MODS.DB9.DK

by **Nightstalker** on Sun 06. Nov, 2005 14:46

Still after a fix here for a 2.0.17 board.Noti ntersted in upgrade as of yet until all the bugs are ironed out of 18.

by **Beeveer** on Sun 06. Nov, 2005 22:50

Look in the other topic: http://mods.db9.dk/viewtopic.php?p=25507#25507

by **acoolwelshbloke** on Sun 06. Nov, 2005 22:53

Nooooooooooo that is not a correct fix his code is wrong!

See http://mods.db9.dk/viewtopic.php?t=7033 for the latest version for use on 2.0.18

by **ErnadoO** on Mon 07. Nov, 2005 00:49

acoolwelshbloke wrote:Nooooooooooo that is not a correct fix his code is wrong!

See http://mods.db9.dk/viewtopic.php?t=7033 for the latest version for use on 2.0.18

Go to bed

the modifications which you give are exactly those which I did in this file: http://mods.db9.dk/viewtopic.php?p=25507#25507 with a session.php from phpbb.com
:roll:

proof:

Code: Select all: * $Id: sessions.php,v 1.58.2.16 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/

by **acoolwelshbloke** on Mon 07. Nov, 2005 01:26

Of course it's the sessions.php from phpbb.com!

Where else would you get a sessions.php for phpbb 2.0.18?????????

I never said I wrote a whole new sessions.php did I?

and second of all in the file that I downloaded that you posted, there is or was a fuck up in it, don't know if you changed it or not cause I haven't checked!

that is why myself and others who posted on here were having a problem when users were logging out and that was because in your original sessions.php you altered an incorrect part of the code and I corrected it!

And I just checked it and it's still wrong!

You have altered the:

//
// Delete existing session
//

part of the script when you should have altered:

//
// Delete expired sessions
//

part of the script!

The changes you made make a bug in the logging out part of phpbb!

SO INSTEAD OF RANTING AND CLAIMING I HAVE ALTERED FUCK ALL CHECK YOUR FACTS!

Download your own sessions.php and open it up and check your script you will see I am right!

And for everyone else who chooses to jump down my throught I came here to simply help others get this mod working for the current version of phpbb and not to start or be the cause of any argument.

MAYBE I SHOULD NOT HAVE BOTHERED! :roll:

UPDATE:
I have added your sessions.php and below you will find mine, you will see that they are almost identical but scroll down to the bottom and look for the two script errors I have pointed out above. You will see mine is correct and your is incorrect!

by **acoolwelshbloke** on Mon 07. Nov, 2005 01:49

This is the sessions.php you supplied via download on this site!

