~azzar1/unity/add-show-desktop-key
» Revision
500
(compared to revision 476)
: www/php/phpBB3/includes/session.php
« back to all changes in this revision
Viewing changes to www/php/phpBB3/includes/session.php
- browse files at revision 500
- compare with another revision
- download diff
- download tarball
- view history from revision 500
- Committer: mattgiuca
- Date: 2008-02-19 00:54:28 UTC
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:500
db: get_user and get_users now return User objects instead of dictionaries.
This is the major part of replacing dicts with User objects, as it
propagates upwards.
Propagated User objects up through the following modules:
listusers.py, dispatch.login, authenticate, userservice, forumutil
All of these now treat users as an object rather than a dict.
To save on the size of the changes so far, login still individually copies
fields over to the session (so the session does not yet store a user object;
that is the second part of this refactor).
WOO!! Revision 500 :)
This is the major part of replacing dicts with User objects, as it
propagates upwards.
Propagated User objects up through the following modules:
listusers.py, dispatch.login, authenticate, userservice, forumutil
All of these now treat users as an object rather than a dict.
To save on the size of the changes so far, login still individually copies
fields over to the session (so the session does not yet store a user object;
that is the second part of this refactor).
WOO!! Revision 500 :)
- files added:
- lib/common/forumutil.py
- files modified:
- doc/setup/install_proc.txt
added
removed
www/php/phpBB3/includes/session.php
183
183
// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
184
184
$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
185
185
186
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
187
{
188
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
189
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
190
$this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true);
191
192
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
193
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
194
195
if (empty($this->session_id))
196
{
197
$this->session_id = $_SID = request_var('sid', '');
198
$SID = '?sid=' . $this->session_id;
199
$this->cookie_data = array('u' => 0, 'k' => '');
200
}
201
}
202
else
203
{
204
$this->session_id = $_SID = request_var('sid', '');
205
$SID = '?sid=' . $this->session_id;
206
}
186
187
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) ||
188
isset($_COOKIE[$config['cookie_name'] . '_u']))
189
{
190
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0,
191
false, true);
192
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '',
193
false, true);
194
$this->session_id = request_var($config['cookie_name'] . '_sid', '',
195
false, true);
196
197
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
198
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
199
200
if (empty($this->session_id))
201
{
202
$this->session_id = $_SID = request_var('sid', '');
203
$SID = '?sid=' . $this->session_id;
204
$this->cookie_data = array('u' => 0, 'k' => '');
205
}
206
}
207
else
208
{
209
$this->session_id = $_SID = request_var('sid', '');
210
$SID = '?sid=' . $this->session_id;
211
}
207
212
208
213
$_EXTRA_URL = array();
209
214
234
239
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
235
240
WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'
236
241
AND u.user_id = s.session_user_id";
237
$result = $db->sql_query($sql);
242
$result = $db->sql_query($sql);
238
243
$this->data = $db->sql_fetchrow($result);
239
244
$db->sql_freeresult($result);
240
245
246
// IVLE
247
$ivle_userid = $this->ivle_auth();
248
if ($ivle_userid and $ivle_userid != $this->data['user_id']) {
249
#$this->session_kill();
250
#trigger_error($ivle_userid);
251
return $this->session_create($ivle_userid);
252
}
253
241
254
// Did the session exist in the DB?
