www.gusucode.com > weenCompany闻名企业网站系统 4.0.0 繁体中英文 UTF8源码程序 > includes/usersystems/phpbb2.php
<?php // +---------------------------------------------+ // | Copyright 2003 - 2005 weenCompany | // | http://www.weentech.com | // | This file may not be redistributed. | // +---------------------------------------------+ if(!defined('IN_WEENCOMPANY')) die('File not found!'); $sessioncreated = false; // ############################# PHPBB2 VARIABLES ############################### $tableprefix = $usersystem['tblprefix']; $getcookiesecure = $DB->query_first("SELECT config_value FROM " . $tableprefix . "config WHERE config_name = 'cookie_secure'"); $cookiesecure = $getcookiesecure['config_value']; $cookietime = $usersystem['cookietimeout']; $cookieprefix = $usersystem['cookieprefix']; $cookiedomain = ""; $cookiepath = "/"; // ################################ ENCODE IP ################################## // written by the authors of phpBB2 function encode_ip($dotquad_ip) { $ip_sep = explode('.', $dotquad_ip); return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]); } // ################################# USER IP ################################### $clientip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR ); $userip = encode_ip($clientip); // ############################### SET COOKIE ############################### function sdsetcookie($name, $value = '', $permanent = 1) { global $cookieprefix, $cookiesecure, $cookiepath, $cookiedomain; $expire = $permanent ? (TIMENOW + 60 * 60 * 24 * 365) : 0; $secure = $cookiesecure ? 1 : 0; // secure(1) = using SSL $name = $cookieprefix . $name; setcookie($name, $value, $expire, $cookiepath, $cookiedomain, $secure); } // ################################## DEFINES ################################## define('TIMENOW', time()); define('SESSION_HOST', $userip); define('ANONYMOUS', -1); // ############################ CREATE SESSION HASH ############################ function CreateSessionHash() { return md5(uniqid(SESSION_HOST)); } function CreateAutoLoginID($userid, $session_id, $autologinid = '') { global $DB, $tableprefix; list($sec, $usec) = explode(' ', microtime()); mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000)); $auto_login_key = uniqid(mt_rand(), true); if (isset($autologinid) && (string) $autologinid != '') { $sql = "UPDATE ". $tableprefix . "sessions_keys SET last_ip = '" . SESSION_HOST . "', key_id = '" . md5($auto_login_key) . "', last_login = " . TIMENOW . "WHERE key_id = '" . md5($autologinid) . "'"; } else { $sql = "INSERT INTO ". $tableprefix . "sessions_keys (key_id, user_id, last_ip, last_login) VALUES ('" . md5($auto_login_key) . "', $userid, '" . SESSION_HOST . "', " . TIMENOW .")"; } $DB->query($sql); return $auto_login_key; } // ############################## CREATE SESSION ############################### function CreateSession($userid = -1, $user_session_time = -1, $autologin = 0, $autologinid = '') { global $DB, $sessioncreated, $tableprefix, $v2018; $userid = intval($userid); $loggedin = $userid > 1 ? 1 : 0; // phpbb2 users start from id 1 // setup the session $session = array('session_id' => CreateSessionHash(), 'session_user_id' => $userid, 'session_start' => TIMENOW, 'session_time' => TIMENOW, 'session_ip' => SESSION_HOST, 'session_page' => 0, 'session_logged_in' => $loggedin, 'session_autologinid' => ''); // insert the session into the database $DB->query("REPLACE INTO " . $tableprefix . "sessions (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) VALUES ('" . addslashes($session['session_id']) . "', $session[session_user_id], $session[session_start], $session[session_time], '" . addslashes($session['session_ip']) . "', $session[session_page], $session[session_logged_in])"); // update last activity if($userid > 0) { $last_visit = ( $user_session_time > 0 ) ? $user_session_time : TIMENOW; $DB->query("UPDATE " . $tableprefix . "users SET user_session_time = " . TIMENOW . ", user_lastvisit = " . $last_visit . " WHERE user_id = $userid"); if($autologin && $v2018) { $session['session_autologinid'] = CreateAutoLoginID($userid, $session['session_id'], $autologinid); } } // return