Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/sessions.php
changeset 590 03a60844c7c5
parent 586 234ddd896555
child 591 2529833a7731
equal deleted inserted replaced
589:88d4ed0a2898 590:03a60844c7c5 
   417     global $lang;
 
   417     global $lang;
 
   418     global $timezone;
 
   418     global $timezone;
 
   419     if($this->started) return;
 
   419     if($this->started) return;
 
   420     $this->started = true;
 
   420     $this->started = true;
 
   421     $user = false;
 
   421     $user = false;
 
   422     if(isset($_COOKIE['sid']))
 
   422     if ( isset($_COOKIE['sid']) )
 
   423     {
 
   423     {
 
   424       if($this->compat)
 
   424       if ( $this->compat )
 
   425       {
 
   425       {
 
   426         $userdata = $this->compat_validate_session($_COOKIE['sid']);
 
   426         $userdata = $this->compat_validate_session($_COOKIE['sid']);
 
   427       }
 
   427       }
 
   428       else
 
   428       else
 
   429       {
 
   429       {
 
   430         $userdata = $this->validate_session($_COOKIE['sid']);
 
   430         $userdata = $this->validate_session($_COOKIE['sid']);
 
   431       }
 
   431       }
 
   432       if(is_array($userdata))
 
   432       if ( is_array($userdata) )
 
   433       {
 
   433       {
 
   434         $data = RenderMan::strToPageID($paths->get_pageid_from_url());
 
   434         $data = RenderMan::strToPageID($paths->get_pageid_from_url());
 
   435         
   435         
   436         if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
 
   436         if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
 
   437         {
 
   437         {
 
   596       }
 
   596       }
 
   597       else
 
   597       else
 
   598       {
 
   598       {
 
   599         die('No group info');
 
   599         die('No group info');
 
   600       }
 
   600       }
 
       
   601       profiler_log('Fetched group memberships');
 
   601     }
 
   602     }
 
   602     
   603     
   603     // make sure we aren't banned
 
   604     // make sure we aren't banned
 
   604     $this->check_banlist();
 
   605     $this->check_banlist();
 
   605     
   606     
   613     }
 
   614     }
 
   614     
   615     
   615     // setup theme ACLs
 
   616     // setup theme ACLs
 
   616     $template->process_theme_acls();
 
   617     $template->process_theme_acls();
 
   617     
   618     
   618     profiler_log('Sessions started');
 
   619     profiler_log('Sessions started. Banlist and theme ACLs initialized');
 
   619   }
 
   620   }
 
   620   
   621   
   621   # Logins
 
   622   # Logins
 
   622   
   623   
   623   /**
 
   624   /**
 
  1278       // echo '(debug) $session->validate_session: Key does not match regex<br />Decrypted key: '.$decrypted_key;
 
  1279       // echo '(debug) $session->validate_session: Key does not match regex<br />Decrypted key: '.$decrypted_key;
 
  1279       return false;
 
  1280       return false;
 
  1280     }
 
  1281     }
 
  1281     $keyhash = md5($key);
 
  1282     $keyhash = md5($key);
 
  1282     $salt = $db->escape($keydata[3]);
 
  1283     $salt = $db->escape($keydata[3]);
 
       
  1284     profiler_log("SessionManager: checking session: " . sha1($key) . ": decrypted session key to $decrypted_key");
 
  1283     // using a normal call to $db->sql_query to avoid failing on errors here
 
  1285     // using a normal call to $db->sql_query to avoid failing on errors here
 
  1284     $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,' . "\n"
 
  1286     $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,' . "\n"
 
  1285                              . '    u.reg_time,u.account_active,u.activation_key,u.user_lang,u.user_title,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,' . "\n"
 
  1287                              . '    u.reg_time,u.account_active,u.activation_key,u.user_lang,u.user_title,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,' . "\n"
 
  1286                              . '    u.user_timezone, x.* FROM '.table_prefix.'session_keys AS k' . "\n"
 
  1288                              . '    u.user_timezone, x.* FROM '.table_prefix.'session_keys AS k' . "\n"
 
  1287                              . '  LEFT JOIN '.table_prefix.'users AS u' . "\n"
 
  1289                              . '  LEFT JOIN '.table_prefix.'users AS u' . "\n"
 
  1309     {
 
  1311     {
 
  1310       // echo '(debug) $session->validate_session: Key was not found in database<br />';
 
  1312       // echo '(debug) $session->validate_session: Key was not found in database<br />';
 
  1311       return false;
 
  1313       return false;
 
  1312     }
 
  1314     }
 
  1313     $row = $db->fetchrow();
 
  1315     $row = $db->fetchrow();
 
       
  1316     profiler_log("SessionManager: checking session: " . sha1($key) . ": selected and fetched results");
 
  1314     $row['user_id'] =& $row['uid'];
 
  1317     $row['user_id'] =& $row['uid'];
 
  1315     $ip = $_SERVER['REMOTE_ADDR'];
 
  1318     $ip = $_SERVER['REMOTE_ADDR'];
 
  1316     if($row['auth_level'] > $row['user_level'])
 
  1319     if($row['auth_level'] > $row['user_level'])
 
  1317     {
 
  1320     {
 
  1318       // Failed authorization check
 
  1321       // Failed authorization check
Enano CMS (1.1.x)