/**
* Gets the user id from Session ID
*
* Returns the userID associated with the given session, based on
* the given session lifespan $cookietime and the given remote IP
* address. If no match found, returns 0.
*
* @param string $sessid Session ID to get user ID from
* @param string $cookietime Used to query DB for valid sessions
* @param string $remote_ip Used to pull session we need
* @return int User ID
*/
function SESS_getUserIdFromSession($sessid, $cookietime, $remote_ip)
{
global $_CONF, $_TABLES;
$uid = 0;
$mintime = time() - $cookietime;
$sql = "SELECT uid,start_time,remote_ip,browser FROM {$_TABLES['sessions']} WHERE " . "(md5_sess_id = '" . DB_escapeString($sessid) . "') AND (start_time > {$mintime})";
$result = DB_query($sql, 1);
if (DB_error()) {
DB_query("REPAIR TABLE {$_TABLES['sessions']}");
COM_errorLog("**** REPAIRING SESSION TABLE ******");
$result = DB_query($sql, 1);
}
$row = DB_fetchArray($result);
if (!$row) {
return 0;
}
$uid = (int) $row['uid'];
$server_ip = $row['remote_ip'];
$ipmatch = false;
$ipmatch = _ipCheck($server_ip, $remote_ip, true);
$browser = !empty($_SERVER['HTTP_USER_AGENT']) ? md5((string) $_SERVER['HTTP_USER_AGENT']) : '';
$browsermatch = false;
if ($browser != $row['browser']) {
$browsermatch = false;
} else {
$browsermatch = true;
}
if ($ipmatch == false || $browsermatch == false) {
// destroy old session
if (session_id()) {
session_unset();
session_destroy();
}
DB_delete($_TABLES['sessions'], 'md5_sess_id', DB_escapeString($sessid));
return 0;
}
if ($row['start_time'] + 60 < time()) {
SESS_updateSessionTime($sessid);
}
return $uid;
}
/**
* This gets the state for the user
*
* Much of this code if from phpBB (www.phpbb.org). This checks the session
* cookie and long term cookie to get the users state.
*
* @return array returns $_USER array
*
*/
function SESS_sessionCheck()
{
global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE;
if ($_SESS_VERBOSE) {
COM_errorLog("***Inside SESS_sessionCheck***", 1);
}
unset($_USER);
// We MUST do this up here, so it's set even if the cookie's not present.
$user_logged_in = 0;
$logged_in = 0;
$userdata = array();
// Check for a cookie on the users's machine. If the cookie exists, build
// an array of the users info and setup the theme.
if (isset($_COOKIE[$_CONF['cookie_session']])) {
$sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]);
if ($_SESS_VERBOSE) {
COM_errorLog("got {$sessid} as the session id from lib-sessions.php", 1);
}
$userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']);
if ($_SESS_VERBOSE) {
COM_errorLog("Got {$userid} as User ID from the session ID", 1);
}
if ($userid > 1) {
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
$user_logged_in = 1;
SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
$userdata = SESS_getUserDataFromId($userid);
if ($_SESS_VERBOSE) {
COM_errorLog("Got " . count($userdata) . " pieces of data from userdata", 1);
COM_errorLog(COM_debug($userdata), 1);
}
$_USER = $userdata;
$_USER['auto_login'] = false;
}
} else {
// Session probably expired, now check permanent cookie
if (isset($_COOKIE[$_CONF['cookie_name']])) {
$userid = $_COOKIE[$_CONF['cookie_name']];
if (empty($userid) || $userid == 'deleted') {
unset($userid);
} else {
$userid = COM_applyFilter($userid, true);
$cookie_password = '';
$userpass = '';
if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) {
$cookie_password = $_COOKIE[$_CONF['cookie_password']];
$userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}");
}
if (empty($cookie_password) || $cookie_password != $userpass) {
// User may have modified their UID in cookie, ignore them
} else {
if ($userid > 1) {
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
$user_logged_in = 1;
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
$userdata = SESS_getUserDataFromId($userid);
$_USER = $userdata;
$_USER['auto_login'] = true;
}
}
}
}
}
}
} else {
if ($_SESS_VERBOSE) {
COM_errorLog('session cookie not found from lib-sessions.php', 1);
}
// Check if the persistent cookie exists
if (isset($_COOKIE[$_CONF['cookie_name']])) {
// Session cookie doesn't exist but a permanent cookie does.