if we are logging in our logging out (since logging in and out already creates sessions) if(!isset($_POST['login']) AND !isset($_GET['logout'])) { // save the session id sdsetcookie('_sid', $session['session_id'], 0); } // set sessioncreated to true so that we don't update this session later on in the script // (because it was just created) $sessioncreated = true; return $session; } // ############################# FIND SESSION HASH ############################# if(!empty($_POST['s'])) { $sessionhash = $_POST['s']; } else if (!empty($_GET['s'])) { $sessionhash = $_GET['s']; } else { $sessionhash = isset($_COOKIE[$cookieprefix . '_sid']) ? $_COOKIE[$cookieprefix . '_sid'] : ''; } // ########################## IS THIS VERSION 2.1.8 or later? ##################### function CheckVersion($major, $minor) { global $DB, $tableprefix; $version = $DB->query_first("SELECT config_value FROM " . $tableprefix . "config WHERE config_name = 'version'"); if(isset($version[0])) { $ver = explode('.', $version[0]); if(count($ver) == 3 && ((intval($ver[1]) > $major) || (intval($ver[2]) > $minor))) { return true; } } return false; } $v2018 = CheckVersion(0, 18); // ############################# CONTINUE SESSION ############################## if(!empty($sessionhash)) { $session = $DB->query_first("SELECT * FROM " . $tableprefix . "sessions WHERE session_id = '" . addslashes(trim($sessionhash)) . "' AND session_time > " . (TIMENOW - $cookietime) . " AND session_ip = '" . addslashes(SESSION_HOST) . "'"); } // ############################### COOKIE LOGIN ################################ if(empty($session) OR $session['session_user_id'] == 0) { // session is not set or the user is a guest, lets check the cookies: if(isset($_COOKIE[$cookieprefix . '_data'])) { $sessiondata = unserialize(stripslashes($HTTP_COOKIE_VARS[$cookieprefix . '_data'])); if(!empty($sessiondata['userid']) AND !empty($sessiondata['autologinid']) AND is_numeric($sessiondata['userid'])) { if($v2018) { $user = $DB->query_first("SELECT u.* FROM " . $tableprefix . "users u, ". $tableprefix . "sessions_keys k WHERE u.user_id = " . (int) $sessiondata['userid'] . " AND u.user_active = 1 AND k.user_id = u.user_id AND k.key_id = '" . md5($sessiondata['autologinid']) . "'"); } else { $user = $user = $DB->query_first("SELECT * FROM " . $tableprefix . "users WHERE user_id = '" . $sessiondata['userid'] . "' AND user_password = '" . addslashes($sessiondata['autologinid']) . "'"); } if($user) { // combination is valid if(!empty($session['session_id'])) { // old session still exists; kill it $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE session_id = '" . addslashes($session['session_id']). "'"); } $session = CreateSession($user['user_id'], $user['user_session_time']); } else if(isset($_POST['login'])) // cookie is bad! { // cookie's bad and since we're not doing anything login related, kill the bad cookie sdsetcookie('_data', '', 1); sdsetcookie('_sid', '', 0); } } } } // ########################### CREATE GUEST SESSION ############################ if(empty($session)) { // still no session, create a guest session $session = CreateSession(-1); } // ############################ SETUP USER VARIABLE ############################ if($session['session_user_id'] < 1) { $user = array('userid' => -1, // phpbb guests are -1 userid 'usergroupids' => 1, // phpBB2 - Unregistered / Not Logged In 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1); } else // greater or equal to 2 { $getuser = $DB->query_first("SELECT * FROM " . $tableprefix . "users WHERE user_id = $session[session_user_id]"); $user = array('userid' => $getuser['user_id'], // phpbb guests are -1 userid 'username' => $getuser['username'], 'loggedin' => 1, 'email' => $getuser['user_email'], 'timezoneoffset' => $getuser['user_timezone'], 'dstonoff' => 0, // phpBB2 doesn't have a dst option 'dstauto' => 0); // phpBB2 doesn't have a dst option unset($getuser); // find the usergroupids // phpbb2 creates a new usergroup for each user, but I don't want to show hundreds of usergroups in the admin panel // so lets only select the usergroups