//
if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username'])) {
message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
}
//
// Did the user submit? In this case build a query to update the users profile in the DB
//
// Begin PNphpBB2 Module
if (isset($_POST['changeprofile'])) {
// Zikula change user info
System::redirect(ModUtil::url(System::getVar('profilemodule', ''), 'user', 'modify'));
}
if (isset($_POST['refreshprofile'])) {
$user_id = intval($_POST['user_id']);
// ZphpBB2 => Main user synchronization
if (ZphpBB2_Util::phpBBupdateAccountById($user_id)) {
$message = $lang['Profile_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index") . '">', '</a>');
$template->assign_vars(array("META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("profile&mode=editprofile") . '">'));
message_die(GENERAL_MESSAGE, $message);
}
// <= ZphpBB2
}
if (isset($_POST['getpnavatar'])) {
$user_id = intval($_POST['user_id']);
// Get Zikula Avatar
// ZphpBB2 =>
$userZkAttrib = UserUtil::getVar('__ATTRIBUTES__');
if ($userZkAttrib['avatar'] != "blank.gif") {
$sql = "UPDATE " . USERS_TABLE . " SET user_avatar = '" . DataUtil::formatForStore($userZkAttrib['avatar']) . "', user_avatar_type = 3 WHERE user_id = " . $user_id;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0)
{
global $db, $board_config;
global $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
if (isset($_COOKIE[$cookiename . '_sid']) || isset($_COOKIE[$cookiename . '_data'])) {
$session_id = isset($_COOKIE[$cookiename . '_sid']) ? $_COOKIE[$cookiename . '_sid'] : '';
$sessiondata = isset($_COOKIE[$cookiename . '_data']) ? unserialize(stripslashes($_COOKIE[$cookiename . '_data'])) : array();
$sessionmethod = SESSION_METHOD_COOKIE;
} else {
$sessiondata = array();
$session_id = isset($_GET['sid']) ? $_GET['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
//
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) {
$session_id = '';
}
$page_id = (int) $page_id;
$last_visit = 0;
$current_time = time();
// Begin PNphpBB2 Module
/*
//
// Are auto-logins allowed?
// If allow_autologin is not set or is true then they are
// (same behaviour as old 2.0.x session code)
//
if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin'])
{
$enable_autologin = $sessiondata['autologinid'] = false;
}
//
// First off attempt to join with the autologin value if we have one
// If not, just use the user_id value
//
$userdata = array();
if ($user_id != ANONYMOUS)
{
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id)
{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $user_id . "
AND u.user_active = 1
AND k.user_id = u.user_id
AND k.key_id = '" . md5($sessiondata['autologinid']) . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$enable_autologin = $login = 1;
}
else if (!$auto_create)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id . '
AND user_active = 1';
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$login = 1;
}
}
//
// At this point either $userdata should be populated or
// one of the below is true
// * Key didn't match one in the DB
// * User does not exist
// * User is inactive
//
if (!sizeof($userdata) || !is_array($userdata) || !$userdata)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id = ANONYMOUS;
$enable_autologin = $login = 0;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id;
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
*/
if (UserUtil::isLoggedIn()) {
$user_id = UserUtil::getVar('uid');
// Does the user have admin rights?
$admin = SecurityUtil::checkPermission('ZphpBB2::', '::', ACCESS_ADMIN) ? 1 : 0;
// ZphpBB2 => Main user synchronization
ZphpBB2_Util::phpBBupdateAccountById($user_id);
// <= ZphpBB2
} else {
$user_id = ANONYMOUS;
// -1
}
$sql = "SELECT * \n FROM " . USERS_TABLE . " \n WHERE user_id = {$user_id}";
if (!($result = $db->sql_query($sql))) {
message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
if ($user_id != ANONYMOUS) {
if ($auto_create) {
if ($userdata['user_active']) {
// We have to login automagically
$login = 1;
} else {
// Autologin is not set. Don't login, set as anonymous user
$login = 0;
$user_id = $userdata['user_id'] = ANONYMOUS;
$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
$result = $db->sql_query($sql);
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
} else {
$login = 1;
}
} else {
$login = 0;
}
// End PNphpBB2 Module
//
// Initial ban check against user id, IP and email address
//
preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
$sql = "SELECT ban_ip, ban_userid, ban_email \n FROM " . BANLIST_TABLE . " \n WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')\n OR ban_userid = {$user_id}";
if ($user_id != ANONYMOUS) {
$sql .= " OR ban_email LIKE '" . str_replace("\\'", "''", $userdata['user_email']) . "' \n OR ban_email LIKE '" . substr(str_replace("\\'", "''", $userdata['user_email']), strpos(str_replace("\\'", "''", $userdata['user_email']), "@")) . "'";
}
if (!($result = $db->sql_query($sql))) {
message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
}
if ($ban_info = $db->sql_fetchrow($result)) {
if ($ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email']) {
message_die(CRITICAL_MESSAGE, 'You_been_banned');
}
}
//
// Create or update the session
//
// Begin PNphpBB2 Module
// -- Remove session_admin
// $sql = "UPDATE " . SESSIONS_TABLE . "
// SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin
// WHERE session_id = '" . $session_id . "'
// AND session_ip = '$user_ip'";
$sql = "UPDATE " . SESSIONS_TABLE . "\n SET session_user_id = {$user_id}, session_start = {$current_time}, session_time = {$current_time}, session_page = {$page_id}, session_logged_in = {$login}\n WHERE session_id = '" . $session_id . "' \n AND session_ip = '{$user_ip}'";
// End PNphpBB2 Module
if (!$db->sql_query($sql) || !$db->sql_affectedrows()) {
$session_id = md5(dss_rand());
// Begin PNphpBB2 Module
// -- Remove session_admin
// $sql = "INSERT INTO " . SESSIONS_TABLE . "
// (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
// VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
$sql = "INSERT INTO " . SESSIONS_TABLE . "\n (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)\n VALUES ('{$session_id}', {$user_id}, {$current_time}, {$current_time}, '{$user_ip}', {$page_id}, {$login})";
// End PNphpBB2 Module
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
}
}
if ($user_id != ANONYMOUS) {
$last_visit = $userdata['user_session_time'] > 0 ? $userdata['user_session_time'] : $current_time;
// Begin PNphpBB2 Module
// if (!$admin)
// {
// End PNphpBB2 Module
$sql = "UPDATE " . USERS_TABLE . " \n SET user_session_time = {$current_time}, user_session_page = {$page_id}, user_lastvisit = {$last_visit}\n WHERE user_id = {$user_id}";
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
}
// Begin PNphpBB2 Module
// }
// End PNphpBB2 Module
$userdata['user_lastvisit'] = $last_visit;
// Begin PNphpBB2 Module
/*
//
// Regenerate the auto-login key
//
if ($enable_autologin)
{
$auto_login_key = dss_rand() . dss_rand();
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
{
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($sessiondata['autologinid']) . "'";
}
else
{
$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login)
VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)";
}
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
$sessiondata['autologinid'] = $auto_login_key;
unset($auto_login_key);
}
else
{
$sessiondata['autologinid'] = '';
}
// $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
*/
// End PNphpBB2 Module
$sessiondata['userid'] = $user_id;
}
$userdata['session_id'] = $session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
// Begin PNphpBB2 Module
// $userdata['session_admin'] = $admin;
// $userdata['session_key'] = $sessiondata['autologinid'];
// End PNphpBB2 Module
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
$SID = 'sid=' . $session_id;
return $userdata;
}
