public function __construct()
{
global $db, $user_prefix, $prefix, $MAIN_CFG, $SESS;
if ($this->user_id) {
return false;
}
$cookiename = $MAIN_CFG['cookie']['member'];
# MySQL has an SQL99 ISO incompatibility because it rtrim()s
# one specific binary data char (\x00 or \x20 version depended)
# Due to that we must pad our string with another character.
$visitor_ip = $db->binary_safe(NET::get_ip());
# Load Member cookie
$m_cookie = isset($_COOKIE[$cookiename]) ? $_COOKIE[$cookiename] : false;
# Member Logout
if ($m_cookie && !defined('ADMIN_PAGES') && isset($_GET['op']) && $_GET['op'] == 'logout') {
global $CPG_SESS;
unset($CPG_SESS['session_start']);
# re-initialize session
$_SESSION['CPG_USER'] = false;
$m_cookie = explode(':', base64_decode($m_cookie));
$db->sql_query('DELETE FROM ' . $prefix . "_session WHERE host_addr={$visitor_ip} AND guest<>1");
$db->sql_query('UPDATE ' . $user_prefix . '_users SET user_session_time=' . time() . ' WHERE user_id=' . intval($m_cookie[0]));
$this->setmemcookie();
$m_cookie = false;
} elseif (!$m_cookie && isset($_POST['ulogin'])) {
$m_cookie = $this->loginmember($visitor_ip);
}
$uid = 1;
$pwd = '';
if ($m_cookie) {
$m_cookie = explode(':', base64_decode($m_cookie));
$uid = intval($m_cookie[0]);
$pwd = $m_cookie[2];
}
$uid = $uid > 1 ? $uid : 1;
# If the current session already has the Member details
# load them else query the database
if (isset($_SESSION['CPG_USER']) && is_array($_SESSION['CPG_USER']) && $_SESSION['CPG_USER']['user_id'] == $uid && $_SESSION['CPG_USER']['user_password'] == $pwd) {
$member = $_SESSION['CPG_USER'];
} else {
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE user_id=' . $uid);
if ($db->sql_numrows($result) < 1) {
$this->setmemcookie();
$db->sql_freeresult($result);
$result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE user_id=1');
}
$member = $db->sql_fetchrow($result, SQL_ASSOC);
$db->sql_freeresult($result);
if ($member['user_id'] > 1 && ($member['user_password'] != $pwd || $member['user_password'] == '' || intval($member['user_level']) < 1)) {
$this->setmemcookie();
$member = $db->sql_ufetchrow('SELECT * FROM ' . $user_prefix . '_users WHERE user_id=1', SQL_ASSOC);
$db->sql_freeresult($result);
}
}
$this->user_id = $member['user_id'];
if ($this->user_id > 1) {
// if ($this->user_id > 1 && !isset($member['_mem_of_groups'])) {
$member['_mem_of_groups'] = array();
$result = $db->sql_uquery('SELECT g.group_id, g.group_name, g.group_single_user FROM ' . $prefix . '_bbgroups AS g INNER JOIN ' . $prefix . '_bbuser_group AS ug ON (ug.group_id=g.group_id AND ug.user_id=' . $this->user_id . ' AND ug.user_pending=0)');
while (list($g_id, $g_name, $single) = $db->sql_fetchrow($result, SQL_NUM)) {
$member['_mem_of_groups'][$g_id] = $single ? '' : $g_name;
}
} else {
$member['user_dst'] = $member['user_timezone'] = 0;
}
$member['user_ip'] = $visitor_ip;
$_SESSION['CPG_USER'] = $member;
$this->members[$this->user_id] =& $_SESSION['CPG_USER'];
// $this->members[$this->user_id] = $member;
$this->admin_id = false;
}
private static function flood()
{
global $db, $prefix, $MAIN_CFG;
$ip = NET::get_ip();
$ipn = $db->binary_safe($ip);
$delay = $MAIN_CFG['_security']['delay'];
$flood_time = $flood_count = 0;
$log = array();
$time = time();
if (!isset($_SESSION['SECURITY']['flood_start'])) {
$db->sql_query('DELETE FROM ' . $prefix . '_security_flood WHERE flood_time <= ' . $time);
} else {
$_SESSION['SECURITY']['flood_start'] = false;
}
if ($MAIN_CFG['_security']['debug'] || empty($_SESSION['SECURITY']['flood_time'])) {
# try to load time from log
if ($row = $db->sql_ufetchrow('SELECT * FROM ' . $prefix . '_security_flood WHERE flood_ip =' . $ipn, SQL_ASSOC)) {
if (!empty($row)) {
$flood_time = $row['flood_time'];
$flood_count = $row['flood_count'];
if (!empty($row['log']) && $MAIN_CFG['_security']['debug']) {
$log = unserialize($row['log']);
}
}
}
} else {
$flood_time = $_SESSION['SECURITY']['flood_time'];
$flood_count = $_SESSION['SECURITY']['flood_count'];
}
if ($flood_time >= $time) {
# die with message and report
++$flood_count;
if ($flood_count <= 5) {
if (empty($_SESSION['SECURITY']['shield']) && $flood_count > 2 && $flood_count <= 5) {
Security::flood_log($ipn, !empty($row), $delay, $time, $log, $flood_count);
global $LNG;
get_lang('errors');
$flood_time = ($flood_count + 1) * 2 / $delay;
header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable');
header('Retry-After: ' . $flood_time);
$msg = sprintf($LNG['_SECURITY_MSG']['_FLOOD'], $flood_time);
if ($flood_count == 5) {
$msg .= $LNG['_SECURITY_MSG']['Last_warning'];
}
$msg = sprintf(_JS_ALERT, $msg);
cpg_error($msg, 'Flood Protection');
}
} else {
if ($MAIN_CFG['_security']['debug']) {
if (!empty($log)) {
$log = Security::log_serializer($log);
} else {
if (!empty($_SESSION['FLOODING'])) {
$log = Security::log_serializer($_SESSION['FLOODING']);
}
}
$log = "'{$log}'";
if (!empty($_SESSION['SECURITY']['shield'])) {
if ($_SESSION['SECURITY']['shield'] == 4) {
list(, $ip4) = unpack('N', $ip);
$db->sql_query('UPDATE ' . $prefix . "_security SET log={$log} WHERE ban_type=8 AND (ban_ipv4_s = {$ip4} OR (ban_ipv4_s < {$ip4} AND ban_ipv4_e >= {$ip4}))");
} else {
$mac = strlen($ip) == 16 ? ' OR ban_ipn=' . $db->binary_safe(substr($ip, -8)) : '';
$db->sql_query('UPDATE ' . $prefix . "_security SET log={$log} WHERE ban_type=8 AND (ban_ipn={$ipn}{$mac})");
}
$flood_time = $_SESSION['SECURITY']['flood_time'] = 0;
$flood_count = $_SESSION['SECURITY']['flood_count'] = 0;
return;
}
} else {
$log = 'DEFAULT';
}
$db->sql_query('INSERT INTO ' . $prefix . "_security (ban_ipn, ban_type, ban_time, ban_details, log) VALUES ({$ipn}, '7', '" . ($time + $MAIN_CFG['_security']['bantime']) . "', 'Flooding detected by User-Agent:\n{$_SERVER['HTTP_USER_AGENT']}', {$log})", TRUE, TRUE);
global $SESS;
if (is_object($SESS)) {
$SESS->destroy();
}
cpg_error('', 803);
}
} else {
$log = null;
$flood_count = 0;
$_SESSION['FLOODING'] = array();
}
Security::flood_log($ipn, !empty($row), $delay, $time, $log, $flood_count);
}