Exemple #1
0
/**
* Gets the user id from Session ID
*
* Returns the userID associated with the given session, based on
* the given session lifespan $cookietime and the given remote IP
* address. If no match found, returns 0.
*
* @param        string      $sessid         Session ID to get user ID from
* @param        string      $cookietime     Used to query DB for valid sessions
* @param        string      $remote_ip      Used to pull session we need
* @return       int         User ID
*/
function SESS_getUserIdFromSession($sessid, $cookietime, $remote_ip)
{
    global $_CONF, $_TABLES;
    $uid = 0;
    $mintime = time() - $cookietime;
    $sql = "SELECT uid,start_time,remote_ip,browser FROM {$_TABLES['sessions']} WHERE " . "(md5_sess_id = '" . DB_escapeString($sessid) . "') AND (start_time > {$mintime})";
    $result = DB_query($sql, 1);
    if (DB_error()) {
        DB_query("REPAIR TABLE {$_TABLES['sessions']}");
        COM_errorLog("**** REPAIRING SESSION TABLE ******");
        $result = DB_query($sql, 1);
    }
    $row = DB_fetchArray($result);
    if (!$row) {
        return 0;
    }
    $uid = (int) $row['uid'];
    $server_ip = $row['remote_ip'];
    $ipmatch = false;
    $ipmatch = _ipCheck($server_ip, $remote_ip, true);
    $browser = !empty($_SERVER['HTTP_USER_AGENT']) ? md5((string) $_SERVER['HTTP_USER_AGENT']) : '';
    $browsermatch = false;
    if ($browser != $row['browser']) {
        $browsermatch = false;
    } else {
        $browsermatch = true;
    }
    if ($ipmatch == false || $browsermatch == false) {
        // destroy old session
        if (session_id()) {
            session_unset();
            session_destroy();
        }
        DB_delete($_TABLES['sessions'], 'md5_sess_id', DB_escapeString($sessid));
        return 0;
    }
    if ($row['start_time'] + 60 < time()) {
        SESS_updateSessionTime($sessid);
    }
    return $uid;
}
Exemple #2
0
/**
* This gets the state for the user
*
* Much of this code if from phpBB (www.phpbb.org).  This checks the session
* cookie and long term cookie to get the users state.
*
* @return   array   returns $_USER array
*
*/
function SESS_sessionCheck()
{
    global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE;
    if ($_SESS_VERBOSE) {
        COM_errorLog("***Inside SESS_sessionCheck***", 1);
    }
    unset($_USER);
    // We MUST do this up here, so it's set even if the cookie's not present.
    $user_logged_in = 0;
    $logged_in = 0;
    $userdata = array();
    // Check for a cookie on the users's machine.  If the cookie exists, build
    // an array of the users info and setup the theme.
    if (isset($_COOKIE[$_CONF['cookie_session']])) {
        $sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]);
        if ($_SESS_VERBOSE) {
            COM_errorLog("got {$sessid} as the session id from lib-sessions.php", 1);
        }
        $userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']);
        if ($_SESS_VERBOSE) {
            COM_errorLog("Got {$userid} as User ID from the session ID", 1);
        }
        if ($userid > 1) {
            // Check user status
            $status = SEC_checkUserStatus($userid);
            if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
                $user_logged_in = 1;
                SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
                $userdata = SESS_getUserDataFromId($userid);
                if ($_SESS_VERBOSE) {
                    COM_errorLog("Got " . count($userdata) . " pieces of data from userdata", 1);
                    COM_errorLog(COM_debug($userdata), 1);
                }
                $_USER = $userdata;
                $_USER['auto_login'] = false;
            }
        } else {
            // Session probably expired, now check permanent cookie
            if (isset($_COOKIE[$_CONF['cookie_name']])) {
                $userid = $_COOKIE[$_CONF['cookie_name']];
                if (empty($userid) || $userid == 'deleted') {
                    unset($userid);
                } else {
                    $userid = COM_applyFilter($userid, true);
                    $cookie_password = '';
                    $userpass = '';
                    if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) {
                        $cookie_password = $_COOKIE[$_CONF['cookie_password']];
                        $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}");
                    }
                    if (empty($cookie_password) || $cookie_password != $userpass) {
                        // User may have modified their UID in cookie, ignore them
                    } else {
                        if ($userid > 1) {
                            // Check user status
                            $status = SEC_checkUserStatus($userid);
                            if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
                                $user_logged_in = 1;
                                $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
                                SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
                                $userdata = SESS_getUserDataFromId($userid);
                                $_USER = $userdata;
                                $_USER['auto_login'] = true;
                            }
                        }
                    }
                }
            }
        }
    } else {
        if ($_SESS_VERBOSE) {
            COM_errorLog('session cookie not found from lib-sessions.php', 1);
        }
        // Check if the persistent cookie exists
        if (isset($_COOKIE[$_CONF['cookie_name']])) {
            // Session cookie doesn't exist but a permanent cookie does.
