function rss_session_end()
{
global $db, $user;
$session_id = $user->data['session_id'];
$user_id = $user->data['user_id'];
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\tWHERE session_id = '" . $db->sql_escape($session_id) . "'\n\t\tAND session_user_id = {$user_id}";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result) {
ExitWithHeader("500 Internal Server Error", "Error delete session");
}
}
function rss_session_begin($user_id, $user_ip, $page_id)
{
global $db, $board_config, $HTTP_SERVER_VARS;
$page_id = (int) $page_id;
$user_id = (int) $user_id;
$password = md5($HTTP_SERVER_VARS['PHP_AUTH_PW']);
$last_visit = 0;
$current_time = time();
$expiry_time = $current_time - $board_config['session_length'];
$sql = "SELECT *\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE user_id = {$user_id}";
if (!($result = $db->sql_query($sql))) {
ExitWithHeader('500 Internal Server Error', 'Could not obtain lastvisit data from user table');
}
$userdata = $db->sql_fetchrow($result);
if ($user_id != ANONYMOUS && (!$userdata || $password != $userdata['user_password'])) {
ExitWithHeader('500 Internal Server Error', 'Error while create session');
}
$login = $user_id != ANONYMOUS ? 1 : 0;
//
// Initial ban check against user id, IP and email address
//
preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
$sql = "SELECT ban_ip, ban_userid, ban_email\n\t\tFROM " . BANLIST_TABLE . "\n\t\tWHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')\n\t\t\tOR ban_userid = {$user_id}";
if ($user_id != ANONYMOUS) {
$sql .= " OR ban_email LIKE '" . str_replace("\\'", "''", $userdata['user_email']) . "'\n\t\t\tOR ban_email LIKE '" . substr(str_replace("\\'", "''", $userdata['user_email']), strpos(str_replace("\\'", "''", $userdata['user_email']), "@")) . "'";
}
if (!($result = $db->sql_query($sql))) {
ExitWithHeader("500 Internal Server Error", "Could not obtain ban information");
}
if ($ban_info = $db->sql_fetchrow($result)) {
if ($ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email']) {
ExitWithHeader("403 Forbidden", "You been banned");
}
}
$session_id = md5(uniqid($user_ip));
$sql = "INSERT INTO " . SESSIONS_TABLE . "\n\t\t\t(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)\n\t\t\tVALUES ('{$session_id}', {$user_id}, {$current_time}, {$current_time}, '{$user_ip}', {$page_id}, {$login})";
if (!$db->sql_query($sql)) {
ExitWithHeader("500 Internal Server Error", "Error creating new session");
}
$last_visit = $userdata['user_session_time'] > 0 ? $userdata['user_session_time'] : $current_time;
$sql = "UPDATE " . USERS_TABLE . " SET user_session_time = {$current_time}, user_session_page = {$page_id}, user_lastvisit = {$last_visit} ";
if (LV_MOD_INSTALLED) {
$sql .= ",user_lastlogon={$current_time}, user_totallogon=user_totallogon+1";
}
$sql .= " WHERE user_id = {$user_id}";
if (!$db->sql_query($sql)) {
ExitWithHeader("500 Internal Server Error", 'Error updating last visit time');
}
$userdata['user_lastvisit'] = $last_visit;
$userdata['session_id'] = $session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
return $userdata;
}
}
}
// Check for E-Tag
if($LastPostTime == 0)
{
$LastPostTime = $deadline;
}
$MyETag = '"RSS' . gmdate('YmdHis', $LastPostTime) . $verinfo . '"';
$MyGMTtime = gmdate('D, d M Y H:i:s', $LastPostTime) . ' GMT';
if(isset($_SERVER['HTTP_IF_NONE_MATCH'])&& ($_SERVER['HTTP_IF_NONE_MATCH']== $MyETag))
{
ExitWithHeader('304 Not Modified');
}
if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && ($_SERVER['HTTP_IF_MODIFIED_SINCE'] == $MyGMTtime))
{
ExitWithHeader('304 Not Modified');
}
// BEGIN XML and nocaching headers (copied from page_header.php)
if(!empty($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache/2'))
{
header('Cache-Control: no-cache, pre-check=0, post-check=0, max-age=0');
}
else
{
header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
}
header('Last-Modified: ' . $MyGMTtime);
header('Etag: ' . $MyETag);
header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
header('Content-Type: text/xml; charset=' . $encoding_charset);
if (!$db->sql_query($sql)) {
ExitWithHeader("500 Internal Server Error", 'Error updating user totalpages ');
}
}
}
// Check for E-Tag
if ($LastPostTime == 0) {
$LastPostTime = $deadline;
}
$MyETag = '"RSS' . gmdate("YmdHis", $LastPostTime) . $verinfo . '"';
$MyGMTtime = gmdate("D, d M Y H:i:s", $LastPostTime) . " GMT";
if (isset($HTTP_SERVER_VARS['HTTP_IF_NONE_MATCH']) && $HTTP_SERVER_VARS['HTTP_IF_NONE_MATCH'] == $MyETag) {
ExitWithHeader("304 Not Modified");
}
if (isset($HTTP_SERVER_VARS['HTTP_IF_MODIFIED_SINCE']) && $HTTP_SERVER_VARS['HTTP_IF_MODIFIED_SINCE'] == $MyGMTtime) {
ExitWithHeader("304 Not Modified");
}
//
// BEGIN XML and nocaching headers (copied from page_header.php)
//
if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) {
header('Cache-Control: no-cache, pre-check=0, post-check=0, max-age=0');
} else {
header('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
}
header("Last-Modified: " . $MyGMTtime);
header("Etag: " . $MyETag);
header("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Content-Type: text/xml; charset=' . $lang['ENCODING']);
//
// End XML and nocaching headers