public function do_login($redirect, $force_retry = false)
{
global $config, $user;
// If user is already logged in and granted our application, we don't need to redirect him to facebook
$user_fb_id = $this->client->getUser();
if (!empty($user_fb_id)) {
return $this->retrieve_user_basic_data($user_fb_id);
}
$confirm = request_get_var('confirm', 0);
if ($confirm != 1 || $force_retry) {
// Build the social network return url
$current_page = extract_current_page(IP_ROOT_PATH);
$return_url = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://';
$return_url .= extract_current_hostname() . $current_page['script_path'] . $current_page['page'];
$return_url .= (strpos($return_url, '?') ? '&' : '?') . 'redirect=' . $redirect . '&confirm=1';
$return_url .= !empty($_GET['admin']) ? '&admin=1' : '';
$params = array('scope' => $this->scope, 'redirect_uri' => $return_url);
$login_url = $this->client->getLoginUrl($params);
header('Location: ' . $login_url);
exit;
} else {
$token = '';
$user_fb_data = array();
try {
$token = $this->client->getAccessToken();
$user_fb_data = $this->client->api('/me');
} catch (OAuthException $e) {
// Retry on failure
return $this->do_login(true);
}
return $this->retrieve_user_id($user_fb_data['id']);
}
}
function rss_session_begin($user_id, $user_ip)
{
global $db, $cache, $config, $user;
$page_array = extract_current_page(IP_ROOT_PATH);
$forum_id = request_var(POST_FORUM_URL, 0);
$forum_id = $forum_id < 0 ? 0 : $forum_id;
$topic_id = request_var(POST_TOPIC_URL, 0);
$topic_id = $topic_id < 0 ? 0 : $topic_id;
if (function_exists('mysql_real_escape_string')) {
$page_id = @mysql_real_escape_string(substr($page_array['page_full'], 0, 254));
} else {
$page_id = substr(str_replace('\'', '%27', $page_array['page_full']), 0, 254);
}
$user_id = (int) $user_id;
$password = md5($_SERVER['PHP_AUTH_PW']);
$last_visit = 0;
$current_time = time();
$expiry_time = $current_time - $config['session_length'];
$sql = "SELECT *\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE user_id = " . $user_id;
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result) {
ExitWithHeader('500 Internal Server Error', 'Could not obtain lastvisit data from user table');
}
$user->data = $db->sql_fetchrow($result);
if (isset($user->data['user_level']) && $user->data['user_level'] == JUNIOR_ADMIN) {
$user->data['user_level'] = !defined('IN_ADMIN') && !defined('IN_CMS') ? ADMIN : MOD;
}
if ($user_id != ANONYMOUS && (empty($user->data) || $password != $user->data['user_password'])) {
ExitWithHeader('500 Internal Server Error', 'Error while create session');
}
$login = $user_id != ANONYMOUS ? 1 : 0;
$is_banned = $user->check_ban($user_id, $user->ip, $user->data['user_email'], true);
if ($is_banned) {
ExitWithHeader("403 Forbidden", "You have been banned");
}
list($sec, $usec) = explode(' ', microtime());
mt_srand((double) $sec + (double) $usec * 100000);
$session_id = md5(uniqid(mt_rand(), true));
$sql = "INSERT INTO " . SESSIONS_TABLE . "\n\t\t(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_forum_id, session_topic_id, session_logged_in, session_admin)\n\t\tVALUES ('" . $db->sql_escape($session_id) . "', {$user_id}, {$current_time}, {$current_time}, '" . $db->sql_escape($user_ip) . "', '" . $db->sql_escape($page_id) . "', '" . $db->sql_escape($forum_id) . "', '" . $db->sql_escape($topic_id) . "', {$login}, 0)";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result) {
ExitWithHeader("500 Internal Server Error", "Error creating new session");
}
$last_visit = $user->data['user_session_time'] > 0 ? $user->data['user_session_time'] : $current_time;
