function establish_admin_session()
{
global $MEMBER_CACHED;
require_code('users_active_actions');
$MEMBER_CACHED = restricted_manually_enabled_backdoor();
$this->dump($this->_browser->getContent());
}
/**
* Get the ID of the currently active member.
* It see's if the session exists / cookie is valid -- and gets the member id accordingly
*
* @param boolean Whether to just do a quick check, don't establish new sessions
* @return MEMBER The member requesting this web page (possibly the guest member - which strictly speaking, is not a member)
*/
function get_member($quick_only = false)
{
global $SESSION_CACHE, $MEMBER_CACHED, $GETTING_MEMBER, $SITE_INFO;
if ($MEMBER_CACHED !== NULL) {
$GETTING_MEMBER = false;
return $MEMBER_CACHED;
}
// If lots of aging sessions, clean out
reset($SESSION_CACHE);
if (count($SESSION_CACHE) > 50 && $SESSION_CACHE[key($SESSION_CACHE)]['last_activity'] < time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
delete_expired_sessions_or_recover();
}
// Try via backdoor that someone with full server access can place
$backdoor_ip_address = mixed();
// Enable to a real IP address to force login from FTP access (if lost admin password)
if (array_key_exists('backdoor_ip', $SITE_INFO)) {
$backdoor_ip_address = $SITE_INFO['backdoor_ip'];
}
if (is_string($backdoor_ip_address) && get_ip_address() == $backdoor_ip_address) {
require_code('users_active_actions');
$MEMBER_CACHED = restricted_manually_enabled_backdoor();
// Will have created a session in here already
return $MEMBER_CACHED;
}
if ($GETTING_MEMBER) {
if (!isset($GLOBALS['FORUM_DRIVER'])) {
return db_get_first_id();
}
// :S
return $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
$GETTING_MEMBER = true;
global $FORCE_INVISIBLE_GUEST;
if ($FORCE_INVISIBLE_GUEST) {
$GETTING_MEMBER = false;
if (!isset($GLOBALS['FORUM_DRIVER'])) {
fatal_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
$MEMBER_CACHED = $GLOBALS['FORUM_DRIVER']->get_guest_id();
return $MEMBER_CACHED;
}
$member = NULL;
$cookie_bits = explode(':', str_replace('|', ':', get_member_cookie()));
$base = $cookie_bits[0];
// Try by session
$session = get_session_id();
if ($session != -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
$ip = get_ip_address(3);
// I hope AOL can cope with this
$allow_unbound_guest = true;
// Note: Guest sessions are not IP bound
$member_row = NULL;
if ($SESSION_CACHE !== NULL && array_key_exists($session, $SESSION_CACHE) && $SESSION_CACHE[$session] !== NULL && array_key_exists('the_user', $SESSION_CACHE[$session]) && (get_option('ip_strict_for_sessions') == '0' || $SESSION_CACHE[$session]['ip'] == $ip || is_guest($SESSION_CACHE[$session]['the_user']) && $allow_unbound_guest || $SESSION_CACHE[$session]['session_confirmed'] == 0 && !is_guest($SESSION_CACHE[$session]['the_user'])) && $SESSION_CACHE[$session]['last_activity'] > time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
$member_row = $SESSION_CACHE[$session];
}
if ($member_row !== NULL && (!array_key_exists($base, $_COOKIE) || !is_guest($member_row['the_user']))) {
$member = $member_row['the_user'];
if ($member !== NULL && time() - $member_row['last_activity'] > 10) {
//$GLOBALS['SITE_DB']->query_update('sessions',array('last_activity'=>time(),'the_zone'=>get_zone_name(),'the_page'=>get_page_name()),array('the_session'=>$session),'',1); Done in get_page_title now
$SESSION_CACHE[$session]['last_activity'] = time();
if (get_value('session_prudence') !== '1') {
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
global $SESSION_CONFIRMED;
$SESSION_CONFIRMED = $member_row['session_confirmed'];
if (get_forum_type() == 'ocf') {
$GLOBALS['FORUM_DRIVER']->ocf_flood_control($member);
}
if (!is_guest($member) && $GLOBALS['FORUM_DRIVER']->is_banned($member)) {
warn_exit(do_lang_tempcode('USER_BANNED'));
}
// Test this member still exists
if ($GLOBALS['FORUM_DRIVER']->get_username($member) === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
if (array_key_exists($base, $_COOKIE)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
}
} else {
require_code('users_inactive_occasionals');
set_session_id(-1);
}
}
if ($member === NULL && get_session_id() == -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
// Try by cookie (will defer to forum driver to authorise against detected cookie)
require_code('users_inactive_occasionals');
$member = try_cookie_login();
// Can forum driver help more directly?
if (method_exists($GLOBALS['FORUM_DRIVER'], 'get_member')) {
$member = $GLOBALS['FORUM_DRIVER']->get_member();
}
}
// Try via additional login providers. They can choose whether to respect existing $member of get_session_id() settings. Some may do an account linkage, so we need to let them decide what to do.
$hooks = find_all_hooks('systems', 'login_providers');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/login_providers/' . $hook);
$ob = object_factory('Hook_login_provider_' . $hook);
$member = $ob->try_login($member);
}
// Guest or banned
if ($member === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
$is_guest = true;
} else {
$is_guest = is_guest($member);
}
// If we are doing a very quick init, bomb out now - no need to establish session etc
global $SITE_INFO;
if ($quick_only) {
$GETTING_MEMBER = false;
return $member;
}
// If one of the try_* functions hasn't actually created the session, call it here
$session = get_session_id();
if ($session == -1) {
require_code('users_inactive_occasionals');
create_session($member);
}
// If we are logged in, maybe do some further processing
if (!$is_guest) {
// Is there a su operation?
$ks = get_param('keep_su', '');
if ($ks != '') {
require_code('users_inactive_occasionals');
$member = try_su_login($member);
}
// Run hooks, if any exist
$hooks = find_all_hooks('systems', 'upon_login');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/upon_login/' . filter_naughty($hook));
$ob = object_factory('upon_login' . filter_naughty($hook), true);
if ($ob === NULL) {
continue;
}
$ob->run(false, NULL, $member);
// false means "not a new login attempt"
}
}
// Ok we have our answer
$MEMBER_CACHED = $member;
$GETTING_MEMBER = false;
// We call this to ensure any HTTP-auth specific code has a chance to run
is_httpauth_login();
return $member;
}
