private function Lock($id)
{
if (isset($this->lock_acquired[$id])) {
return true;
}
$session_expires = ulUtils::date_seconds_add(new DateTime(), $this->lifetime)->format(UL_DATETIME_FORMAT);
$lock_expires = ulUtils::date_seconds_add(new DateTime(), $this->max_execution_time)->format(UL_DATETIME_FORMAT);
// Try inserting a new session in every case, in a locked state
$stmt = ulPdoDb::Prepare('session', "INSERT INTO ul_sessions (id, data, session_expires, lock_expires) VALUES (?, '', ?, ?)");
if (!ulPdoDb::BindExec($stmt, NULL, array(&$id, 'str', &$session_expires, 'str', &$lock_expires, 'str'))) {
if (ulPdoDb::ErrorCode() == '23000') {
// The insert failed because of a duplicate key, meaning the session
// already exists. So try to acquire a lock.
// Acquire lock
while (!isset($this->lock_acquired[$id])) {
$now = ulUtils::nowstring();
$session_expires = ulUtils::date_seconds_add(new DateTime(), $this->lifetime)->format(UL_DATETIME_FORMAT);
$lock_expires = ulUtils::date_seconds_add(new DateTime(), $this->max_execution_time)->format(UL_DATETIME_FORMAT);
$stmt = ulPdoDb::Prepare('session', 'UPDATE ul_sessions SET session_expires=?, lock_expires=? WHERE id=? AND lock_expires<?');
if (!ulPdoDb::BindExec($stmt, NULL, array(&$session_expires, 'str', &$lock_expires, 'str', &$id, 'str', &$now, 'str'))) {
ul_db_fail('Session management error.');
return false;
}
if ($stmt->rowCount() > 0) {
$this->lock_acquired[$id] = true;
} else {
usleep(100000);
}
// 100ms
}
// Okay, we have a lock and theoretically an exclusive access
} else {
// No, it wasn't a duplicate record... let's fail miserably.
ul_db_fail('Session management error.');
return false;
}
} else {
$this->lock_acquired[$id] = true;
}
return true;
}
public static function Store($action, $code, $expire)
{
// Insert new nonce into database
$nonce_expires = ulUtils::date_seconds_add(new DateTime(), $expire)->format(UL_DATETIME_FORMAT);
$stmt = ulPdoDb::Prepare('session', 'INSERT INTO ul_nonces (code, action, nonce_expires) VALUES (?, ?, ?)');
if (!ulPdoDb::BindExec($stmt, NULL, array(&$code, 'str', &$action, 'str', &$nonce_expires, 'str'))) {
if (ulPdoDb::ErrorCode() == '23000') {
// Probably, the action already exists
$stmt = ulPdoDb::Prepare('session', 'UPDATE ul_nonces SET code=?, nonce_expires=? WHERE action=?');
if (!ulPdoDb::BindExec($stmt, NULL, array(&$code, 'str', &$nonce_expires, 'str', &$action, 'str'))) {
ul_db_fail();
return false;
}
} else {
// No, it wasn't a duplicate user... let's fail miserably.
ul_db_fail();
return false;
}
}
return true;
}
public static function SetBlock($ip, $block)
{
$stmt = NULL;
$query_ret = true;
if ($block > 0) {
// Insert new IP, or extend block if it already exists
$block_expires = ulUtils::date_seconds_add(new DateTime(), $block)->format(UL_DATETIME_FORMAT);
$stmt = ulPdoDb::Prepare('log', 'INSERT INTO ul_blocked_ips (ip, block_expires) VALUES (?, ?)');
$query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$ip, 'str', &$block_expires, 'str'));
if (!$query_ret && ulPdoDb::ErrorCode() == '23000') {
// IP already in the list, so update
$stmt = ulPdoDb::Prepare('log', 'UPDATE ul_blocked_ips SET block_expires=? WHERE ip=?');
$query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$block_expires, 'str', &$ip, 'str'));
}
} else {
$stmt = ulPdoDb::Prepare('log', 'DELETE FROM ul_blocked_ips WHERE ip=?');
$query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$ip, 'str'));
}
if (!$query_ret || $stmt->rowCount() == 0) {
ul_db_fail();
return false;
}
return true;
}
function ul_db_fail()
{
ul_fail('DB error ' . ulPdoDb::ErrorCode() . ': ' . ulPdoDb::ErrorMsg());
}
function CreateLogin($username, $password, $profile)
{
// Create password hash with a new salt
$hashed_password = ulPassword::Hash($password, UL_PWD_FUNC);
$now = ulUtils::nowstring();
$past = date_format(date_create('1000 years ago'), UL_DATETIME_FORMAT);
$stmt = ulPdoDb::Prepare('update', 'INSERT INTO ul_logins (username, password, date_created, last_login, block_expires) VALUES (?, ?, ?, ?, ?)');
if (!ulPdoDb::BindExec($stmt, NULL, array(&$username, 'str', &$hashed_password, 'str', &$now, 'str', &$now, 'str', &$past, 'str'))) {
if (ulPdoDb::ErrorCode() == '23000') {
// Probably, the user already exists
return ulLoginBackend::ALREADY_EXISTS;
} else {
// No, it wasn't a duplicate user... let's fail miserably.
return ulLoginBackend::BACKEND_ERROR;
}
}
return true;
}