$sql = "UPDATE " . USERS_TABLE . " SET user_session_time = {$current_time}, user_session_page = '{$page_id}', user_lastvisit = {$last_visit} ";
if (LV_MOD_INSTALLED) {
$sql .= ", user_totallogon = (user_totallogon + 1)";
}
$sql .= " WHERE user_id = {$user_id}";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result) {
ExitWithHeader("500 Internal Server Error", 'Error updating last visit time');
}
$user->data['user_lastvisit'] = $last_visit;
$user->data['session_id'] = $session_id;
$user->data['session_ip'] = $user_ip;
$user->data['session_user_id'] = $user_id;
$user->data['session_logged_in'] = $login;
$user->data['session_page'] = $page_id;
$user->data['session_forum_id'] = $forum_id;
$user->data['session_topic_id'] = $topic_id;
$user->data['session_start'] = $current_time;
$user->data['session_time'] = $current_time;
$user->data['session_admin'] = 0;
$user->data['session_key'] = '';
$SID = 'sid=' . $session_id;
define('TEMP_SESSION', true);
// Mighty Gorgon - BOT SESSION - BEGIN
$user->data['is_bot'] = false;
if ($user->data['user_id'] != ANONYMOUS) {
$user->data['bot_id'] = false;
} else {
$bot_name_tmp = bots_parse($user_ip, $config['bots_color'], $user_agent, true);
$user->data['bot_id'] = $bot_name_tmp['name'];
if ($user->data['bot_id'] !== false) {
$user->data['is_bot'] = true;
bots_table_update($bot_name_tmp['id']);
}
}
// Mighty Gorgon - BOT SESSION - END
return $user->data;
}
function ip_log($content, $db_log, $error_log = false)
{
global $REQUEST_URI, $REMOTE_ADDR, $HTTP_USER_AGENT, $SERVER_NAME, $HTTP_REFERER;
global $db, $config, $lang, $user;
$db_log_actions = $config['db_log_actions'] == '1' || $config['db_log_actions'] == '2' ? true : false;
$page_array = extract_current_page(IP_ROOT_PATH);
switch ($page_array['page_name']) {
case CMS_PAGE_MEMBERLIST:
return true;
break;
case CMS_PAGE_POSTING:
if (strpos(strtolower($page_array['query_string']), strtolower('mode=quote')) !== false || strpos(strtolower($page_array['query_string']), strtolower('mode=smilies')) !== false || strpos(strtolower($page_array['query_string']), strtolower('mode=topicreview')) !== false) {
return true;
}
break;
case CMS_PAGE_PROFILE:
if ($user->data['user_id'] == ANONYMOUS) {
return true;
}
break;
case CMS_PAGE_SEARCH:
return true;
break;
case CMS_PAGE_VIEWTOPIC:
if ($user->data['user_id'] == ANONYMOUS) {
return true;
}
break;
}
$remote_address = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : (!empty($_ENV['REMOTE_ADDR']) ? $_ENV['REMOTE_ADDR'] : getenv('REMOTE_ADDR'));
$remote_address = !empty($remote_address) && $remote_address != '::1' ? $remote_address : '127.0.0.1';
$user_agent_log = !empty($_SERVER['HTTP_USER_AGENT']) ? trim($_SERVER['HTTP_USER_AGENT']) : (!empty($_ENV['HTTP_USER_AGENT']) ? trim($_ENV['HTTP_USER_AGENT']) : trim(getenv('HTTP_USER_AGENT')));
$referer = !empty($_SERVER['HTTP_REFERER']) ? (string) $_SERVER['HTTP_REFERER'] : '';
$referer = preg_replace('/sid=[A-Za-z0-9]{32}/', '', $referer);
if ($config['mg_log_actions'] == true) {
$date = gmdate('Y/m/d - H:i:s');
$message = '[' . $date . ']';
$message .= ' [USER_ID: ' . $user->data['user_id'] . ' ]';
$message .= ' [REQ: ' . $page_array['page'] . ' ]';
$message .= ' [IP: ' . $remote_address . ']';
//$message .= ' [CLIENT: ' . $user_agent_log . ']';
$message .= ' [REF: ' . $referer . ']';
$message .= "\n";
$message .= $content;
$message .= "\n";
$message .= "\n";
$datecode = gmdate('Ymd');
$logs_path = !empty($config['logs_path']) ? $config['logs_path'] : 'logs';
$log_file = IP_ROOT_PATH . $logs_path . '/mg_log_' . $datecode . '.txt';
$fp = @fopen($log_file, 'a+');
@fwrite($fp, $message);
@fclose($fp);
}
if ($db_log_actions == true) {
if ($db_log['target'] != '') {
