/** * Authorize * * @access public * @return void */ public function __construct() { /* Make object */ $this->registry = ipsRegistry::instance(); $this->DB = $this->registry->DB(); $this->settings =& $this->registry->fetchSettings(); $this->request =& $this->registry->fetchRequest(); //-------------------------------------------- // Got a cookie wookey? //-------------------------------------------- $_adsess = ipsRegistry::$request['adsess']; $_time_out_mins = defined('IPB_ACP_SESSION_TIME_OUT') ? IPB_ACP_SESSION_TIME_OUT : 60; //----------------------------------------- // If the cookie doesn't match URL... use URL? //----------------------------------------- if ($_adsess) { $this->session_type = 'url'; ipsRegistry::$request['adsess'] = $_adsess; } //-------------------------------------------- // Continue... //-------------------------------------------- if (!ipsRegistry::$request['adsess']) { //-------------------------------------------- // No URL adsess found, lets log in. //-------------------------------------------- return $this->_response(0, ''); } else { //-------------------------------------------- // We have a URL adsess, lets verify... //-------------------------------------------- $this->DB->build(array('select' => '*', 'from' => 'core_sys_cp_sessions', 'where' => "session_id='" . IPSText::md5clean(ipsRegistry::$request['adsess']) . "'")); $this->DB->execute(); $session_data = $this->DB->fetch(); $_tab_data = unserialize($session_data['session_app_data']); $_tab_data = is_array($_tab_data) ? $_tab_data : array(); if ($session_data['session_id'] == "") { //-------------------------------------------- // Fail-safe, no DB record found, lets log in.. //-------------------------------------------- return $this->_response(0, ''); } else { if ($session_data['session_member_id'] == "") { //-------------------------------------------- // No member ID is stored, log in! //-------------------------------------------- return $this->_response(0, 'session_nomemberid'); } else { //-------------------------------------------- // Key is good, check the member details //-------------------------------------------- $this->DB->build(array('select' => 'm.*', 'from' => array('members' => 'm'), 'where' => "member_id=" . intval($session_data['session_member_id']), 'add_join' => array(0 => array('select' => 'g.*', 'from' => array('groups' => 'g'), 'where' => 'm.member_group_id=g.g_id', 'type' => 'left'), 1 => array('select' => 's.*', 'from' => array('core_sys_login' => 's'), 'where' => 's.sys_login_id = m.member_id', 'type' => 'left')))); $this->DB->execute(); self::$data_store = $this->DB->fetch(); self::$data_store = self::instance()->setUpSecondaryGroups(self::$data_store); //-------------------------------------------- // Get perms //-------------------------------------------- if (self::$data_store['member_id'] == "") { //-------------------------------------------- // Ut-oh, no such member, log in! //-------------------------------------------- return $this->_response(0, 'session_invalidmid'); } else { //-------------------------------------------- // Member found, check passy //-------------------------------------------- //if ( $session_data['session_member_login_key'] != self::$data_store['member_login_key'] ) //{ // //-------------------------------------------- // // Passys don't match.. // //-------------------------------------------- // // return $this->_response( 0, 'Session member password mismatch' ); //} //else //{ //-------------------------------------------- // Do we have admin access? //-------------------------------------------- if (self::$data_store['g_access_cp'] != 1) { return $this->_response(0, 'session_noaccess'); } else { $this->_validated = TRUE; } //} } } } } //-------------------------------------------- // If we're here, we're valid... //-------------------------------------------- if ($this->_validated === TRUE) { if ($session_data['session_running_time'] < time() - $_time_out_mins * 60) { $this->_validated = FALSE; return $this->_response(0, 'session_timeout'); } else { if (IPB_ACP_IP_MATCH) { $first_ip = preg_replace("/^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})/", "\\1.\\2.\\3", $session_data['session_ip_address']); $second_ip = preg_replace("/^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})/", "\\1.\\2.\\3", self::instance()->ip_address); if ($first_ip != $second_ip) { $this->_validated = FALSE; return $this->_response(0, 'session_mismatchip'); } } } self::setMember(self::$data_store['member_id']); //----------------------------------------- // Fix up secondary groups //----------------------------------------- if (self::$data_store['mgroup_others']) { $groups_id = explode(',', self::$data_store['mgroup_others']); $masks = array(); $cache = ipsRegistry::cache()->getCache('group_cache'); if (count($groups_id)) { foreach ($groups_id as $pid) { if (!isset($cache[$pid]['g_id']) or !$cache[$pid]['g_id']) { continue; } //----------------------------------------- // Got masks? //----------------------------------------- if ($cache[$pid]['g_perm_id']) { self::$data_store['g_perm_id'] .= ',' . $cache[$pid]['g_perm_id']; } } } } //----------------------------------------- // Current Location, used for online list //----------------------------------------- $module = ipsRegistry::$request['module'] != 'ajax' ? ipsRegistry::$request['module'] : $session_data['session_location']; $location = $session_data['session_url']; if (IPS_APP_COMPONENT && ipsRegistry::$request['module'] != 'ajax') { $location = str_ireplace("login=yes", "", ipsRegistry::$settings['query_string_safe']); $location = ltrim($location, '?'); $location = preg_replace("!adsess=(\\w){32}!", "", $location); $location = preg_replace("!&mshow=(.+?)*!i", "", $location); $location = preg_replace("!&st=(.+?)*!i", "", $location); $location = preg_replace("!&messageinabottleacp=(.+?)*!i", "", $location); } /* Compare user-agent stuff */ $session_data['_session_app_data'] = unserialize($session_data['session_app_data']); if (is_array($session_data['_session_app_data']) and $session_data['_session_app_data']['uagent_key']) { if ($session_data['_session_app_data']['uagent_raw'] != self::instance()->user_agent) { $session_data['_session_app_data'] = self::_processUserAgent(); $session_data['_session_app_data']['uagent_raw'] = self::instance()->user_agent; } } else { $session_data['_session_app_data'] = self::_processUserAgent(); $session_data['_session_app_data']['uagent_raw'] = self::instance()->user_agent; } //----------------------------------------- // Done... //----------------------------------------- $this->DB->update('core_sys_cp_sessions', array('session_running_time' => time(), 'session_location' => $module, 'session_url' => $location, 'session_app_data' => serialize($session_data['_session_app_data']), 'session_member_name' => self::$data_store['members_display_name']), 'session_member_id=' . intval(self::$data_store['member_id']) . " and session_id='" . ipsRegistry::$request['adsess'] . "'"); return $this->_response(1, '', $session_data['_session_app_data']); } }