includes/sessions.php
changeset 259 112debff64bd
parent 256 f8356d9c3481
child 261 5f1cd51bf1be
equal deleted inserted replaced
258:8be996c3740d 259:112debff64bd
   600     $username = str_replace('_', ' ', $username);
   600     $username = str_replace('_', ' ', $username);
   601     $db_username_lower = $this->prepare_text(strtolower($username));
   601     $db_username_lower = $this->prepare_text(strtolower($username));
   602     $db_username       = $this->prepare_text($username);
   602     $db_username       = $this->prepare_text($username);
   603     
   603     
   604     // Select the user data from the table, and decrypt that so we can verify the password
   604     // Select the user data from the table, and decrypt that so we can verify the password
   605     $this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$db_username_lower.'\' OR username=\'' . $db_username . '\';');
   605     $this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username)=\''.$db_username_lower.'\' OR username=\'' . $db_username . '\';');
   606     if($db->numrows() < 1)
   606     if($db->numrows() < 1)
   607     {
   607     {
   608       // This wasn't logged in <1.0.2, dunno how it slipped through
   608       // This wasn't logged in <1.0.2, dunno how it slipped through
   609       if($level > USER_LEVEL_MEMBER)
   609       if($level > USER_LEVEL_MEMBER)
   610         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   610         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   728     
   728     
   729     // Initialize our success switch
   729     // Initialize our success switch
   730     $success = false;
   730     $success = false;
   731     
   731     
   732     // Retrieve the real password from the database
   732     // Retrieve the real password from the database
   733     $this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
   733     $this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username)=\''.$this->prepare_text(strtolower($username)).'\';');
   734     if ( $db->numrows() < 1 )
   734     if ( $db->numrows() < 1 )
   735     {
   735     {
   736       // This wasn't logged in <1.0.2, dunno how it slipped through
   736       // This wasn't logged in <1.0.2, dunno how it slipped through
   737       if($level > USER_LEVEL_MEMBER)
   737       if($level > USER_LEVEL_MEMBER)
   738         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   738         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
  1000                              . '    ON ( u.user_id=x.user_id OR x.user_id IS NULL )' . "\n"
  1000                              . '    ON ( u.user_id=x.user_id OR x.user_id IS NULL )' . "\n"
  1001                              . '  LEFT JOIN '.table_prefix.'privmsgs AS p' . "\n"
  1001                              . '  LEFT JOIN '.table_prefix.'privmsgs AS p' . "\n"
  1002                              . '    ON ( p.message_to=u.username AND p.message_read=0 )' . "\n"
  1002                              . '    ON ( p.message_to=u.username AND p.message_read=0 )' . "\n"
  1003                              . '  WHERE k.session_key=\''.$keyhash.'\'' . "\n"
  1003                              . '  WHERE k.session_key=\''.$keyhash.'\'' . "\n"
  1004                              . '    AND k.salt=\''.$salt.'\'' . "\n"
  1004                              . '    AND k.salt=\''.$salt.'\'' . "\n"
  1005                              . '  GROUP BY u.user_id;');
  1005                              . '  GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;');
       