$db_target = explode(',', $db_log['target']);
foreach ($db_target as $db_target_data) {
$sql = "INSERT INTO " . LOGS_TABLE . " (log_time, log_page, log_user_id, log_action, log_desc, log_target)\n\t\t\t\t\tVALUES ('" . time() . "', '" . $page_array['page'] . "', '" . $user->data['user_id'] . "', '" . $db->sql_escape($db_log['action']) . "', '" . $db->sql_escape($db_log['desc']) . "', '" . $db_target_data . "')";
$result = $db->sql_query($sql);
}
} else {
$sql = "SELECT MAX(log_id) max_log_id FROM " . LOGS_TABLE . "";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$new_log_id = $row['max_log_id'] + 1;
$sql = "INSERT INTO " . LOGS_TABLE . " (log_id, log_time, log_page, log_user_id, log_action, log_desc, log_target)\n\t\t\t\tVALUES ('" . $new_log_id . "', '" . time() . "', '" . $page_array['page'] . "', '" . $user->data['user_id'] . "', '" . $db->sql_escape($db_log['action']) . "', '" . $db->sql_escape($db_log['desc']) . "', '')";
$result = $db->sql_query($sql);
if ($error_log && $config['db_log_actions'] == '2') {
$datecode = gmdate('Ymd');
$logs_path = !empty($config['logs_path']) ? $config['logs_path'] : 'logs';
$log_file = IP_ROOT_PATH . $logs_path . '/error_log_' . $new_log_id . '.txt';
$fp = @fopen($log_file, "a+");
$message = '';
//$message .= '[CODE: ' . $error_log['code'] . ']';
$message .= "\n";
$message .= '<b>' . $error_log['title'] . '</b>';
$message .= "\n";
$message .= "\n";
$message .= $error_log['text'] . "\n";
@fwrite($fp, $message);
@fclose($fp);
}
}
}
//die('TRUE');
return true;
}
if (!$is_auth_view) {
if (!empty($layout_row['groups'])) {
$is_auth_view = false;
$group_content = explode(',', $layout_row['groups']);
for ($i = 0; $i < sizeof($group_content); $i++) {
if (in_array(intval($group_content[$i]), $ip_cms->cms_groups($user->data['user_id']))) {
$is_auth_view = true;
break;
}
}
}
}
if (!$is_auth_view) {
if (!$user->data['session_logged_in']) {
$page_array = array();
$page_array = extract_current_page(IP_ROOT_PATH);
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=' . str_replace('.' . PHP_EXT . '?', '.' . PHP_EXT . '&', $page_array['page']), true));
} else {
message_die(GENERAL_MESSAGE, $lang['Not_Auth_View']);
}
}
if (empty($layout_template)) {
$layout = $cms_config_vars['default_portal'];
$sql = "SELECT * FROM " . $ip_cms->tables['layout_table'] . " WHERE lid = '" . $layout . "'";
$layout_result = $db->sql_query($sql, 0, 'cms_', CMS_CACHE_FOLDER);
while ($row = $db->sql_fetchrow($layout_result)) {
$layout_row = $row;
}
$db->sql_freeresult($layout_result);
$layout_name = false;
$layout_template = $layout_row['template'];
/**
* Check if the user is allowed to access a page
*/
function check_page_auth($cms_page_id, $cms_auth_level, $return = false)
{
global $user, $lang;
$is_auth = check_auth_level($cms_auth_level);
if (!$is_auth) {
if ($return) {
return false;
} else {
if (!$user->data['is_bot'] && !$user->data['session_logged_in']) {
$page_array = array();
$page_array = extract_current_page(IP_ROOT_PATH);
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=' . str_replace('.' . PHP_EXT . '?', '.' . PHP_EXT . '&', $page_array['page']), true));
} else {
message_die(GENERAL_MESSAGE, $lang['Not_Auth_View']);
}
}
}
return true;
}
/**
* Start session management
*
* This is where all session activity begins. We gather various pieces of
* information from the client and server. We test to see if a session already
* exists. If it does, fine and dandy. If it doesn't we'll go on to create a
* new one ... pretty logical heh? We also examine the system load (if we're
* running on a system which makes such information readily available) and
* halt if it's above an admin definable limit.