242
255
if (isset($this->data['user_id']))
243
256
{
244
257
// Validate IP length according to admin ... enforces an IP
245
258
// check on bots if admin requires this
246
// $quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];
259
// $quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];
247
260
248
261
if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false)
249
262
{
357
370
$this->session_gc();
358
371
}*/
359
372
360
// Shared secret between IVLE and the Forum
361
$ivle_secret = 'VERYSECRET';
362
363
// Shared Cookie
364
$ivle_cookie = $_COOKIE['ivlecookie'];
365
366
// Decode and unescape the Cookie contents
367
$cookie = explode(':',$ivle_cookie);
368
$ivle_uid = preg_replace('/\\\(.)/','$1',$cookie[0]);
369
$ivle_nick = preg_replace('/\\\(.)/','$1',$cookie[1]);
370
$ivle_email = preg_replace('/\\\(.)/','$1',$cookie[2]);
371
$ivle_hash = preg_replace('/\\\(.)/','$1',$cookie[3]);
372
373
// Check if uid + nick + email + secret is the same as the hash
374
$ivle_auth = False; // Flag just incase anything else need to know
375
if (md5($ivle_uid.$ivle_nick.$ivle_email.$ivle_secret) == $ivle_hash) {
376
$ivle_auth = True;
377
378
// Check if the user exists in the database
379
$sql = 'SELECT user_id
380
FROM ' . USERS_TABLE . '
381
WHERE username = "' . $db->sql_escape($ivle_uid) . '";';
382
$result = $db->sql_query($sql);
383
$row = $db->sql_fetchrow($result);
384
$user_id = $row['user_id'];
385
$db->sql_freeresult($result);
386
387
// If no user_id is found for the username, create a new user
388
if(!$user_id) {
389
// Needed for IVLE auth overide
390
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
391
392
// Get the default group
393
$sql = 'SELECT group_id
394
FROM ' . GROUPS_TABLE . "
395
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
396
AND group_type = " . GROUP_SPECIAL;
397
$result = $db->sql_query($sql);
398
$row = $db->sql_fetchrow($result);
399
$db->sql_freeresult($result);
400
401
if (!$row) {
402
trigger_error('NO_GROUP');
403
}
404
405
$group_id = $row['group_id'];
406
407
// Get the Time and Timezone
408
$timezone = date('Z') / 3600;
409
$is_dst = date('I');
410
$timezone = ($is_dst) ? $timezone - 1 : $timezone;
411
412
$user_row = array(
413
'username' => $ivle_uid,
414
'user_password' => '', # Not a valid hash
415
'user_email' => $ivle_email,
416
'group_id' => (int) $group_id,
417
'user_timezone' => (float) $timezone,
418
'user_dst' => $is_dst,
419
'user_lang' => 'en',
420
'user_type' => USER_NORMAL,
421
'user_actkey' => '',
422
'user_ip' => $this->ip,
423
'user_regdate' => time(),
424
'user_inactive_reason' => 0,
425
'user_inactive_time' => 0,
426
);
427
428
// Add user
429
$user_id = user_add($user_row);
430
}
431
}
432
/* IVLE: End of IVLE Code */
433
434
435
373
// Do we allow autologin on this board? No? Then override anything
436
374
// that may be requested here
437
375
if (!$config['allow_autologin'])
456
394
}
457
395
458
396
// If ip is supplied, we will make sure the ip is matching too...
459
if ($row['bot_ip'] && ($bot || !$row['bot_agent']))
397
if ($row['bot_ip'] && ($bot || !$row['bot_agent']))
460
398
{
461
399
// Set bot to false, then we only have to set it to true if it is matching
462
400
$bot = false;
1094
1032
if (empty($this->session_id))
1095
1033
{
1096
1034
// This seems to be no longer needed? - #14971
1097
// $this->session_create(ANONYMOUS);
1035
//$this->session_create(ANONYMOUS);
1098
1036
}
1099
1037
1100
1038
// Initiate environment ... since it won't be set at this stage
2010
1948
{
2011
1949
return $var;
2012
1950
}
2013
}
1951
}
1952
1953
/** IVLE AUTH
1954
* This function attempts to authenticate from a signed cookie provided by
1955
* IVLE. If it does it will return either the forum user_id for the logged in
1956
* IVLE user or will create a new one on-the-fly.