  1006     
  1006     if ( !$query )
  1007     if ( !$query )
  1007     {
  1008     {
  1008       $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms FROM '.table_prefix.'session_keys AS k
  1009       $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms FROM '.table_prefix.'session_keys AS k
  1009                              LEFT JOIN '.table_prefix.'users AS u
  1010                              LEFT JOIN '.table_prefix.'users AS u
  1010                                ON ( u.user_id=k.user_id )
  1011                                ON ( u.user_id=k.user_id )
  1011                              LEFT JOIN '.table_prefix.'privmsgs AS p
  1012                              LEFT JOIN '.table_prefix.'privmsgs AS p
  1012                                ON ( p.message_to=u.username AND p.message_read=0 )
  1013                                ON ( p.message_to=u.username AND p.message_read=0 )
  1013                              WHERE k.session_key=\''.$keyhash.'\'
  1014                              WHERE k.session_key=\''.$keyhash.'\'
  1014                                AND k.salt=\''.$salt.'\'
  1015                                AND k.salt=\''.$salt.'\'
  1015                              GROUP BY u.user_id;');
  1016                              GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level;');
  1016     }
  1017     }
  1017     if($db->numrows() < 1)
  1018     if($db->numrows() < 1)
  1018     {
  1019     {
  1019       // echo '(debug) $session->validate_session: Key was not found in database<br />';
  1020       // echo '(debug) $session->validate_session: Key was not found in database<br />';
  1020       return false;
  1021       return false;
  1360     $col_reason = ( $this->compat ) ? '"No reason entered (session manager is in compatibility mode)" AS reason' : 'reason';
  1361     $col_reason = ( $this->compat ) ? '"No reason entered (session manager is in compatibility mode)" AS reason' : 'reason';
  1361     $banned = false;
  1362     $banned = false;
  1362     if ( $this->user_logged_in )
  1363     if ( $this->user_logged_in )
  1363     {
  1364     {
  1364       // check by IP, email, and username
  1365       // check by IP, email, and username
  1365       $sql = "SELECT $col_reason, ban_value, ban_type, is_regex FROM " . table_prefix . "banlist WHERE \n"
  1366       if ( ENANO_DBLAYER == 'MYSQL' )
  1366             . "    ( ban_type = " . BAN_IP    . " AND is_regex = 0 ) OR \n"
  1367       {
  1367             . "    ( ban_type = " . BAN_IP    . " AND is_regex = 1 AND '{$_SERVER['REMOTE_ADDR']}' REGEXP ban_value ) OR \n"
  1368         $sql = "SELECT $col_reason, ban_value, ban_type, is_regex FROM " . table_prefix . "banlist WHERE \n"
  1368             . "    ( ban_type = " . BAN_USER  . " AND is_regex = 0 AND ban_value = '{$this->username}' ) OR \n"
  1369               . "    ( ban_type = " . BAN_IP    . " AND is_regex = 0 ) OR \n"
  1369             . "    ( ban_type = " . BAN_USER  . " AND is_regex = 1 AND '{$this->username}' REGEXP ban_value ) OR \n"
  1370               . "    ( ban_type = " . BAN_IP    . " AND is_regex = 1 AND '{$_SERVER['REMOTE_ADDR']}' REGEXP ban_value ) OR \n"
  1370             . "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 0 AND ban_value = '{$this->email}' ) OR \n"
  1371               . "    ( ban_type = " . BAN_USER  . " AND is_regex = 0 AND ban_value = '{$this->username}' ) OR \n"
  1371             . "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 1 AND '{$this->email}' REGEXP ban_value ) \n"
  1372               . "    ( ban_type = " . BAN_USER  . " AND is_regex = 1 AND '{$this->username}' REGEXP ban_value ) OR \n"
  1372             . "  ORDER BY ban_type ASC;";
  1373               . "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 0 AND ban_value = '{$this->email}' ) OR \n"
       
  1374               . "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 1 AND '{$this->email}' REGEXP ban_value ) \n"
       
  1375               . "  ORDER BY ban_type ASC;";
       
  1376       }
       
  1377       else if ( ENANO_DBLAYER == 'PGSQL' )
       
  1378       {
       
  1379         $sql = "SELECT $col_reason, ban_value, ban_type, is_regex FROM " . table_prefix . "banlist WHERE \n"
       
  1380               . "    ( ban_type = " . BAN_IP    . " AND is_regex = 0 ) OR \n"
       
  1381               . "    ( ban_type = " . BAN_IP    . " AND is_regex = 1 AND '{$_SERVER['REMOTE_ADDR']}' LIKE ban_value ) OR \n"
       
  1382               . "    ( ban_type = " . BAN_USER  . " AND is_regex = 0 AND ban_value = '{$this->username}' ) OR \n"
       
  1383               . "    ( ban_type = " . BAN_USER  . " AND is_regex = 1 AND '{$this->username}' LIKE ban_value ) OR \n"
       
  1384               . "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 0 AND ban_value = '{$this->email}' ) OR \n"
       
  1385               . "    ( ban_type = " . BAN_EMAIL . " AND is_regex = 1 AND '{$this->email}' LIKE ban_value ) \n"
       
  1386               . "  ORDER BY ban_type ASC;";
       
  1387       }
  1373       $q = $this->sql($sql);
  1388       $q = $this->sql($sql);
  1374       if ( $db->numrows() > 0 )
  1389       if ( $db->numrows() > 0 )
  1375       {
  1390       {
  1376         while ( list($reason, $ban_value, $ban_type, $is_regex) = $db->fetchrow_num() )
  1391         while ( list($reason, $ban_value, $ban_type, $is_regex) = $db->fetchrow_num() )
  1377         {
  1392         {
  1398       $db->free_result();
  1413       $db->free_result();
  1399     }
  1414     }
  1400     else
  1415     else
  1401     {
  1416     {
  1402       // check by IP only
  1417       // check by IP only
  1403       $sql = "SELECT $col_reason, ban_value, ban_type, is_regex FROM " . table_prefix . "banlist WHERE
  1418       if ( ENANO_DBLAYER == 'MYSQL' )
  1404                 ( ban_type = " . BAN_IP    . " AND is_regex = 0 ) OR
  1419       {
  1405                 ( ban_type = " . BAN_IP    . " AND is_regex = 1 AND '{$_SERVER['REMOTE_ADDR']}' REGEXP ban_value )
  1420         $sql = "SELECT $col_reason, ban_value, ban_type, is_regex FROM " . table_prefix . "banlist WHERE
  1406               ORDER BY ban_type ASC;";
  1421                   ( ban_type = " . BAN_IP    . " AND is_regex = 0 ) OR
       