*
* @param bool $update_session_page if true the session page gets updated.
* This can be set to circumvent certain scripts to update the users last visited page.
*/
function session_begin($update_session_page = true)
{
global $SID, $_SID, $_EXTRA_URL, $db, $config;
// ICY PHOENIX - BEGIN
global $lang;
// ICY PHOENIX - END
// Give us some basic information
$this->time_now = time();
$this->cookie_data = array('u' => 0, 'k' => '');
$this->cookie_expire = $this->time_now + ($config['max_autologin_time'] ? 86400 * (int) $config['max_autologin_time'] : 31536000);
$this->update_session_page = empty($update_session_page) || defined('IMG_THUMB') ? false : true;
//$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
$this->browser = !empty($_SERVER['HTTP_USER_AGENT']) ? (string) $_SERVER['HTTP_USER_AGENT'] : '';
$this->referer = !empty($_SERVER['HTTP_REFERER']) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
$this->forwarded_for = !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? htmlspecialchars((string) $_SERVER['HTTP_X_FORWARDED_FOR']) : '';
$this->host = extract_current_hostname();
$this->page = extract_current_page(IP_ROOT_PATH);
$session_cookie_empty = empty($_COOKIE[$config['cookie_name'] . '_sid']) ? true : false;
$session_get_empty = empty($_GET['sid']) ? true : false;
$session_empty = true;
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) {
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
$this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true);
// Mighty Gorgon: I'm still not sure if I want to keep 'sid=' in Icy Phoenix as well... maybe better removing it!!!
//$SID = (defined('NEED_SID')) ? ('sid=' . $this->session_id) : 'sid=';
$SID = defined('NEED_SID') ? 'sid=' . $this->session_id : '';
$_SID = defined('NEED_SID') ? $this->session_id : '';
$session_empty = empty($this->session_id) ? true : false;
}
// Mighty Gorgon: moved here this IF block... why it was so down in the code???
// if no session id is set, redirect to index.php
//if (defined('NEED_SID') && ($cookie_empty || (!isset($_GET['sid']) || ($this->session_id !== $_GET['sid']))))
if (defined('NEED_SID') && !defined('IN_LOGIN') && ($session_cookie_empty || $session_empty || !isset($_GET['sid']) || isset($_GET['sid']) && $this->session_id !== $_GET['sid'])) {
// Mighty Gorgon: I don't know why it isn't working properly, returning blank page!!!