1957
*
1958
* If a bad authentication is given then the ANONAMOUS user will be returned
1959
*/
1960
function ivle_auth()
1961
{
1962
global $db, $phpEx;
1963
1964
// Shared secret between IVLE and the Forum
1965
$ivle_secret = 'VERYSECRET';
1966
1967
// Shared Cookie
1968
$ivle_cookie = explode(':',$_COOKIE['ivleforumcookie']);
1969
1970
if ($ivle_cookie == "NONE") {
1971
return ANONYMOUS;
1972
}
1973
1974
// Decode and unescape the Cookie contents
1975
$ivle_uid = urldecode($ivle_cookie[0]);
1976
$ivle_nick = urldecode($ivle_cookie[1]);
1977
$ivle_email = urldecode($ivle_cookie[2]);
1978
$ivle_role = urldecode($ivle_cookie[3]);
1979
$ivle_hash = $ivle_cookie[4];
1980
1981
// Check if uid + nick + email + secret is the same as the hash
1982
//$ivle_auth = False; // Flag just incase anything else need to know
1983
if(md5($ivle_cookie[0].$ivle_cookie[1].$ivle_cookie[2].$ivle_cookie[3].$ivle_secret)
1984
== $ivle_hash) {
1985
//$ivle_auth = True;
1986
1987
// Check if the user exists in the database
1988
$sql = 'SELECT user_id
1989
FROM ' . USERS_TABLE . '
1990
WHERE username = "' . $db->sql_escape($ivle_uid) . '";';
1991
$result = $db->sql_query($sql);
1992
$row = $db->sql_fetchrow($result);
1993
$user_id = $row['user_id'];
1994
$db->sql_freeresult($result);
1995
1996
// If no user_id is found for the username, create a new user
1997
if(!$user_id) {
1998
// Needed for IVLE auth overide
1999
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
2000
2001
// Add all users to the Registered Group
2002
$sql = 'SELECT group_id
2003
FROM ' . GROUPS_TABLE . "
2004
WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
2005
AND group_type = " . GROUP_SPECIAL;
2006
$result = $db->sql_query($sql);
2007
$row = $db->sql_fetchrow($result);
2008
$db->sql_freeresult($result);
2009
2010
if (!$row) {
2011
trigger_error('NO_GROUP');
2012
}
2013
2014
$group_id = $row['group_id'];
2015
2016
// Get the Time and Timezone
2017
$timezone = date('Z') / 3600;
2018
$is_dst = date('I');
2019
$timezone = ($is_dst) ? $timezone - 1 : $timezone;
2020
2021
// Fill into array
2022
$user_row = array(
2023
'username' => $ivle_uid,
2024
'user_password' => '', # Not a valid hash
2025
'user_email' => $ivle_email,
2026
'group_id' => (int) $group_id,
2027
'user_timezone' => (float) $timezone,
2028
'user_dst' => $is_dst,
2029
'user_lang' => 'en',
2030
'user_type' => USER_NORMAL,
2031
'user_actkey' => '',
2032
'user_ip' => $this->ip,
2033
'user_regdate' => time(),
2034
'user_inactive_reason' => 0,
2035
'user_inactive_time' => 0,
2036
);
2037
2038
// Add user
2039
$user_id = user_add($user_row);
2040
2041
// Add any aditional groups
2042
// Select the equvialent group
2043
$group = False;
2044
switch($ivle_role) {
2045
case('admin'):
2046
$group = 'ADMINISTRATORS';
2047
break;
2048
case('lecturer'):
2049
$group = 'GLOBAL_MODERATORS';
2050
break;
2051
}
2052
if ($group) {
2053
// Find the group_id
2054
$sql = 'SELECT group_id
2055
FROM ' . GROUPS_TABLE . "
2056
WHERE group_name = '" . $db->sql_escape($group) . "'
2057
AND group_type = " . GROUP_SPECIAL;
2058
$result = $db->sql_query($sql);
2059
$row = $db->sql_fetchrow($result);
2060
$db->sql_freeresult($result);
2061
2062
if (!$row) {
2063
trigger_error('NO_GROUP');
2064
}
2065
2066
$group_id = $row['group_id'];
2067
2068
group_user_add($group_id,Array($user_id));
2069
}
2070
}
2071
return $user_id;
2072
} else {
2073
return False;
2074
}
2075
}
2014
2076
}
2015
2016
2077
?>
Loggerhead is a web-based interface for Breezy
Version: 2.0.1