/** * Returns the active virtual session object or null. * * @param string $sessionID * @return \wcf\data\session\virtual\SessionVirtual */ public static function getExistingSession($sessionID) { $sql = "SELECT\t*\n\t\t\tFROM\t" . static::getDatabaseTableName() . "\n\t\t\tWHERE\tsessionID = ?\n\t\t\t\tAND ipAddress = ?\n\t\t\t\tAND userAgent = ?"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array($sessionID, UserUtil::getIpAddress(), UserUtil::getUserAgent())); return $statement->fetchObject(__CLASS__); }
/** * @see \wcf\system\event\listener\IParameterizedEventListener::execute() */ public function execute($eventObj, $className, $eventName, array &$parameters) { if (WCF::getUser()->userID && WCF::getSession()->getPermission('admin.general.canUseAcp') && !defined(get_class($eventObj) . '::DO_NOT_LOG')) { // try to find existing session log $sql = "SELECT\tsessionLogID\n\t\t\t\tFROM\twcf" . WCF_N . "_acp_session_log\n\t\t\t\tWHERE\tsessionID = ?\n\t\t\t\t\tAND lastActivityTime >= ?"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array(WCF::getSession()->sessionID, TIME_NOW - SESSION_TIMEOUT)); $row = $statement->fetchArray(); if (!empty($row['sessionLogID'])) { $sessionLogID = $row['sessionLogID']; $sessionLogEditor = new ACPSessionLogEditor(new ACPSessionLog(null, array('sessionLogID' => $sessionLogID))); $sessionLogEditor->update(array('lastActivityTime' => TIME_NOW)); } else { // create new session log $sessionLog = ACPSessionLogEditor::create(array('sessionID' => WCF::getSession()->sessionID, 'userID' => WCF::getUser()->userID, 'ipAddress' => UserUtil::getIpAddress(), 'hostname' => @gethostbyaddr(WCF::getSession()->ipAddress), 'userAgent' => WCF::getSession()->userAgent, 'time' => TIME_NOW, 'lastActivityTime' => TIME_NOW)); $sessionLogID = $sessionLog->sessionLogID; } // format request uri $requestURI = WCF::getSession()->requestURI; // remove directories $URIComponents = explode('/', $requestURI); $requestURI = array_pop($URIComponents); // remove session url $requestURI = preg_replace('/(?:\\?|&)s=[a-f0-9]{40}/', '', $requestURI); // save access ACPSessionAccessLogEditor::create(array('sessionLogID' => $sessionLogID, 'ipAddress' => UserUtil::getIpAddress(), 'time' => TIME_NOW, 'requestURI' => $requestURI, 'requestMethod' => WCF::getSession()->requestMethod, 'className' => get_class($eventObj))); } }
/** * Attention: This method does not always return a new object, in case a matching virtual session * already exists, the existing session will be returned rather than a new session being created. * * @see \wcf\data\AbstractDatabaseObjectAction::create() */ public function create() { // try to find an existing virtual session $baseClass = call_user_func(array($this->className, 'getBaseClass')); $virtualSession = call_user_func(array($baseClass, 'getExistingSession'), $this->parameters['data']['sessionID']); if ($virtualSession !== null) { return $virtualSession; } if (!isset($this->parameters['data']['lastActivityTime'])) { $this->parameters['data']['lastActivityTime'] = TIME_NOW; } if (!isset($this->parameters['data']['ipAddress'])) { $this->parameters['data']['ipAddress'] = UserUtil::getIpAddress(); } if (!isset($this->parameters['data']['userAgent'])) { $this->parameters['data']['userAgent'] = UserUtil::getUserAgent(); } return parent::create(); }
/** * Validates response. * * @param string $response */ public function validate($response) { // fail if response is empty to avoid sending api requests if (empty($response)) { throw new UserInputException('recaptchaString', 'false'); } $request = new HTTPRequest('https://www.google.com/recaptcha/api/siteverify?secret=' . rawurlencode(RECAPTCHA_PRIVATEKEY) . '&response=' . rawurlencode($response) . '&remoteip=' . rawurlencode(UserUtil::getIpAddress()), array('timeout' => 10)); try { $request->execute(); $reply = $request->getReply(); $data = JSON::decode($reply['body']); if ($data['success']) { // yeah } else { throw new UserInputException('recaptchaString', 'false'); } } catch (SystemException $e) { // log error, but accept captcha $e->getExceptionID(); } WCF::getSession()->register('recaptchaDone', true); }