that don't have a strlen of 0 //$usergroupids[] = 5; // default of 5 $usergroupids = array(); $getusergroups = $DB->query("SELECT g.group_id FROM " . $tableprefix . "groups g, " . $tableprefix . "user_group u WHERE u.user_id = $user[userid] AND u.group_id = g.group_id AND g.group_name != ''"); while($usergroup = $DB->fetch_array($getusergroups)) { // now find the usergroup name if(count($usergroupids) <= 0 || !in_array($usergroup['group_id'], $usergroupids)) { $usergroupids[] = $usergroup['group_id']; } } // add the 'fake' registered group? if(count($usergroupids) <= 0 && $isregistered = $DB->query_first("SELECT g.group_id FROM " . $tableprefix . "groups g, " . $tableprefix . "user_group u WHERE u.user_id = $user[userid] AND u.group_id = g.group_id AND g.group_name = ''")) { $usergroupids[] = -3; // usergroup id -3 is an emulated registered usergroup for phpBB2 created by weenCompany } $user['usergroupids'] = $usergroupids; unset($usergroupids); } // ############################## UPDATE SESSION ############################### if(!$sessioncreated) // unless the session was just created.... { $DB->query("UPDATE " . $tableprefix . "sessions SET session_time = " . TIMENOW . " WHERE session_id = '" . addslashes($session['session_id']) . "'"); } // ################################### LOGIN ################################### if(isset($_POST['login'])) { $loginusername = $_POST['loginusername']; $loginpassword = $_POST['loginpassword']; if(strlen($loginusername) != 0) { // get userid for given username if($getuser = $DB->query_first("SELECT * FROM " . $tableprefix . "users WHERE username = '" . addslashes($loginusername) . "'")) { if(md5($loginpassword) === $getuser['user_password'] AND $getuser['user_active'] AND $getuser['user_id'] != ANONYMOUS) { // logged in $user = array('userid' => $getuser['user_id'], // phpbb guests are -1 userid 'usergroupids' => 5, // phpBB2 Registered, this is just the default group, more or gathered next: 'username' => $getuser['username'], 'loggedin' => 1, 'email' => $getuser['user_email'], 'timezoneoffset' => $getuser['user_timezone'], 'dstonoff' => 0, // phpBB2 doesn't have a dst option 'dstauto' => 0); // phpBB2 doesn't have a dst option $user_password = $getuser['user_password']; unset($getuser); // find the usergroupids // phpbb2 creates a new usergroup for each user, but I don't want to show hundreds of usergroups in the admin panel // so lets only select the usergroups that don't have a strlen of 0 //$usergroupids[] = 5; // default of 5 $getusergroups = $DB->query("SELECT g.group_id FROM " . $tableprefix . "groups g, " . $tableprefix . "user_group u WHERE u.user_id = $user[userid] AND u.group_id = g.group_id AND g.group_name != ''"); while($usergroup = $DB->fetch_array($getusergroups)) { // now find the usergroup name if(count($usergroupids) <= 0 || !in_array($usergroup['group_id'], $usergroupids)) { $usergroupids[] = $usergroup['group_id']; } } // add the 'fake' registered group? if(count($usergroupids) <= 0 && $isregistered = $DB->query_first("SELECT g.group_id FROM " . $tableprefix . "groups g, " . $tableprefix . "user_group u WHERE u.user_id = $user[userid] AND u.group_id = g.group_id AND g.group_name = ''")) { $usergroupids[] = -3; // usergroup id -3 is an emulated registered usergroup for phpBB2 created by weenCompany } $user['usergroupids'] = $usergroupids; unset($usergroupids); // erase old session $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE session_id = '" . addslashes($session['session_id']) . "'"); // insert new session $session['session_id'] = CreateSessionHash(); // insert the session into the database $DB->query("REPLACE INTO " . $tableprefix . "sessions (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) VALUES ('" . addslashes($session['session_id']) . "', " . intval($user['userid']) . ", " . TIMENOW . ", " . TIMENOW . ", '" . addslashes(SESSION_HOST) . "', 0, 1)"); // save the sessionhash in the cookie sdsetcookie('_sid', $session['session_id'], 0); // save the password if the user has selected the 'remember me' option