Code: Select all: <?php /*************************************************************************** * sessions.php * ------------------- * begin : Saturday, Feb 13, 2001 * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * * $Id: sessions.php,v 1.58.2.16 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_METHOD_COOKIE; } else { $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } // if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { $session_id = ''; } $page_id = (int) $page_id; $last_visit = 0; $current_time = time(); // // Are auto-logins allowed? // If allow_autologin is not set or is true then they are // (same behaviour as old 2.0.x session code) // if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin']) { $enable_autologin = $sessiondata['autologinid'] = false; } // // First off attempt to join with the autologin value if we have one // If not, just use the user_id value // $userdata = array(); if ($user_id != ANONYMOUS) { if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id) { $sql = 'SELECT u.* FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k WHERE u.user_id = ' . (int) $user_id . " AND u.user_active = 1 AND k.user_id = u.user_id AND k.key_id = '" . md5($sessiondata['autologinid']) . "'"; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); $enable_autologin = $login = 1; } else if (!$auto_create) { $sessiondata['autologinid'] = ''; $sessiondata['userid'] = $user_id; $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id . ' AND user_active = 1'; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); $login = 1; } } // // At this point either $userdata should be populated or // one of the below is true // * Key didn't match one in the DB // * User does not exist // * User is inactive // if (!sizeof($userdata) || !is_array($userdata) || !$userdata) { $sessiondata['autologinid'] = ''; $sessiondata['userid'] = $user_id = ANONYMOUS; $enable_autologin = $login = 0; $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); } // // Initial ban check against user id, IP and email address // preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts); $sql = "SELECT ban_ip, ban_userid, ban_email FROM " . BANLIST_TABLE . " WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff') OR ban_userid = $user_id"; if ( $user_id != ANONYMOUS ) { $sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $userdata['user_email']) . "' OR ban_email LIKE '" . substr(str_replace("\'", "''", $userdata['user_email']), strpos(str_replace("\'", "''", $userdata['user_email']), "@")) . "'"; } if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql); } if ( $ban_info = $db->sql_fetchrow($result) ) { if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] ) { message_die(CRITICAL_MESSAGE, 'You_been_banned'); } } // // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { list($sec, $usec) = explode(' ', microtime()); mt_srand((float) $sec + ((float) $usec * 100000)); $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); } } //if ( $user_id != ANONYMOUS ) //{ $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; if (!$admin) { $sql = "UPDATE " . USERS_TABLE . " SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit, user_lastlogon = " . time() . ", user_totallogon=user_totallogon+1 WHERE user_id = $user_id"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); } } $userdata['user_lastvisit'] = $last_visit; // // Regenerate the auto-login key // if ($enable_autologin) { list($sec, $usec) = explode(' ', microtime()); mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000)); $auto_login_key = uniqid(mt_rand(), true); if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') { $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time WHERE key_id = '" . md5($sessiondata['autologinid']) . "'"; } else { $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login) VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)"; } if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); } $sessiondata['autologinid'] = $auto_login_key; unset($auto_login_key); } else { $sessiondata['autologinid'] = ''; } // $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; //} $userdata['session_id'] = $session_id; $userdata['session_ip'] = $user_ip; $userdata['session_user_id'] = $user_id; $userdata['session_logged_in'] = $login; $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; $userdata['session_admin'] = $admin; $userdata['session_key'] = $sessiondata['autologinid']; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); $SID = 'sid=' . $session_id; return $userdata; } // // Checks for a given user session, tidies session table and updates user // sessions at each page refresh // function session_pagestart($user_ip, $thispage_id) { global $db, $lang, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; $current_time = time(); unset($userdata); if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } // if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { $session_id = ''; } $thispage_id = (int) $thispage_id; // // Does a session exist? // if ( !empty($session_id) ) { // Start add - Last visit MOD $expiry_time = $current_time - $board_config['session_length'] ; // End add - Last visit MOD // // session_id exists so go ahead and attempt to grab all // data in preparation // $sql = "SELECT u.*, s.* FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u WHERE s.session_id = '$session_id' AND u.user_id = s.session_user_id AND session_time > $expiry_time"; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); // // Did the session exist in the DB? // if ( isset($userdata['user_id']) ) { // // Do not check IP assuming equivalence, if IPv4 we'll check only first 24 // bits ... I've been told (by vHiker) this should alleviate problems with // load balanced et al proxies while retaining some reliance on IP security. // $ip_check_s = substr($userdata['session_ip'], 0, 6); $ip_check_u = substr($user_ip, 0, 6); if ($ip_check_s == $ip_check_u) { $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : ''; // // Only update session DB a minute or so after last update // if ( $current_time - $userdata['session_time'] > 60 ) { // A little trick to reset session_admin on session re-usage $update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : ''; $sql = "UPDATE " . SESSIONS_TABLE . " SET session_time = $current_time, session_page = $thispage_id$update_admin WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); } //if ( $userdata['user_id'] != ANONYMOUS ) //{ $sql = "UPDATE " . USERS_TABLE . " SET user_session_time = $current_time, user_session_page = $thispage_id, user_totalpages = user_totalpages+1, user_totaltime = user_totaltime+($current_time-".$userdata['session_time'].") WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); } //} session_clean($userdata['session_id']); setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); } return $userdata; } } } // // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. // $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS; if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) ) { message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql); } return $userdata; } /** * Terminates the specified session * It will delete the entry in the sessions table for this session, * remove the corresponding auto-login key and reset the cookies */ function session_end($session_id, $user_id) { global $db, $lang, $board_config, $userdata; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; $current_time = time(); if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { return; } // // Delete existing session // $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE UNIX_TIMESTAMP() - session_time >=172800 AND session_id <> '$session_id'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } // // Remove this auto-login entry (if applicable) // if ( isset($userdata['session_key']) && $userdata['session_key'] != '' ) { $autologin_key = md5($userdata['session_key']); $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id . " AND key_id = '$autologin_key'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error removing auto-login key', '', __LINE__, __FILE__, $sql); } } // // We expect that message_die will be called after this function, // but just in case it isn't, reset $userdata to the details for a guest // $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql); } if ( !($userdata = $db->sql_fetchrow($result)) ) { message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql); } $db->sql_freeresult($result); setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); return true; } /** * Removes expired sessions and auto-login keys from the database */ function session_clean($session_id) { global $board_config, $db; // // Delete expired sessions // $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_time < ' . (time() - (int) $board_config['session_length']) . " AND session_id <> '$session_id'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); } // // Delete expired auto-login keys // If max_autologin_time is not set then keys will never be deleted // (same behaviour as old 2.0.x session code) // if (!empty($board_config['max_autologin_time']) && $board_config['max_autologin_time'] > 0) { $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time'])); $db->sql_query($sql); } return true; } // // Append $SID to a url. Borrowed from phplib and modified. This is an // extra routine utilised by the session code above and acts as a wrapper // around every single URL and form action. If you replace the session // code you must include this routine, even if it's empty. // function append_sid($url, $non_html_amp = false) { global $SID; if ( !empty($SID) && !preg_match('#sid=#', $url) ) { $url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } return $url; } ?>

