includes/sessions.php
changeset 590 03a60844c7c5
parent 586 234ddd896555
child 591 2529833a7731
equal deleted inserted replaced
589:88d4ed0a2898 590:03a60844c7c5
   417     global $lang;
   417     global $lang;
   418     global $timezone;
   418     global $timezone;
   419     if($this->started) return;
   419     if($this->started) return;
   420     $this->started = true;
   420     $this->started = true;
   421     $user = false;
   421     $user = false;
   422     if(isset($_COOKIE['sid']))
   422     if ( isset($_COOKIE['sid']) )
   423     {
   423     {
   424       if($this->compat)
   424       if ( $this->compat )
   425       {
   425       {
   426         $userdata = $this->compat_validate_session($_COOKIE['sid']);
   426         $userdata = $this->compat_validate_session($_COOKIE['sid']);
   427       }
   427       }
   428       else
   428       else
   429       {
   429       {
   430         $userdata = $this->validate_session($_COOKIE['sid']);
   430         $userdata = $this->validate_session($_COOKIE['sid']);
   431       }
   431       }
   432       if(is_array($userdata))
   432       if ( is_array($userdata) )
   433       {
   433       {
   434         $data = RenderMan::strToPageID($paths->get_pageid_from_url());
   434         $data = RenderMan::strToPageID($paths->get_pageid_from_url());
   435         
   435         
   436         if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
   436         if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
   437         {
   437         {
   596       }
   596       }
   597       else
   597       else
   598       {
   598       {
   599         die('No group info');
   599         die('No group info');
   600       }
   600       }
       
   601       profiler_log('Fetched group memberships');
   601     }
   602     }
   602     
   603     
   603     // make sure we aren't banned
   604     // make sure we aren't banned
   604     $this->check_banlist();
   605     $this->check_banlist();
   605     
   606     
   613     }
   614     }
   614     
   615     
   615     // setup theme ACLs
   616     // setup theme ACLs
   616     $template->process_theme_acls();
   617     $template->process_theme_acls();
   617     
   618     
   618     profiler_log('Sessions started');
   619     profiler_log('Sessions started. Banlist and theme ACLs initialized');
   619   }
   620   }
   620   
   621   
   621   # Logins
   622   # Logins
   622   
   623   
   623   /**
   624   /**
  1278       // echo '(debug) $session->validate_session: Key does not match regex<br />Decrypted key: '.$decrypted_key;
  1279       // echo '(debug) $session->validate_session: Key does not match regex<br />Decrypted key: '.$decrypted_key;
  1279       return false;
  1280       return false;
  1280     }
  1281     }
  1281     $keyhash = md5($key);
  1282     $keyhash = md5($key);
  1282     $salt = $db->escape($keydata[3]);
  1283     $salt = $db->escape($keydata[3]);
       
  1284     profiler_log("SessionManager: checking session: " . sha1($key) . ": decrypted session key to $decrypted_key");
  1283     // using a normal call to $db->sql_query to avoid failing on errors here
  1285     // using a normal call to $db->sql_query to avoid failing on errors here
  1284     $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,' . "\n"
  1286     $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,' . "\n"
  1285                              . '    u.reg_time,u.account_active,u.activation_key,u.user_lang,u.user_title,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,' . "\n"
  1287                              . '    u.reg_time,u.account_active,u.activation_key,u.user_lang,u.user_title,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,' . "\n"
  1286                              . '    u.user_timezone, x.* FROM '.table_prefix.'session_keys AS k' . "\n"
  1288                              . '    u.user_timezone, x.* FROM '.table_prefix.'session_keys AS k' . "\n"
  1287                              . '  LEFT JOIN '.table_prefix.'users AS u' . "\n"
  1289                              . '  LEFT JOIN '.table_prefix.'users AS u' . "\n"
  1309     {
  1311     {
  1310       // echo '(debug) $session->validate_session: Key was not found in database<br />';
  1312       // echo '(debug) $session->validate_session: Key was not found in database<br />';
  1311       return false;
  1313       return false;
  1312     }
  1314     }
  1313     $row = $db->fetchrow();
  1315     $row = $db->fetchrow();
       
  1316     profiler_log("SessionManager: checking session: " . sha1($key) . ": selected and fetched results");
  1314     $row['user_id'] =& $row['uid'];
  1317     $row['user_id'] =& $row['uid'];
  1315     $ip = $_SERVER['REMOTE_ADDR'];
  1318     $ip = $_SERVER['REMOTE_ADDR'];
  1316     if($row['auth_level'] > $row['user_level'])
  1319     if($row['auth_level'] > $row['user_level'])
  1317     {
  1320     {
  1318       // Failed authorization check
  1321       // Failed authorization check