/** * Queries server to verify successful response. * * @param string $challenge * @param string $response */ protected function verify($challenge, $response) { $request = new HTTPRequest('http://www.google.com/recaptcha/api/verify', array('timeout' => 10), array('privatekey' => $this->privateKey, 'remoteip' => UserUtil::getIpAddress(), 'challenge' => $challenge, 'response' => $response)); try { $request->execute(); $reply = $request->getReply(); $reCaptchaResponse = explode("\n", $reply['body']); if (StringUtil::trim($reCaptchaResponse[0]) === "true") { return self::VALID_ANSWER; } else { return StringUtil::trim($reCaptchaResponse[1]); } } catch (SystemException $e) { return self::ERROR_NOT_REACHABLE; } }
/** * Searches for existing session of a search spider. * * @param integer $spiderID * @return \wcf\data\session\Session */ protected function getExistingSpiderSession($spiderID) { $sql = "SELECT\t*\n\t\t\tFROM\twcf" . WCF_N . "_session\n\t\t\tWHERE\tspiderID = ?\n\t\t\t\tAND userID IS NULL"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array($spiderID)); $row = $statement->fetchArray(); if ($row !== false) { // fix session validation $row['ipAddress'] = UserUtil::getIpAddress(); $row['userAgent'] = UserUtil::getUserAgent(); // return session object return new $this->sessionClassName(null, $row); } return null; }
/** * Updates user session on shutdown. */ public function update() { if ($this->doNotUpdate) return; // set up data $data = array( 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => $this->userAgent, 'requestURI' => $this->requestURI, 'requestMethod' => $this->requestMethod, 'lastActivityTime' => TIME_NOW ); if (PACKAGE_ID && RequestHandler::getInstance()->getActiveRequest() && RequestHandler::getInstance()->getActiveRequest()->getRequestObject() instanceof ITrackablePage && RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->isTracked()) { $data['controller'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getController(); $data['parentObjectType'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getParentObjectType(); $data['parentObjectID'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getParentObjectID(); $data['objectType'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getObjectType(); $data['objectID'] = RequestHandler::getInstance()->getActiveRequest()->getRequestObject()->getObjectID(); } if ($this->variablesChanged) { $data['sessionVariables'] = serialize($this->variables); } // update session $sessionEditor = new $this->sessionEditorClassName($this->session); $sessionEditor->update($data); }
/** * @see \wcf\form\IForm::submit() */ public function submit() { parent::submit(); // save authentication failure if (ENABLE_USER_AUTHENTICATION_FAILURE) { if ($this->errorField == 'username' || $this->errorField == 'password') { $action = new UserAuthenticationFailureAction(array(), 'create', array('data' => array('environment' => RequestHandler::getInstance()->isACPRequest() ? 'admin' : 'user', 'userID' => $this->user !== null ? $this->user->userID : null, 'username' => $this->username, 'time' => TIME_NOW, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent()))); $action->executeAction(); if ($this->captchaObjectType) { $this->captchaObjectType->getProcessor()->reset(); } } } }
/** * Creates a new session. */ protected function create() { // create new session hash $sessionID = StringUtil::getRandomID(); // get user automatically $this->user = UserAuthenticationFactory::getUserAuthentication()->loginAutomatically(call_user_func(array($this->sessionClassName, 'supportsPersistentLogins'))); // create user if ($this->user === null) { // no valid user found // create guest user $this->user = new User(null); } if ($this->user->userID != 0) { // user is no guest // delete all other sessions of this user call_user_func(array($this->sessionEditorClassName, 'deleteUserSessions'), array($this->user->userID)); } // save session $this->session = call_user_func(array($this->sessionEditorClassName, 'create'), array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'userID' => $this->user->userID, 'username' => $this->user->username === null ? '' : $this->user->username, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '')); }