equal
deleted
inserted
replaced
1110 $_COOKIE['sid'] = $session_key; |
1110 $_COOKIE['sid'] = $session_key; |
1111 } |
1111 } |
1112 // $keyhash is stored in the database, this is for compatibility with the older DB structure |
1112 // $keyhash is stored in the database, this is for compatibility with the older DB structure |
1113 $keyhash = md5($session_key); |
1113 $keyhash = md5($session_key); |
1114 // Record the user's IP |
1114 // Record the user's IP |
1115 $ip = ip2hex($_SERVER['REMOTE_ADDR']); |
1115 $ip = $_SERVER['REMOTE_ADDR']; |
1116 if(!$ip) |
1116 if(!is_valid_ip($ip)) |
1117 die('$session->register_session: Remote-Addr was spoofed'); |
1117 die('$session->register_session: Remote-Addr was spoofed'); |
1118 // The time needs to be stashed to enforce the 15-minute limit on elevated session keys |
1118 // The time needs to be stashed to enforce the 15-minute limit on elevated session keys |
1119 $time = time(); |
1119 $time = time(); |
1120 |
1120 |
1121 // Sanity check |
1121 // Sanity check |
1177 $this->style = 'bleu'; |
1177 $this->style = 'bleu'; |
1178 } |
1178 } |
1179 else |
1179 else |
1180 { |
1180 { |
1181 $this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme; |
1181 $this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme; |
1182 $this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4); |
1182 $this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : preg_replace('/\.css$/', '', $template->named_theme_list[$this->theme]['default_style']); |
1183 } |
1183 } |
1184 $this->user_id = 1; |
1184 $this->user_id = 1; |
1185 // This is a VERY special case we are allowing. It lets the installer create languages using the Enano API. |
1185 // This is a VERY special case we are allowing. It lets the installer create languages using the Enano API. |
1186 if ( !defined('ENANO_ALLOW_LOAD_NOLANG') ) |
1186 if ( !defined('ENANO_ALLOW_LOAD_NOLANG') ) |
1187 { |
1187 { |
1248 // echo '(debug) $session->validate_session: Key was not found in database<br />'; |
1248 // echo '(debug) $session->validate_session: Key was not found in database<br />'; |
1249 return false; |
1249 return false; |
1250 } |
1250 } |
1251 $row = $db->fetchrow(); |
1251 $row = $db->fetchrow(); |
1252 $row['user_id'] =& $row['uid']; |
1252 $row['user_id'] =& $row['uid']; |
1253 $ip = ip2hex($_SERVER['REMOTE_ADDR']); |
1253 $ip = $_SERVER['REMOTE_ADDR']; |
1254 if($row['auth_level'] > $row['user_level']) |
1254 if($row['auth_level'] > $row['user_level']) |
1255 { |
1255 { |
1256 // Failed authorization check |
1256 // Failed authorization check |
1257 // echo '(debug) $session->validate_session: access to this auth level denied<br />'; |
1257 // echo '(debug) $session->validate_session: access to this auth level denied<br />'; |
1258 return false; |
1258 return false; |
3512 } |
3512 } |
3513 } |
3513 } |
3514 |
3514 |
3515 } |
3515 } |
3516 |
3516 |
|
3517 /** |
|
3518 * Cron task - clears out the database of Diffie-Hellman keys |
|
3519 */ |
|
3520 |
|
3521 function cron_clean_login_cache() |
|
3522 { |
|
3523 global $db, $session, $paths, $template, $plugins; // Common objects |
|
3524 |
|
3525 if ( !$db->sql_query('DELETE FROM ' . table_prefix . 'diffiehellman;') ) |
|
3526 $db->_die(); |
|
3527 |
|
3528 setConfig('login_key_cache', ''); |
|
3529 } |
|
3530 |
|
3531 register_cron_task('cron_clean_login_cache', 72); |
|
3532 |
3517 ?> |
3533 ?> |