/**
* Reset all login keys for the specified user
* Called on password changes
*/
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata, $board_config;
$key_sql = $user_id == $userdata['user_id'] && !empty($userdata['session_key']) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "\n\t\t\t{$key_sql}";
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
}
$where_sql = 'session_user_id = ' . (int) $user_id;
$where_sql .= $user_id == $userdata['user_id'] ? " AND session_id <> '" . $userdata['session_id'] . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\tWHERE {$where_sql}";
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql);
}
if (!empty($key_sql)) {
$auto_login_key = dss_rand() . dss_rand();
$current_time = time();
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "\n\t\t\tSET last_ip = '{$user_ip}', key_id = '" . md5($auto_login_key) . "', last_login = {$current_time}\n\t\t\tWHERE key_id = '" . md5($userdata['session_key']) . "'";
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $auto_login_key;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
$userdata['session_key'] = $auto_login_key;
unset($sessiondata);
unset($auto_login_key);
}
}
}
$db->sql_freeresult($result);
$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . " \n\t\t\tWHERE session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result)) {
if ($row['attempts'] > 3) {
message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
}
}
$db->sql_freeresult($result);
// Generate the required confirmation code
// NB 0 (zero) could get confused with O (the letter) so we make change it
$code = dss_rand();
$code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6);
$confirm_id = md5(uniqid($user_ip));
$sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) \n\t\t\tVALUES ('{$confirm_id}', '" . $userdata['session_id'] . "', '{$code}')";
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
}
unset($code);
$confirm_image = '<img src="' . append_sid("profile.{$phpEx}?mode=confirm&id={$confirm_id}") . '" alt="" title="" />';
$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
$template->assign_block_vars('switch_confirm', array());
}
//
// Let's do an overall check for settings/versions which would prevent
// us from doing file uploads....
//
function make_bbcode_uid()
{
// Unique ID for this message..
$uid = dss_rand();
$uid = substr($uid, 0, BBCODE_UID_LEN);
return $uid;
}
function gen_rand_string($hash)
{
$rand_str = dss_rand();
return $hash ? md5($rand_str) : substr($rand_str, 8);
}
} else {
exit;
}
/**
* The next part is orginnaly written by ted from mastercode.nl and modified for using in this mod.
**/
header("content-type:image/png");
header('Cache-control: no-cache, no-store');
$width = 250;
$height = 60;
$img = imagecreatetruecolor($width, $height);
$background = imagecolorallocate($img, color("bg"), color("bg"), color("bg"));
srand(make_seed());
imagefilledrectangle($img, 0, 0, 249, 59, $background);
for ($g = 0; $g < 30; $g++) {
$t = dss_rand();
$t = $t[0];
$ypos = rand(0, $height);
$xpos = rand(0, $width);
$kleur = imagecolorallocate($img, color("bgtekst"), color("bgtekst"), color("bgtekst"));
imagettftext($img, size(), move(), $xpos, $ypos, $kleur, font(), $t);
}
$stukje = $width / (strlen($code) + 3);
for ($j = 0; $j < strlen($code); $j++) {
$tek = $code[$j];
$ypos = rand(35, 41);
$xpos = $stukje * ($j + 1);
$color2 = imagecolorallocate($img, color("tekst"), color("tekst"), color("tekst"));
imagettftext($img, size(), move(), $xpos, $ypos, $color2, font(), $tek);
}
imagepng($img);
/**
* Return unique id
* @param string $extra additional entropy
*/
function unique_id($extra = 'c')
{
return dss_rand();
}
function generateRegisterID()
{
global $userdata;
#Generate and delete old confirm ID's from the confirm table based
#upon inactive sessions
$sql = 'SELECT session_id FROM sessions';
$result = mysql_query($sql);
if (!$result) {
return "Error";
}
$confirm_sql = '';
$count = 0;
while ($count < mysql_num_rows($result)) {
$confirm_sql .= ($confirm_sql != '' ? ', ' : '') . "'" . mysql_result($result, $count, 0) . "'";
$count++;
}
mysql_free_result($result);
$sql = "DELETE FROM confirm WHERE session_id NOT IN ({$confirm_sql})";
$result = mysql_query($sql);
if (!$result) {
return "Error";
}
#
# Check number of create requests
#
$sql = "SELECT COUNT(session_id) AS attempts from confirm WHERE session_id = '" . $userdata['session_id'] . "'";
$result = mysql_query($sql);
if (!$result) {
return "Error";
}
if (mysql_result($result, 0, 0) > 3) {
return "Error";
}
mysql_free_result($result);
// Generate the required confirmation code
// NB 0 (zero) could get confused with O (the letter) so we make change it
$code = dss_rand();
$code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6);
$confirm_id = md5(uniqid($user_ip));
$sql = "INSERT INTO confirm (confirm_id, session_id, code) VALUES ('{$confirm_id}', '" . $userdata['session_id'] . "', '{$code}')";
$result = mysql_query($sql);
if (!$result) {
return "Error";
}
unset($code);
return $confirm_id;
}
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0)
{
global $db, $board_config;
global $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
if (isset($_COOKIE[$cookiename . '_sid']) || isset($_COOKIE[$cookiename . '_data'])) {
$session_id = isset($_COOKIE[$cookiename . '_sid']) ? $_COOKIE[$cookiename . '_sid'] : '';
$sessiondata = isset($_COOKIE[$cookiename . '_data']) ? unserialize(stripslashes($_COOKIE[$cookiename . '_data'])) : array();
$sessionmethod = SESSION_METHOD_COOKIE;
} else {
$sessiondata = array();
$session_id = isset($_GET['sid']) ? $_GET['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
//
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) {
$session_id = '';
}
$page_id = (int) $page_id;
$last_visit = 0;
$current_time = time();
// Begin PNphpBB2 Module
/*
//
// Are auto-logins allowed?