This is the sessions.php I supplied with the correct scripting for this mod!

Code: Select all: <?php /*************************************************************************** * sessions.php * ------------------- * begin : Saturday, Feb 13, 2001 * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * * $Id: sessions.php,v 1.58.2.16 2005/10/30 15:17:14 acydburn Exp $ * * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_METHOD_COOKIE; } else { $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } // if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { $session_id = ''; } $page_id = (int) $page_id; $last_visit = 0; $current_time = time(); // // Are auto-logins allowed? // If allow_autologin is not set or is true then they are // (same behaviour as old 2.0.x session code) // if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin']) { $enable_autologin = $sessiondata['autologinid'] = false; } // // First off attempt to join with the autologin value if we have one // If not, just use the user_id value // $userdata = array(); if ($user_id != ANONYMOUS) { if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id) { $sql = 'SELECT u.* FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k WHERE u.user_id = ' . (int) $user_id . " AND u.user_active = 1 AND k.user_id = u.user_id AND k.key_id = '" . md5($sessiondata['autologinid']) . "'"; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); $enable_autologin = $login = 1; } else if (!$auto_create) { $sessiondata['autologinid'] = ''; $sessiondata['userid'] = $user_id; $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id . ' AND user_active = 1'; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); $login = 1; } } // // At this point either $userdata should be populated or // one of the below is true // * Key didn't match one in the DB // * User does not exist // * User is inactive // if (!sizeof($userdata) || !is_array($userdata) || !$userdata) { $sessiondata['autologinid'] = ''; $sessiondata['userid'] = $user_id = ANONYMOUS; $enable_autologin = $login = 0; $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id; if (!($result = $db->sql_query($sql))) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); } // // Initial ban check against user id, IP and email address // preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts); $sql = "SELECT ban_ip, ban_userid, ban_email FROM " . BANLIST_TABLE . " WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff') OR ban_userid = $user_id"; if ( $user_id != ANONYMOUS ) { $sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $userdata['user_email']) . "' OR ban_email LIKE '" . substr(str_replace("\'", "''", $userdata['user_email']), strpos(str_replace("\'", "''", $userdata['user_email']), "@")) . "'"; } if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql); } if ( $ban_info = $db->sql_fetchrow($result) ) { if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] ) { message_die(CRITICAL_MESSAGE, 'You_been_banned'); } } // // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { list($sec, $usec) = explode(' ', microtime()); mt_srand((float) $sec + ((float) $usec * 100000)); $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); } } //if ( $user_id != ANONYMOUS ) //{ $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; if (!$admin) { $sql = "UPDATE " . USERS_TABLE . " SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit, user_lastlogon = " . time() . ", user_totallogon=user_totallogon+1 WHERE user_id = $user_id"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); } } $userdata['user_lastvisit'] = $last_visit; // // Regenerate the auto-login key // if ($enable_autologin) { list($sec, $usec) = explode(' ', microtime()); mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000)); $auto_login_key = uniqid(mt_rand(), true); if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '') { $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time WHERE key_id = '" . md5($sessiondata['autologinid']) . "'"; } else { $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login) VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)"; } if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); } $sessiondata['autologinid'] = $auto_login_key; unset($auto_login_key); } else { $sessiondata['autologinid'] = ''; } // $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; //} $userdata['session_id'] = $session_id; $userdata['session_ip'] = $user_ip; $userdata['session_user_id'] = $user_id; $userdata['session_logged_in'] = $login; $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; $userdata['session_admin'] = $admin; $userdata['session_key'] = $sessiondata['autologinid']; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); $SID = 'sid=' . $session_id; return $userdata; } // // Checks for a given user session, tidies session table and updates user // sessions at each page refresh // function session_pagestart($user_ip, $thispage_id) { global $db, $lang, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; $current_time = time(); unset($userdata); if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ) { $sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array(); $session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : ''; $sessionmethod = SESSION_METHOD_COOKIE; } else { $sessiondata = array(); $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; $sessionmethod = SESSION_METHOD_GET; } // if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { $session_id = ''; } $thispage_id = (int) $thispage_id; // // Does a session exist? // if ( !empty($session_id) ) { $expiry_time = $current_time - $board_config['session_length'] ; // // session_id exists so go ahead and attempt to grab all // data in preparation // $sql = "SELECT u.