  1422                   ( ban_type = " . BAN_IP    . " AND is_regex = 1 AND '{$_SERVER['REMOTE_ADDR']}' REGEXP ban_value )
       
  1423                 ORDER BY ban_type ASC;";
       
  1424       }
       
  1425       else if ( ENANO_DBLAYER == 'PGSQL' )
       
  1426       {
       
  1427         $sql = "SELECT $col_reason, ban_value, ban_type, is_regex FROM " . table_prefix . "banlist WHERE
       
  1428                   ( ban_type = " . BAN_IP    . " AND is_regex = 0 ) OR
       
  1429                   ( ban_type = " . BAN_IP    . " AND is_regex = 1 AND '{$_SERVER['REMOTE_ADDR']}' LIKE ban_value )
       
  1430                 ORDER BY ban_type ASC;";
       
  1431       }
  1407       $q = $this->sql($sql);
  1432       $q = $this->sql($sql);
  1408       if ( $db->numrows() > 0 )
  1433       if ( $db->numrows() > 0 )
  1409       {
  1434       {
  1410         while ( list($reason, $ban_value, $ban_type, $is_regex) = $db->fetchrow_num() )
  1435         while ( list($reason, $ban_value, $ban_type, $is_regex) = $db->fetchrow_num() )
  1411         {
  1436         {
  1461     $username = $this->prepare_text($username);
  1486     $username = $this->prepare_text($username);
  1462     $email = $this->prepare_text($email);
  1487     $email = $this->prepare_text($email);
  1463     $real_name = $this->prepare_text($real_name);
  1488     $real_name = $this->prepare_text($real_name);
  1464     
  1489     
  1465     $nameclause = ( $real_name != '' ) ? ' OR real_name=\''.$real_name.'\'' : '';
  1490     $nameclause = ( $real_name != '' ) ? ' OR real_name=\''.$real_name.'\'' : '';
  1466     $q = $this->sql('SELECT * FROM '.table_prefix.'users WHERE lcase(username)=\''.strtolower($username).'\' OR email=\''.$email.'\''.$nameclause.';');
  1491     $q = $this->sql('SELECT * FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username)=\''.strtolower($username).'\' OR email=\''.$email.'\''.$nameclause.';');
  1467     if($db->numrows() > 0)
  1492     if($db->numrows() > 0)
  1468     {
  1493     {
  1469       $r = 'The ';
  1494       $r = 'The ';
  1470       $i=0;
  1495       $i=0;
  1471       $row = $db->fetchrow();
  1496       $row = $db->fetchrow();
  1746     {
  1771     {
  1747       $q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE user_id='.$user.';'); // This is SAFE! This is only called if $user is an integer
  1772       $q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE user_id='.$user.';'); // This is SAFE! This is only called if $user is an integer
  1748     }
  1773     }
  1749     elseif(is_string($user))
  1774     elseif(is_string($user))
  1750     {
  1775     {
  1751       $q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE lcase(username)=lcase(\''.$db->escape($user).'\');');
  1776       $q = $this->sql('SELECT user_id,username,email FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username)=' . ENANO_SQLFUNC_LOWERCASE . '(\''.$db->escape($user).'\');');
  1752     }
  1777     }
  1753     else
  1778     else
  1754     {
  1779     {
  1755       return false;
  1780       return false;
  1756     }
  1781     }
  2474   
  2499   
  2475   function make_captcha($len = 7)
  2500   function make_captcha($len = 7)
  2476   {
  2501   {
  2477     $code = $this->generate_captcha_code($len);
  2502     $code = $this->generate_captcha_code($len);
  2478     $hash = md5(microtime() . mt_rand());
  2503     $hash = md5(microtime() . mt_rand());
  2479     $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
  2504     $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
  2480     return $hash;
  2505     return $hash;
  2481   }
  2506   }
  2482   
  2507   
  2483   /**
  2508   /**
  2484    * Generates the actual confirmation code text.
  2509    * Generates the actual confirmation code text.
  2709     {
  2734     {
  2710       $pg_info .= ' ( page_id=\'' . $g_id . '\' AND namespace=\'__PageGroup\' ) OR';
  2735       $pg_info .= ' ( page_id=\'' . $g_id . '\' AND namespace=\'__PageGroup\' ) OR';
  2711     }
  2736     }
  2712     
  2737     
  2713     // Build a query to grab ACL info
  2738     // Build a query to grab ACL info
  2714     $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ' . "\n"
  2739     $bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ' . "\n"
  2715           . '  ( ';
  2740           . '  ( ';
  2716     $q = Array();
  2741     $q = Array();
  2717     $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
  2742     $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )';
  2718     if(count($session->groups) > 0)
  2743     if(count($session->groups) > 0)
  2719     {
  2744     {