// If allow_autologin is not set or is true then they are
// (same behaviour as old 2.0.x session code)
//
if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin'])
{
$enable_autologin = $sessiondata['autologinid'] = false;
}
//
// First off attempt to join with the autologin value if we have one
// If not, just use the user_id value
//
$userdata = array();
if ($user_id != ANONYMOUS)
{
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id)
{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $user_id . "
AND u.user_active = 1
AND k.user_id = u.user_id
AND k.key_id = '" . md5($sessiondata['autologinid']) . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$enable_autologin = $login = 1;
}
else if (!$auto_create)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id . '
AND user_active = 1';
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$login = 1;
}
}
//
// At this point either $userdata should be populated or
// one of the below is true
// * Key didn't match one in the DB
// * User does not exist
// * User is inactive
//
if (!sizeof($userdata) || !is_array($userdata) || !$userdata)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id = ANONYMOUS;
$enable_autologin = $login = 0;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id;
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
*/
if (UserUtil::isLoggedIn()) {
$user_id = UserUtil::getVar('uid');
// Does the user have admin rights?
$admin = SecurityUtil::checkPermission('ZphpBB2::', '::', ACCESS_ADMIN) ? 1 : 0;
// ZphpBB2 => Main user synchronization
ZphpBB2_Util::phpBBupdateAccountById($user_id);
// <= ZphpBB2
} else {
$user_id = ANONYMOUS;
// -1
}
$sql = "SELECT * \n FROM " . USERS_TABLE . " \n WHERE user_id = {$user_id}";
if (!($result = $db->sql_query($sql))) {
message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
if ($user_id != ANONYMOUS) {
if ($auto_create) {
if ($userdata['user_active']) {
// We have to login automagically
$login = 1;
} else {
// Autologin is not set. Don't login, set as anonymous user
$login = 0;
$user_id = $userdata['user_id'] = ANONYMOUS;
$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
$result = $db->sql_query($sql);
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
} else {
$login = 1;
}
} else {
$login = 0;
}
// End PNphpBB2 Module
//
// Initial ban check against user id, IP and email address
//
preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
$sql = "SELECT ban_ip, ban_userid, ban_email \n FROM " . BANLIST_TABLE . " \n WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')\n OR ban_userid = {$user_id}";
if ($user_id != ANONYMOUS) {
$sql .= " OR ban_email LIKE '" . str_replace("\\'", "''", $userdata['user_email']) . "' \n OR ban_email LIKE '" . substr(str_replace("\\'", "''", $userdata['user_email']), strpos(str_replace("\\'", "''", $userdata['user_email']), "@")) . "'";
}
if (!($result = $db->sql_query($sql))) {
message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
}
if ($ban_info = $db->sql_fetchrow($result)) {
if ($ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email']) {
message_die(CRITICAL_MESSAGE, 'You_been_banned');
}
}
//
// Create or update the session
//
// Begin PNphpBB2 Module
// -- Remove session_admin
// $sql = "UPDATE " . SESSIONS_TABLE . "
// SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin
// WHERE session_id = '" . $session_id . "'
// AND session_ip = '$user_ip'";
$sql = "UPDATE " . SESSIONS_TABLE . "\n SET session_user_id = {$user_id}, session_start = {$current_time}, session_time = {$current_time}, session_page = {$page_id}, session_logged_in = {$login}\n WHERE session_id = '" . $session_id . "' \n AND session_ip = '{$user_ip}'";
// End PNphpBB2 Module
if (!$db->sql_query($sql) || !$db->sql_affectedrows()) {
$session_id = md5(dss_rand());
// Begin PNphpBB2 Module
// -- Remove session_admin
// $sql = "INSERT INTO " . SESSIONS_TABLE . "
// (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
// VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
$sql = "INSERT INTO " . SESSIONS_TABLE . "\n (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)\n VALUES ('{$session_id}', {$user_id}, {$current_time}, {$current_time}, '{$user_ip}', {$page_id}, {$login})";
// End PNphpBB2 Module
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
}
}
if ($user_id != ANONYMOUS) {
$last_visit = $userdata['user_session_time'] > 0 ? $userdata['user_session_time'] : $current_time;
// Begin PNphpBB2 Module
// if (!$admin)
// {
// End PNphpBB2 Module
$sql = "UPDATE " . USERS_TABLE . " \n SET user_session_time = {$current_time}, user_session_page = {$page_id}, user_lastvisit = {$last_visit}\n WHERE user_id = {$user_id}";
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
}
// Begin PNphpBB2 Module
// }
// End PNphpBB2 Module
$userdata['user_lastvisit'] = $last_visit;
// Begin PNphpBB2 Module
/*
//
// Regenerate the auto-login key
//
if ($enable_autologin)
{
$auto_login_key = dss_rand() . dss_rand();
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
{
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($sessiondata['autologinid']) . "'";
}
else
{
$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login)
VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)";
}
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
$sessiondata['autologinid'] = $auto_login_key;
unset($auto_login_key);
}
else
{
$sessiondata['autologinid'] = '';
}
// $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
*/
// End PNphpBB2 Module
$sessiondata['userid'] = $user_id;
}
$userdata['session_id'] = $session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
// Begin PNphpBB2 Module
// $userdata['session_admin'] = $admin;
// $userdata['session_key'] = $sessiondata['autologinid'];
// End PNphpBB2 Module
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
$SID = 'sid=' . $session_id;
return $userdata;
}