            // Start a new session cookie;
            if ($_SESS_VERBOSE) {
                COM_errorLog('perm cookie found from lib-sessions.php', 1);
            }
            $userid = $_COOKIE[$_CONF['cookie_name']];
            if (empty($userid) || $userid == 'deleted') {
                unset($userid);
            } else {
                $userid = COM_applyFilter($userid, true);
                $cookie_password = '';
                $userpass = '';
                if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) {
                    $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}");
                    $cookie_password = $_COOKIE[$_CONF['cookie_password']];
                }
                if (empty($cookie_password) || $cookie_password != $userpass) {
                    // User could have modified UID in cookie, don't do shit
                } else {
                    if ($userid > 1) {
                        // Check user status
                        $status = SEC_checkUserStatus($userid);
                        if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
                            $user_logged_in = 1;
                            // Create new session and write cookie
                            $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
                            SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
                            $userdata = SESS_getUserDataFromId($userid);
                            $_USER = $userdata;
                            $_USER['auto_login'] = true;
                        }
                    }
                }
            }
        }
    }
    if ($_SESS_VERBOSE) {
        COM_errorLog("***Leaving SESS_sessionCheck***", 1);
    }
    // Ensure $_USER is set to avoid warnings (path exposure...)
    if (isset($_USER)) {
        return $_USER;
    } else {
        return NULL;
    }
}
/**
* This gets the state for the user
*
* Much of this code if from phpBB (www.phpbb.org).  This checks the session
* cookie and long term cookie to get the users state.
*
* @return   void
*
*/
function SESS_sessionCheck()
{
    global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE;
    if ($_SESS_VERBOSE) {
        COM_errorLog("*** Inside SESS_sessionCheck ***", 1);
    }
    $_USER = array();
    // Check for a cookie on the users's machine.  If the cookie exists, build
    // an array of the users info and setup the theme.
    // Flag indicates if session cookie and session data exist
    $session_exists = true;
    if (isset($_COOKIE[$_CONF['cookie_session']])) {
        $sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]);
        if ($_SESS_VERBOSE) {
            COM_errorLog("Got {$sessid} as the session ID", 1);
        }
        $userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']);
        if ($_SESS_VERBOSE) {
            COM_errorLog("Got {$userid} as User ID from the session ID", 1);
        }
        if ($userid > 1) {
            // Check user status
            $status = SEC_checkUserStatus($userid);
            if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
                SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
                $_USER = SESS_getUserDataFromId($userid);
                if ($_SESS_VERBOSE) {
                    $str = "Got " . count($_USER) . " pieces of data from userdata \n";
                    foreach ($_USER as $k => $v) {
                        $str .= sprintf("%15s [%s] \n", $k, $v);
                    }
                    COM_errorLog($str, 1);
                }
                $_USER['auto_login'] = false;
            }
        } elseif ($userid == 1) {
            // Anonymous User has session so update any information
            SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
        } else {
            // Session probably expired
            $session_exists = false;
        }
    } else {
        if ($_SESS_VERBOSE) {
            COM_errorLog("Session cookie not found", 1);
        }
        $session_exists = false;
    }
    if ($session_exists === false) {
        // Check if the permanent cookie exists
        $userid = '';
        if (isset($_COOKIE[$_CONF['cookie_name']])) {
            $userid = COM_applyFilter($_COOKIE[$_CONF['cookie_name']], true);
        }
        if (!empty($userid)) {
            // Session cookie or session data don't exist, but a permanent cookie does.
            // Start a new session cookie and session data;
            if ($_SESS_VERBOSE) {
                COM_errorLog("Got {$userid} as User ID from the permanent cookie", 1);
            }
            $cookie_password = '';
            $userpass = '';
            if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) {
                $cookie_password = $_COOKIE[$_CONF['cookie_password']];
                $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}");
            }
            if (empty($cookie_password) || $cookie_password != $userpass) {
                if ($_SESS_VERBOSE) {
                    COM_errorLog("Password comparison failed or cookie password missing", 1);
                }
                // Invalid or manipulated cookie data
                $ctime = time() - 10000;
                SEC_setCookie($_CONF['cookie_session'], '', $ctime);
                SEC_setCookie($_CONF['cookie_password'], '', $ctime);
                SEC_setCookie($_CONF['cookie_name'], '', $ctime);
                COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
                if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
                    if (!defined('XHTML')) {
                        define('XHTML', '');
                    }
                    COM_displayMessageAndAbort(82, '', 403, 'Access denied');
                }
                COM_updateSpeedlimit('login');
            } elseif ($userid > 1) {
                if ($_SESS_VERBOSE) {
                    COM_errorLog("Password comparison passed", 1);
                }
                // Check user status
                $status = SEC_checkUserStatus($userid);
                if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
                    if ($_SESS_VERBOSE) {
                        COM_errorLog("Create new session and write cookie", 1);
                    }
                    // Create new session and write cookie
                    $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
                    SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
                    $_USER = SESS_getUserDataFromId($userid);
                    $_USER['auto_login'] = true;
                }
            }
        } else {
            if ($_SESS_VERBOSE) {
                COM_errorLog("Permanent cookie not found", 1);
            }
            // Anonymous user has session id but it has been expired and wiped from the db so reset.
            // Or new anonymous user so create new session and write cookie.
            $userid = 1;
            $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
            SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
        }
    }
    if ($_SESS_VERBOSE) {
        COM_errorLog("*** Leaving SESS_sessionCheck ***", 1);
    }
    $_USER['session_id'] = $sessid;
}