//send_status_line(401, 'Not authorized');
// Mighty Gorgon: removed append_sid as it seems the user doesn't have a valid SID!
redirect(IP_ROOT_PATH . 'index.' . PHP_EXT);
}
if ($session_empty) {
$this->session_id = request_var('sid', '');
$_SID = $this->session_id;
$SID = 'sid=' . $this->session_id;
$this->cookie_data = array('u' => 0, 'k' => '');
}
$_EXTRA_URL = array();
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
$this->ip = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : (!empty($_ENV['REMOTE_ADDR']) ? $_ENV['REMOTE_ADDR'] : getenv('REMOTE_ADDR'));
$this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip));
// split the list of IPs
$ips = explode(' ', $this->ip);
// Default IP if REMOTE_ADDR is invalid
$this->ip = '127.0.0.1';
$format_ipv4 = get_preg_expression('ipv4');
$format_ipv6 = get_preg_expression('ipv6');
foreach ($ips as $ip) {
if (preg_match($format_ipv4, $ip)) {
$this->ip = $ip;
} elseif (preg_match($format_ipv6, $ip)) {
// Quick check for IPv4-mapped address in IPv6
if (stripos($ip, '::ffff:') === 0) {
$ipv4 = substr($ip, 7);
if (preg_match($format_ipv4, $ipv4)) {
$ip = $ipv4;
}
}
$this->ip = $ip;
} else {
// We want to use the last valid address in the chain
// Leave foreach loop when address is invalid
break;
}
}
$this->load = false;
// Load limit check (if applicable)
if ($config['limit_load'] || $config['limit_search_load']) {
if (function_exists('sys_getloadavg') && ($load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg')))) {
$this->load = array_slice($load, 0, 1);
$this->load = floatval($this->load[0]);
} else {
set_config('limit_load', '0');
set_config('limit_search_load', '0');
}
}
// if session id is set
if (!empty($this->session_id)) {
$sql = "SELECT u.*, s.*\n\t\t\t\tFROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u\n\t\t\t\tWHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'\n\t\t\t\t\tAND u.user_id = s.session_user_id";
$result = $db->sql_query($sql);
$this->data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// Did the session exist in the DB?
if (isset($this->data['user_id'])) {
if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false) {
$s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']);
$u_ip = short_ipv6($this->ip, $config['ip_check']);
} else {
$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
}
$s_browser = $config['browser_check'] ? trim(strtolower(substr($this->data['session_browser'], 0, 254))) : '';
$u_browser = $config['browser_check'] ? trim(strtolower(substr($this->browser, 0, 254))) : '';
// referer checks
// The @ before $config['referer_validation'] suppresses notices present while running the updater
$check_referer_path = @$config['referer_validation'] == REFERER_VALIDATE_PATH;
$referer_valid = true;
// we assume HEAD and TRACE to be foul play and thus only whitelist GET
if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') {
$referer_valid = $this->validate_referer($check_referer_path);
}
if ($u_ip === $s_ip && $s_browser === $u_browser && $referer_valid) {
// Some useful boolean checks... defined here for future easy of use
$session_expired = false;
$session_refresh_time = (int) SESSION_REFRESH;
$autologin_expired = !empty($config['max_autologin_time']) && $this->data['session_time'] < $this->time_now - 86400 * (int) $config['max_autologin_time'] + $session_refresh_time ? true : false;
$session_time_expired = $this->data['session_time'] < $this->time_now - ((int) $config['session_length'] + $session_refresh_time) ? true : false;
$session_refresh = $this->data['session_time'] < $this->time_now - $session_refresh_time ? true : false;
if (!$session_expired) {
// Check the session length timeframe if autologin is not enabled.
// Else check the autologin length... and also removing those having autologin enabled but no longer allowed site-wide.
