1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
|
<?php
mt_srand(intval(substr(microtime(), 2, 8)));
if(mt_rand(1,100)==50) {
$db->unbuffered_query("DELETE FROM bb".$n."_adminsessions WHERE userid=0 AND lastactivity<".(time()-$adminsession_timeout),1);
$db->unbuffered_query("DELETE FROM bb".$n."_sessions WHERE lastactivity<".(time()-$sessiontimeout),1);
$db->unbuffered_query("DELETE FROM bb".$n."_searchs WHERE searchtime<".(time()-86400*7),1);
}
$REMOTE_ADDR = getIpAddress();
$HTTP_USER_AGENT = substr($_SERVER['HTTP_USER_AGENT'], 0, 100);
$REQUEST_URI = $_SERVER['REQUEST_URI'];
if(!$REQUEST_URI) {
if($_SERVER['PATH_INFO']) $REQUEST_URI = $_SERVER['PATH_INFO'];
else $REQUEST_URI = $_SERVER['PHP_SELF'];
if($_SERVER['QUERY_STRING']) $REQUEST_URI.="?".$_SERVER['QUERY_STRING'];
}
$REQUEST_URI = substr(basename($REQUEST_URI), 0, 250);
if(!strstr($REQUEST_URI,".")) $REQUEST_URI="index.php";
unset($wbbuserdata);
unset($session);
unset($wbb_userid);
unset($styleid);
unset($langid);
if(isset($_COOKIE[$cookieprefix.'userid'])) $wbb_userid=intval($_COOKIE[$cookieprefix.'userid']);
if(isset($_REQUEST['styleid'])) $styleid = intval($_REQUEST['styleid']);
if(isset($_REQUEST['langid'])) $langid = intval($_REQUEST['langid']);
if(isset($_GET['sid'])) $sid=$_GET['sid'];
elseif(isset($_POST['sid'])) $sid=$_POST['sid'];
else $sid="";
if(!$sid && isset($_COOKIE[$cookieprefix.'cookiehash'])) $sid=$_COOKIE[$cookieprefix.'cookiehash'];
if($sid && isset($_COOKIE[$cookieprefix.'cookiehash']) && $_COOKIE[$cookieprefix.'cookiehash'] && $sid!=$_COOKIE[$cookieprefix.'cookiehash']) $falsecookiehash=1;
if($allowloginencryption==1)
{
// generate authentificationcode
unset($authentificationcode);
$need=needNewAuthentificationcode();
if($need==0 || $need==1) $authentificationcode=makeAuthentificationcode();
}
$createsession=0;
if($sid) {
$session = $db->query_first("SELECT * FROM bb".$n."_sessions WHERE sessionhash = '".addslashes($sid)."' AND ipaddress = '".addslashes($REMOTE_ADDR)."' AND useragent = '".addslashes($HTTP_USER_AGENT)."'");
if($session['sessionhash']) {
$wbb_userid=$session['userid'];
$session['lastactivity'] = time();
if(!isset($styleid)) $styleid=$session['styleid'];
if(!isset($langid)) $langid=$session['langid'];
}
else $createsession = 1;
}
else $createsession = 1;
if($createsession==1 || $session['userid']==0) {
if(isset($_COOKIE[$cookieprefix.'userid']) && isset($_COOKIE[$cookieprefix.'userpassword'])) { /* maybe member */
$wbbuserdata=getwbbuserdata(intval($_COOKIE[$cookieprefix.'userid']),"userid",1);
if($_COOKIE[$cookieprefix.'userpassword']==$wbbuserdata['password']) { /* member */
$session = array();
$session['sessionhash'] = md5(uniqid(microtime()));
$session['userid'] = intval($_COOKIE[$cookieprefix.'userid']);
$wbb_userid = $session['userid'];
$session['ipaddress'] = $REMOTE_ADDR;
$session['useragent'] = $HTTP_USER_AGENT;
$session['lastactivity'] = time();
$session['request_uri'] = $REQUEST_URI;
if(isset($styleid)) $session['styleid'] = $styleid;
else $session['styleid']=$wbbuserdata['styleid'];
if(isset($langid)) $session['langid'] = $langid;
