { SESS_updateSessionTime($sessid, $_CONF['cookie_ip']); $_USER = SESS_getUserDataFromId($userid); if ($_SESS_VERBOSE) { $str = "Got " . count($_USER) . " pieces of data from userdata \n"; foreach ($_USER as $k => $v) { $str .= sprintf("%15s [%s] \n", $k, $v); } COM_errorLog($str, 1); } $_USER['auto_login'] = false; } } elseif ($userid == 1) { // Anonymous User has session so update any information SESS_updateSessionTime($sessid, $_CONF['cookie_ip']); } else { // Session probably expired $session_exists = false; } } else { if ($_SESS_VERBOSE) { COM_errorLog("Session cookie not found", 1); } $session_exists = false; } if ($session_exists === false) { // Check if the permanent cookie exists $userid = ''; if (isset($_COOKIE[$_CONF['cookie_name']])) { $userid = COM_applyFilter($_COOKIE[$_CONF['cookie_name']], true); } if (!empty($userid)) { // Session cookie or session data don't exist, but a permanent cookie does. // Start a new session cookie and session data; if ($_SESS_VERBOSE) { COM_errorLog("Got {$userid} as User ID from the permanent cookie", 1); } $cookie_password = ''; $userpass = ''; if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) { $cookie_password = $_COOKIE[$_CONF['cookie_password']]; $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}"); } if (empty($cookie_password) || $cookie_password != $userpass) { if ($_SESS_VERBOSE) { COM_errorLog("Password comparison failed or cookie password missing", 1); } // Invalid or manipulated cookie data $ctime = time() - 10000; SEC_setCookie($_CONF['cookie_session'], '', $ctime); SEC_setCookie($_CONF['cookie_password'], '', $ctime); SEC_setCookie($_CONF['cookie_name'], '', $ctime); COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login'); if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { if (!defined('XHTML')) { define('XHTML', ''); } COM_displayMessageAndAbort(82, '', 403, 'Access denied'); } COM_updateSpeedlimit('login'); } elseif ($userid > 1) { if ($_SESS_VERBOSE) { COM_errorLog("Password comparison passed", 1); } // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { if ($_SESS_VERBOSE) { COM_errorLog("Create new session and write cookie", 1); } // Create new session and write cookie $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); $_USER = SESS_getUserDataFromId($userid); $_USER['auto_login'] = true; } } } else { if ($_SESS_VERBOSE) { COM_errorLog("Permanent cookie not found", 1); } // Anonymous user has session id but it has been expired and wiped from the db so reset. // Or new anonymous user so create new session and write cookie. $userid = 1; $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); } } if ($_SESS_VERBOSE) { COM_errorLog("*** Leaving SESS_sessionCheck ***", 1); } $_USER['session_id'] = $sessid; }