*, s.* FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u WHERE s.session_id = '$session_id' AND u.user_id = s.session_user_id AND session_time > $expiry_time"; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql); } $userdata = $db->sql_fetchrow($result); // // Did the session exist in the DB? // if ( isset($userdata['user_id']) ) { // // Do not check IP assuming equivalence, if IPv4 we'll check only first 24 // bits ... I've been told (by vHiker) this should alleviate problems with // load balanced et al proxies while retaining some reliance on IP security. // $ip_check_s = substr($userdata['session_ip'], 0, 6); $ip_check_u = substr($user_ip, 0, 6); if ($ip_check_s == $ip_check_u) { $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : ''; // // Only update session DB a minute or so after last update // if ( $current_time - $userdata['session_time'] > 60 ) { // A little trick to reset session_admin on session re-usage $update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : ''; $sql = "UPDATE " . SESSIONS_TABLE . " SET session_time = $current_time, session_page = $thispage_id$update_admin WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); } //if ( $userdata['user_id'] != ANONYMOUS ) //{ $sql = "UPDATE " . USERS_TABLE . " SET user_session_time = $current_time, user_session_page = $thispage_id, user_totalpages = user_totalpages+1, user_totaltime = user_totaltime+($current_time-".$userdata['session_time'].") WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql); } //} session_clean($userdata['session_id']); setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); } return $userdata; } } } // // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. // $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS; if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) ) { message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql); } return $userdata; } /** * Terminates the specified session * It will delete the entry in the sessions table for this session, * remove the corresponding auto-login key and reset the cookies */ function session_end($session_id, $user_id) { global $db, $lang, $board_config, $userdata; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; $cookiename = $board_config['cookie_name']; $cookiepath = $board_config['cookie_path']; $cookiedomain = $board_config['cookie_domain']; $cookiesecure = $board_config['cookie_secure']; $current_time = time(); if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { return; } // // Delete existing session // $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '$session_id' AND session_user_id = $user_id"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql); } // // Remove this auto-login entry (if applicable) // if ( isset($userdata['session_key']) && $userdata['session_key'] != '' ) { $autologin_key = md5($userdata['session_key']); $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id . " AND key_id = '$autologin_key'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error removing auto-login key', '', __LINE__, __FILE__, $sql); } } // // We expect that message_die will be called after this function, // but just in case it isn't, reset $userdata to the details for a guest // $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; if ( !($result = $db->sql_query($sql)) ) { message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql); } if ( !($userdata = $db->sql_fetchrow($result)) ) { message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql); } $db->sql_freeresult($result); setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure); return true; } /** * Removes expired sessions and auto-login keys from the database */ function session_clean($session_id) { global $board_config, $db; // // Delete expired sessions // $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE UNIX_TIMESTAMP() - session_time >=172800 AND session_id <> '$session_id'"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql); } // // Delete expired auto-login keys // If max_autologin_time is not set then keys will never be deleted // (same behaviour as old 2.0.x session code) // if (!empty($board_config['max_autologin_time']) && $board_config['max_autologin_time'] > 0) { $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time'])); $db->sql_query($sql); } return true; } // // Append $SID to a url. Borrowed from phplib and modified. This is an // extra routine utilised by the session code above and acts as a wrapper // around every single URL and form action. If you replace the session // code you must include this routine, even if it's empty. // function append_sid($url, $non_html_amp = false) { global $SID; if ( !empty($SID) && !preg_match('#sid=#', $url) ) { $url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID; } return $url; } ?>

by **Nightstalker** on Tue 08. Nov, 2005 23:59

Ummm,Im still in the dark here,could someone tell me what the fix is.
This is for a 2.0.17 Board,again not interested in uprading to 18 as of yet.

by **acoolwelshbloke** on Wed 09. Nov, 2005 00:39

if your using the 2.0.17 version of phpbb just download the original mod as it works with all versions prior to 2.0.18.

Only use the new sessins.php script if using this mod with 2.0.18. :wink:

MODS.DB9.DK

Need help with install

Who is online