else $session['langid']=$wbbuserdata['langid'];
$db->unbuffered_query("DELETE FROM bb".$n."_sessions WHERE userid = '$session[userid]'",1);
$db->unbuffered_query("INSERT INTO bb".$n."_sessions (sessionhash,userid,ipaddress,useragent,lastactivity,request_uri,styleid,langid,authentificationcode) VALUES ('$session[sessionhash]','$session[userid]','".addslashes($session['ipaddress'])."','".addslashes($session['useragent'])."','$session[lastactivity]','".addslashes($session['request_uri'])."','$session[styleid]','$session[langid]','".((isset($authentificationcode)) ? ($authentificationcode) : (""))."')",1);
bbcookie("cookiehash",$session['sessionhash'],0);
}
else {
if($createsession==1) $guestsession = 1;
unset($wbb_userid);
unset($wbbuserdata);
bbcookie("userid","",1);
bbcookie("userpassword","",1);
}
}
elseif($createsession==1) {
unset($wbb_userid);
$guestsession = 1;
}
if(isset($guestsession)) { /* guest */
$db->unbuffered_query("DELETE FROM bb".$n."_sessions WHERE userid='0' AND ipaddress = '".addslashes($REMOTE_ADDR)."' AND useragent = '".addslashes($HTTP_USER_AGENT)."'",1);
$session['sessionhash'] = md5(uniqid(microtime()));
$session['userid'] = 0;
$session['ipaddress'] = $REMOTE_ADDR;
$session['useragent'] = $HTTP_USER_AGENT;
$session['lastactivity'] = time();
$session['request_uri'] = $REQUEST_URI;
if(isset($styleid)) $session['styleid'] = $styleid;
else $session['styleid']=0;
if(isset($langid)) $session['langid'] = $langid;
else {
if(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) && $_SERVER["HTTP_ACCEPT_LANGUAGE"]!="") {
$acceptLanguages = preg_split('%[,;]%', addslashes(preg_replace('%([a-z]{1,8})-[a-z]{1,8}%i', '$1', $_SERVER['HTTP_ACCEPT_LANGUAGE'])));
$languages = array();
$result = $db->query("SELECT languagepackid, languagecode FROM bb".$n."_languagepacks WHERE languagecode IN ('".implode("','", $acceptLanguages)."')");
while ($row = $db->fetch_array($result)) $languages[$row['languagecode']] = $row['languagepackid'];
foreach ($acceptLanguages as $acceptLanguage) {
if (isset($languages[$acceptLanguage])) {
$langid = $session['langid'] = $languages[$acceptLanguage];
break;
}
}
if (!isset($langid)) $session['langid'] = 0;
}
else $session['langid']=0;
}
$db->unbuffered_query("INSERT INTO bb".$n."_sessions (sessionhash,userid,ipaddress,useragent,lastactivity,request_uri,styleid,langid,authentificationcode) VALUES ('$session[sessionhash]','0','".addslashes($session['ipaddress'])."','".addslashes($session['useragent'])."','$session[lastactivity]','".addslashes($session['request_uri'])."','$session[styleid]','$session[langid]','".((isset($authentificationcode)) ? ($authentificationcode) : (""))."')",1);
bbcookie("cookiehash",$session['sessionhash'],0);
}
}
if(!isset($wbbuserdata)) {
if(isset($wbb_userid) && $wbb_userid!=0)
{
/** read $wbbuserdata using the function getwbbuserdata() (@see functions.php) **/
$wbbuserdata=getwbbuserdata($wbb_userid,"userid",1);
}
else {
if(!isset($_COOKIE[$cookieprefix.'lastvisit'])) bbcookie("lastvisit",time(),0);