if (empty($this->data['session_autologin'])) {
if ($session_time_expired) {
$session_expired = true;
}
} elseif (empty($config['allow_autologin']) || $autologin_expired) {
$session_expired = true;
}
}
// ICY PHOENIX - BEGIN
// This portion of code needs to stay here (after isset($this->data['user_id']) )... otherwise we are potentially going to instantiate some $user->data even if $user->data is still empty
$this->bots_process();
if (isset($this->data['user_id']) && $this->data['user_id'] != ANONYMOUS && isset($this->data['user_level']) && $this->data['user_level'] == JUNIOR_ADMIN) {
define('IS_JUNIOR_ADMIN', true);
$this->data['user_level'] = !defined('IN_ADMIN') && !defined('IN_CMS') ? ADMIN : MOD;
}
// Refresh last visit time for those users having autologin enabled or those users with session time expired (only if config for this has been set)
if ($this->data['user_id'] != ANONYMOUS && (!empty($config['session_last_visit_reset']) && $session_time_expired || !empty($config['allow_autologin']) && $autologin_expired || empty($this->data['user_lastvisit']))) {
$sql = "UPDATE " . USERS_TABLE . "\n\t\t\t\t\t\t\tSET user_lastvisit = " . (int) $this->data['session_time'] . "\n\t\t\t\t\t\t\tWHERE user_id = " . (int) $this->data['user_id'];
$db->sql_query($sql);
}
// ICY PHOENIX - END
if (!$session_expired) {
// Only update session DB a minute or so after last update or if page changes
// Mighty Gorgon: in Icy Phoenix we give maximum priority to $this->update_session_page, because we don't want the session to be updated for thumbnails or other special features!
if ($this->update_session_page && ($session_refresh || $this->data['session_page'] != $this->page['page']) && empty($_REQUEST['explain'])) {
$sql_ary = array();
// ICY PHOENIX - BEGIN
// Update $user->data
$this->data['user_session_time'] = $this->time_now;
$this->data['user_session_page'] = (string) substr($this->page['page'], 0, 254);
$this->data['user_browser'] = (string) substr($this->browser, 0, 254);
$this->data['user_totalpages'] = (int) $this->data['user_totalpages'] + 1;
$this->data['user_totaltime'] = (int) $this->data['user_totaltime'] + $this->time_now - $this->data['session_time'];
// ICY PHOENIX - END
// A little trick to reset session_admin on session re-usage
if (!defined('IN_ADMIN') && !defined('IN_CMS') && $session_time_expired) {
$sql_ary['session_admin'] = 0;
}
$sql_ary['session_time'] = $this->time_now;
$sql_ary['session_page'] = $this->data['user_session_page'];
$sql_ary['session_browser'] = $this->data['user_browser'];
$sql_ary['session_forum_id'] = $this->page['forum'];
$sql_ary['session_topic_id'] = $this->page['topic'];
$db->sql_return_on_error(true);
$sql = "UPDATE " . SESSIONS_TABLE . " SET " . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
$result = $db->sql_query($sql);
// ICY PHOENIX - BEGIN
if ($this->data['user_id'] != ANONYMOUS) {
$sql_ary = array();
$sql_ary['user_ip'] = $this->ip;
$sql_ary['user_session_time'] = $this->data['user_session_time'];
$sql_ary['user_session_page'] = $this->data['user_session_page'];
$sql_ary['user_browser'] = $this->data['user_browser'];
$sql_ary['user_totalpages'] = $this->data['user_totalpages'];
$sql_ary['user_totaltime'] = $this->data['user_totaltime'];
$sql = "UPDATE " . USERS_TABLE . " SET " . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\t\tWHERE user_id = " . $this->data['user_id'];
$result = $db->sql_query($sql);
}
// ICY PHOENIX - END
$db->sql_return_on_error(false);
}
$this->data['is_registered'] = empty($this->data['is_bot']) && $this->data['user_id'] != ANONYMOUS && !empty($this->data['user_active']) ? true : false;
$this->data['session_logged_in'] = $this->data['is_registered'];
$this->data['user_lang'] = basename($this->data['user_lang']);
$this->upi2db();
return true;
}
} else {
// Added logging temporarily to help debug bugs...
if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) {
if ($referer_valid) {
add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser);
} else {
add_log('critical', 'LOG_REFERER_INVALID', $this->referer);
}
}
}
}
}
// If we reach here then no (valid) session exists. So we'll create a new one
return $this->session_create();
}