Newer
Older
Graham Cole
committed
<?php
/***********************************************************************
Graham Cole
committed
This file is part of PunBB.
PunBB is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
PunBB is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
************************************************************************/
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
//
// SUCS specific functions
//
// because killing off PHP is a little inconsiderate
function pun_exit($spew="")
{
echo $spew;
throw new Exception("pun_exit");
}
function auth_user(&$pun_user)
{
global $db, $pun_config, $session;
if ($session->loggedin) {
$query = 'SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.username=\''.$session->username.'\'';
$result = $db->query($query) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
$now = time();
if (!isset($pun_user['id'])) {
//Logged in, first-time visitor
$initial_group_id = $pun_config['o_default_user_group'];
$password_hash = pun_hash(random_pass($len));
$email1 = $session->username."@sucs.org";
// default to hide e-mail address, allow form e-mail
$email_setting = "1";
$save_pass = "0";
$timezone = "0";
$language = $pun_config['o_default_lang'];
$db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES (\''.$session->username.'\', '.$initial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.' , \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
// fetch newly-inserted details
$result = $db->query($query) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
}
// either the data was there all along, or it should be there now, so let's say we're logged in
$pun_user['is_guest'] = false;
if (!$pun_user['disp_topics'])
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
if (!$pun_user['disp_posts'])
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT'))
{
// Update the online list
if (!$pun_user['logged'])
$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$now.')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
else
{
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit']))
{
$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = ($pun_user['idle'] == '1') ? ', idle=0' : '';
$db->query('UPDATE '.$db->prefix.'online SET logged='.$now.$idle_sql.' WHERE user_id='.$pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
}
}
} else {
//Not logged in
set_default_user();
}
}
Graham Cole
committed
//
// Cookie stuff!
//
function check_cookie(&$pun_user)
{
global $db, $db_type, $pun_config, $cookie_name, $cookie_seed;
$now = time();
$expire = $now + 31536000; // The cookie expires after a year
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Guest');
// If a cookie is set, we get the user_id and password hash from it
if (isset($_COOKIE[$cookie_name]) && preg_match('/a:2:{i:0;s:\d+:"(\d+)";i:1;s:\d+:"([0-9a-f]+)";}/', $_COOKIE[$cookie_name], $matches))
list(, $cookie['user_id'], $cookie['password_hash']) = $matches;
Graham Cole
committed
if ($cookie['user_id'] > 1)
{
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='.intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
// If user authorisation failed
if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])
{
pun_setcookie(1, md5(uniqid(rand(), true)), $expire);
Graham Cole
committed
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
set_default_user();
return;
}
// Set a default language if the user selected language no longer exists
if (!@file_exists(PUN_ROOT.'lang/'.$pun_user['language']))
$pun_user['language'] = $pun_config['o_default_lang'];
// Set a default style if the user selected style no longer exists
if (!@file_exists(PUN_ROOT.'style/'.$pun_user['style'].'.css'))
$pun_user['style'] = $pun_config['o_default_style'];
if (!$pun_user['disp_topics'])
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
if (!$pun_user['disp_posts'])
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
if ($pun_user['save_pass'] == '0')
$expire = 0;
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT'))
{
// Update the online list
if (!$pun_user['logged'])
{
$pun_user['logged'] = $now;
// With MySQL/MySQLi, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type)
{
case 'mysql':
case 'mysqli':
$db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
}
else
{
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < ($now-$pun_config['o_timeout_visit']))
{
$db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = ($pun_user['idle'] == '1') ? ', idle=0' : '';
$db->query('UPDATE '.$db->prefix.'online SET logged='.$now.$idle_sql.' WHERE user_id='.$pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
}
}
$pun_user['is_guest'] = false;
}
else
set_default_user();
}
//
// Fill $pun_user with default values (for guests)
//
function set_default_user()
{
global $db, $db_type, $pun_user, $pun_config;
$remote_addr = get_remote_address();
// Fetch guest user
$result = $db->query('SELECT u.*, g.*, o.logged FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
pun_exit('Unable to fetch guest information. The table \''.$db->prefix.'users\' must contain an entry with id = 1 that represents anonymous users.');
Loading
Loading full blame...