/**read $wbbuserdata using the function getwbbuserdata() - search for grouptype .. (@see functions.php) **/
$wbbuserdata=getwbbuserdata(1,"grouptype",1);
$wbbuserdata['userid'] = 0;
$wbbuserdata['username'] = "guest"; //default guestname
if(!isset($_COOKIE[$cookieprefix.'lastvisit'])) $wbbuserdata['lastvisit'] = time();
else $wbbuserdata['lastvisit']=intval($_COOKIE[$cookieprefix.'lastvisit']);
$wbbuserdata['lastactivity'] = time();
$wbbuserdata['showsignatures'] = $default_register_showsignatures;
$wbbuserdata['showavatars'] = $default_register_showavatars;
$wbbuserdata['showimages'] = $default_register_showimages;
$wbbuserdata['timezoneoffset']=$default_timezoneoffset;
$wbbuserdata['usecookies']=$default_register_usecookies;
$wbbuserdata['threadview']=$default_register_threadview;
$wbbuserdata['startweek']=$default_startweek;
$wbbuserdata['styleid'] = 0;
$wbbuserdata['pmpopup'] = 0;
$wbbuserdata['buddylist'] = "";
$wbbuserdata['ignorelist'] = "";
$wbbuserdata['umaxposts'] = 0;
$wbbuserdata['daysprune'] = 0;
if($wbbuserdata['lastactivity']< time()-$sessiontimeout) {
bbcookie("lastvisit",$wbbuserdata['lastactivity'],0);
$wbbuserdata['lastvisit'] = $wbbuserdata['lastactivity'];
}
}
}
$sid = $session['sessionhash'];
$session['hash']=$session['sessionhash'];
unset($session['sessionhash']);
if(isset($falsecookiehash)) {
bbcookie("cookiehash",$session['hash'],0);
$wbbuserdata['nosessionhash']=0;
}
if(isset($wbbuserdata['nosessionhash']) && $wbbuserdata['nosessionhash']==1) $session['hash']="";
if(isset($styleid)) $wbbuserdata['styleid']=$styleid;
if(isset($langid)) $wbbuserdata['langid']=$langid;
if(!isset($wbbuserdata['dateformat']) || !$wbbuserdata['dateformat']) $wbbuserdata['dateformat']=$dateformat;
if(!isset($wbbuserdata['timeformat']) || !$wbbuserdata['timeformat']) $wbbuserdata['timeformat']=$timeformat;
if($wbbuserdata['userid']!=0) {
$pmpopup_reset = (($wbbuserdata['pmpopup']==2 && (!isset($_POST) || count($_POST)==0) && $filename!="attachment.php" && $filename!="attachmentedit.php" && $filename!="logout.php" && $filename!="markread.php" && $filename!="misc.php" && $filename!="modcp.php" && $filename!="polledit.php" && $filename!="register.php" && $filename!="search.php" && ($filename!="thread.php" || !isset($_REQUEST['goto'])) && $filename!="threadrating.php" && $filename!="usercp.php") ? (", pmpopup=1") : (""));
if($wbbuserdata['lastactivity']< time()-$sessiontimeout) {
if($offline != 1 || $wbbuserdata['can_view_off_board'] != 0) {
$db->unbuffered_query("UPDATE bb".$n."_users SET lastvisit=lastactivity, lastactivity = '".time()."', langid='$wbbuserdata[langid]'".$pmpopup_reset." WHERE userid = '$wbbuserdata[userid]'",1);
$wbbuserdata['lastvisit'] = $wbbuserdata['lastactivity'];
$wbbuserdata['lastactivity'] = time();
checkPosts4AI();
sessionupdate();
}
}
else {
$db->unbuffered_query("UPDATE bb".$n."_users SET lastactivity = '".time()."', langid='$wbbuserdata[langid]'".$pmpopup_reset." WHERE userid = '$wbbuserdata[userid]'",1);
$wbbuserdata['lastactivity'] = time();
}
}
if(isset($authentificationcode)) $session['authentificationcode']=$authentificationcode;
?> |