예제 #1
0
 private static function StoreVolatile($action, $code, $expire)
 {
     $now = new DateTime('now');
     $newnonce = array('code' => $code, 'expire' => ulUtils::date_seconds_add($now, $expire)->format('c'));
     $nonces = array();
     if (isset($_SESSION['ulNonces'])) {
         $nonces = $_SESSION['ulNonces'];
     }
     $nonces[$action] = $newnonce;
     $_SESSION['ulNonces'] = $nonces;
     return true;
 }
 private function Lock($id)
 {
     if (isset($this->lock_acquired[$id])) {
         return true;
     }
     $session_expires = ulUtils::date_seconds_add(new DateTime(), $this->lifetime)->format(UL_DATETIME_FORMAT);
     $lock_expires = ulUtils::date_seconds_add(new DateTime(), $this->max_execution_time)->format(UL_DATETIME_FORMAT);
     // Try inserting a new session in every case, in a locked state
     $stmt = ulPdoDb::Prepare('session', "INSERT INTO ul_sessions (id, data, session_expires, lock_expires) VALUES (?, '', ?, ?)");
     if (!ulPdoDb::BindExec($stmt, NULL, array(&$id, 'str', &$session_expires, 'str', &$lock_expires, 'str'))) {
         if (ulPdoDb::ErrorCode() == '23000') {
             // The insert failed because of a duplicate key, meaning the session
             // already exists. So try to acquire a lock.
             // Acquire lock
             while (!isset($this->lock_acquired[$id])) {
                 $now = ulUtils::nowstring();
                 $session_expires = ulUtils::date_seconds_add(new DateTime(), $this->lifetime)->format(UL_DATETIME_FORMAT);
                 $lock_expires = ulUtils::date_seconds_add(new DateTime(), $this->max_execution_time)->format(UL_DATETIME_FORMAT);
                 $stmt = ulPdoDb::Prepare('session', 'UPDATE ul_sessions SET session_expires=?, lock_expires=? WHERE id=? AND lock_expires<?');
                 if (!ulPdoDb::BindExec($stmt, NULL, array(&$session_expires, 'str', &$lock_expires, 'str', &$id, 'str', &$now, 'str'))) {
                     ul_db_fail('Session management error.');
                     return false;
                 }
                 if ($stmt->rowCount() > 0) {
                     $this->lock_acquired[$id] = true;
                 } else {
                     usleep(100000);
                 }
                 // 100ms
             }
             // Okay, we have a lock and theoretically an exclusive access
         } else {
             // No, it wasn't a duplicate record... let's fail miserably.
             ul_db_fail('Session management error.');
             return false;
         }
     } else {
         $this->lock_acquired[$id] = true;
     }
     return true;
 }
 public static function Store($action, $code, $expire)
 {
     // Insert new nonce into database
     $nonce_expires = ulUtils::date_seconds_add(new DateTime(), $expire)->format(UL_DATETIME_FORMAT);
     $stmt = ulPdoDb::Prepare('session', 'INSERT INTO ul_nonces (code, action, nonce_expires) VALUES (?, ?, ?)');
     if (!ulPdoDb::BindExec($stmt, NULL, array(&$code, 'str', &$action, 'str', &$nonce_expires, 'str'))) {
         if (ulPdoDb::ErrorCode() == '23000') {
             // Probably, the action already exists
             $stmt = ulPdoDb::Prepare('session', 'UPDATE ul_nonces SET code=?, nonce_expires=? WHERE action=?');
             if (!ulPdoDb::BindExec($stmt, NULL, array(&$code, 'str', &$nonce_expires, 'str', &$action, 'str'))) {
                 ul_db_fail();
                 return false;
             }
         } else {
             // No, it wasn't a duplicate user... let's fail miserably.
             ul_db_fail();
             return false;
         }
     }
     return true;
 }
예제 #4
0
 public static function SetBlock($ip, $block)
 {
     $stmt = NULL;
     $query_ret = true;
     if ($block > 0) {
         // Insert new IP, or extend block if it already exists
         $block_expires = ulUtils::date_seconds_add(new DateTime(), $block)->format(UL_DATETIME_FORMAT);
         $stmt = ulPdoDb::Prepare('log', 'INSERT INTO ul_blocked_ips (ip, block_expires) VALUES (?, ?)');
         $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$ip, 'str', &$block_expires, 'str'));
         if (!$query_ret && ulPdoDb::ErrorCode() == '23000') {
             // IP already in the list, so update
             $stmt = ulPdoDb::Prepare('log', 'UPDATE ul_blocked_ips SET block_expires=? WHERE ip=?');
             $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$block_expires, 'str', &$ip, 'str'));
         }
     } else {
         $stmt = ulPdoDb::Prepare('log', 'DELETE FROM ul_blocked_ips WHERE ip=?');
         $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$ip, 'str'));
     }
     if (!$query_ret || $stmt->rowCount() == 0) {
         ul_db_fail();
         return false;
     }
     return true;
 }
 public function BlockUser($uid, $block_secs)
 {
     $stmt = NULL;
     $query_ret = true;
     if ($block_secs > 0) {
         $block_expires = ulUtils::date_seconds_add(new DateTime(), $block_secs)->format(UL_DATETIME_FORMAT);
         $stmt = ulPdoDb::Prepare('update', 'UPDATE ul_logins SET block_expires=? WHERE id=?');
         $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$block_expires, 'str', &$uid, 'int'));
     } else {
         $past = date_format(date_create('1000 years ago'), UL_DATETIME_FORMAT);
         $stmt = ulPdoDb::Prepare('update', 'UPDATE ul_logins SET block_expires=?  WHERE id=?');
         $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$past, 'str', &$uid, 'int'));
     }
     if ($query_ret === false) {
         ul_db_fail();
         return ulLoginBackend::BACKEND_ERROR;
     }
     if ($stmt->rowCount() == 0) {
         return ulLoginBackend::NO_SUCH_USER;
     }
     return true;
 }