// Start a new session cookie;
if ($_SESS_VERBOSE) {
COM_errorLog('perm cookie found from lib-sessions.php', 1);
}
$userid = $_COOKIE[$_CONF['cookie_name']];
if (empty($userid) || $userid == 'deleted') {
unset($userid);
} else {
$userid = COM_applyFilter($userid, true);
$cookie_password = '';
$userpass = '';
if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) {
$userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}");
$cookie_password = $_COOKIE[$_CONF['cookie_password']];
}
if (empty($cookie_password) || $cookie_password != $userpass) {
// User could have modified UID in cookie, don't do shit
} else {
if ($userid > 1) {
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
$user_logged_in = 1;
// Create new session and write cookie
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
$userdata = SESS_getUserDataFromId($userid);
$_USER = $userdata;
$_USER['auto_login'] = true;
}
}
}
}
}
}
if ($_SESS_VERBOSE) {
COM_errorLog("***Leaving SESS_sessionCheck***", 1);
}
// Ensure $_USER is set to avoid warnings (path exposure...)
if (isset($_USER)) {
return $_USER;
} else {
return NULL;
}
}
/**
* This gets the state for the user
*
* Much of this code if from phpBB (www.phpbb.org). This checks the session
* cookie and long term cookie to get the users state.
*
* @return void
*
*/
function SESS_sessionCheck()
{
global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE;
if ($_SESS_VERBOSE) {
COM_errorLog("*** Inside SESS_sessionCheck ***", 1);
}
$_USER = array();
// Check for a cookie on the users's machine. If the cookie exists, build
// an array of the users info and setup the theme.
// Flag indicates if session cookie and session data exist
$session_exists = true;
if (isset($_COOKIE[$_CONF['cookie_session']])) {
$sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]);
if ($_SESS_VERBOSE) {
COM_errorLog("Got {$sessid} as the session ID", 1);
}
$userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']);
if ($_SESS_VERBOSE) {
COM_errorLog("Got {$userid} as User ID from the session ID", 1);
}
if ($userid > 1) {
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
$_USER = SESS_getUserDataFromId($userid);
if ($_SESS_VERBOSE) {
$str = "Got " . count($_USER) . " pieces of data from userdata \n";
foreach ($_USER as $k => $v) {
$str .= sprintf("%15s [%s] \n", $k, $v);
}
COM_errorLog($str, 1);
}
$_USER['auto_login'] = false;
}
} elseif ($userid == 1) {
// Anonymous User has session so update any information
SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
} else {
// Session probably expired
$session_exists = false;
}
} else {
if ($_SESS_VERBOSE) {
COM_errorLog("Session cookie not found", 1);
}
$session_exists = false;
}
if ($session_exists === false) {
// Check if the permanent cookie exists
$userid = '';
if (isset($_COOKIE[$_CONF['cookie_name']])) {
$userid = COM_applyFilter($_COOKIE[$_CONF['cookie_name']], true);
}
if (!empty($userid)) {
// Session cookie or session data don't exist, but a permanent cookie does.
// Start a new session cookie and session data;
if ($_SESS_VERBOSE) {
COM_errorLog("Got {$userid} as User ID from the permanent cookie", 1);
}
$cookie_password = '';
$userpass = '';
if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) {
$cookie_password = $_COOKIE[$_CONF['cookie_password']];
$userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}");
}
if (empty($cookie_password) || $cookie_password != $userpass) {
if ($_SESS_VERBOSE) {
COM_errorLog("Password comparison failed or cookie password missing", 1);
}
// Invalid or manipulated cookie data
$ctime = time() - 10000;
SEC_setCookie($_CONF['cookie_session'], '', $ctime);
SEC_setCookie($_CONF['cookie_password'], '', $ctime);
SEC_setCookie($_CONF['cookie_name'], '', $ctime);
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
if (!defined('XHTML')) {
define('XHTML', '');
}
COM_displayMessageAndAbort(82, '', 403, 'Access denied');
}
COM_updateSpeedlimit('login');
} elseif ($userid > 1) {
if ($_SESS_VERBOSE) {
COM_errorLog("Password comparison passed", 1);
}
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
if ($_SESS_VERBOSE) {
COM_errorLog("Create new session and write cookie", 1);
}
// Create new session and write cookie
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
$_USER = SESS_getUserDataFromId($userid);
$_USER['auto_login'] = true;
}
}
} else {
if ($_SESS_VERBOSE) {
COM_errorLog("Permanent cookie not found", 1);
}
// Anonymous user has session id but it has been expired and wiped from the db so reset.
// Or new anonymous user so create new session and write cookie.
$userid = 1;
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
}
}
if ($_SESS_VERBOSE) {
COM_errorLog("*** Leaving SESS_sessionCheck ***", 1);
}
$_USER['session_id'] = $sessid;
}