if($v2018) { $sessiondata['autologinid'] = $_POST['rememberme'] ? CreateAutoLoginID($user['userid'], $session['session_id']) : ''; } else { $sessiondata['autologinid'] = $_POST['rememberme'] ? $user_password : ''; } $sessiondata['userid'] = $user['userid']; sdsetcookie('_data', serialize($sessiondata), 1); } else { $loginerrors[] = $sdlanguage['wrong_password']; } } else { // wront username OR: username = ANONYMOUS, probably a hacker // lets just give them wrong username to throw them off $loginerrors[] = $sdlanguage['wrong_username']; } } else { $loginerrors[] = $sdlanguage['please_enter_username']; } } // ################################## LOGOUT ################################### if(isset($_GET['logout'])) { // clear cookies sdsetcookie('_data', '', 1); sdsetcookie('_sid', '', 0); if($user['userid'] > 1) { $DB->query("UPDATE " . $tableprefix . "users SET user_lastvisit = " . TIMENOW . " WHERE user_id = $user[userid]"); // make sure any other of this user's sessions are deleted (in case they ended up with more than one) $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE session_user_id = $user[userid]"); } $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE session_id = '" . addslashes($session['session_id']) . "'"); $session['session_id'] = CreateSessionHash(); // insert the session into the database $DB->query("REPLACE INTO " . $tableprefix . "sessions (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) VALUES ('" . addslashes($session['session_id']) . "', '-1', " . TIMENOW . ", " . TIMENOW . ", '" . addslashes(SESSION_HOST) . "', 0, 0)"); sdsetcookie('_sid', $session['session_id'], 0); $user = array('userid' => -1, // phpbb guests are -1 userid 'usergroupids' => 1, // phpBB2 - Unregistered / Not Logged In 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1); } // ############################ ADD SESSION TO URL? ############################ if(sizeof($_COOKIE) > 0 OR preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT'])) { $user['sessionurl'] = ''; } else if (strlen($session['session_id']) > 0) { $user['sessionurl'] = 's=' . $session['session_id']; } // ############################ DELETE OLD SESSIONS ############################ $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE session_time < " . intval(TIMENOW - $cookietime)); // ###################### WEENCOMPANY USER SETTINGS SETUP ####################### $usersettings = array('userid' => $user['userid'], 'usergroupids' => $user['usergroupids'], 'username' => $user['username'], 'loggedin' => $user['loggedin'], 'email' => $user['email'], 'timezoneoffset' => $user['timezoneoffset'], 'dstonoff' => $user['dstonoff'], 'dstauto' => $user['dstauto'], 'sessionurl' => $user['sessionurl']); // ############################## UNSET VARIABLES ############################## unset($user, $session, $sessionhash); // ############################## USER FUNCTIONS ############################## function IsIPBanned($clientip) { global $DB, $usersystem, $dbname; $user_ip_parts = null; preg_match('/(..)(..)(..)(..)/', encode_ip($clientip), $user_ip_parts); $query = "SELECT ban_ip FROM " . $usersystem['tblprefix'] . "banlist WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')"; if($usersystem['dbname'] != $dbname) { // weenCompany is being integrated with a Forum in a different database $DB->select_db($usersystem['dbname']); $getbanip = $DB->query($query); $DB->select_db($dbname); } else { $getbanip = $DB->query($query); } if($banip = $DB->fetch_array($getbanip)) { if($banip['ban_ip']) return true; } return false; } // Returns the relevent forum link url // linkType // 1 - Register // 2 - UserCP // 3 - Recover Password // 4 - UserCP (requires $userid) // 5 - SendPM (requires $userid) function ForumLink($linkType, $userid = -1) { global $weenurl, $usersystem; switch($linkType) { case 1: $url = 'profile.php?mode=register'; break; case 2: $url = 'profile.php?mode=editprofile'; break; case 3: $url = 'profile.php?mode=sendpassword'; break; case 4: $url = 'profile.php?mode=viewprofile&u=' . $userid; break; case 5: $url = 'privmsg.php?mode=post&u=' . $userid; break; } return $weenurl . $usersystem['folderpath'] . $url; } ?>