includes/sessions.php
changeset 603 33b274c8d357
parent 595 b051eb79b158
child 618 587b393f1e5e
equal deleted inserted replaced
602:ecbc8d202058 603:33b274c8d357
   434       {
   434       {
   435         $data = RenderMan::strToPageID($paths->get_pageid_from_url());
   435         $data = RenderMan::strToPageID($paths->get_pageid_from_url());
   436         
   436         
   437         if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
   437         if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
   438         {
   438         {
   439           $language = intval(getConfig('default_language'));
   439           $this->show_inactive_error($userdata);
   440           $lang = new Language($language);
       
   441           @setlocale(LC_ALL, $lang->lang_code);
       
   442           
       
   443           $this->logout();
       
   444           $a = getConfig('account_activation');
       
   445           switch($a)
       
   446           {
       
   447             case 'none':
       
   448             default:
       
   449               $solution = $lang->get('user_login_noact_solution_none');
       
   450               break;
       
   451             case 'user':
       
   452               $solution = $lang->get('user_login_noact_solution_user');
       
   453               break;
       
   454             case 'admin':
       
   455               $solution = $lang->get('user_login_noact_solution_admin');
       
   456               break;
       
   457           }
       
   458           
       
   459           // admin activation request opportunity
       
   460           $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($userdata['username']) . '\';');
       
   461           if ( !$q )
       
   462             $db->_die();
       
   463           
       
   464           $can_request = ( $db->numrows() < 1 );
       
   465           $db->free_result();
       
   466           
       
   467           if ( isset($_POST['logout']) )
       
   468           {
       
   469             $this->sid = $_COOKIE['sid'];
       
   470             $this->user_logged_in = true;
       
   471             $this->user_id =       intval($userdata['user_id']);
       
   472             $this->username =      $userdata['username'];
       
   473             $this->auth_level =    USER_LEVEL_MEMBER;
       
   474             $this->user_level =    USER_LEVEL_MEMBER;
       
   475             $this->logout();
       
   476             redirect(scriptPath . '/', $lang->get('user_login_noact_msg_logout_success_title'), $lang->get('user_login_noact_msg_logout_success_body'), 5);
       
   477           }
       
   478           
       
   479           if ( $can_request && !isset($_POST['activation_request']) )
       
   480           {
       
   481             $form = '<p>' . $lang->get('user_login_noact_msg_ask_admins') . '</p>
       
   482                      <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
       
   483                        <p><input type="submit" name="activation_request" value="' . $lang->get('user_login_noact_btn_request_activation') . '" /> <input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
       
   484                      </form>';
       
   485           }
       
   486           else
       
   487           {
       
   488             if ( $can_request && isset($_POST['activation_request']) )
       
   489             {
       
   490               $this->admin_activation_request($userdata['username']);
       
   491               $form = '<p>' . $lang->get('user_login_noact_msg_admins_just_asked') . '</p>
       
   492                        <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
       
   493                          <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
       
   494                        </form>';
       
   495             }
       
   496             else
       
   497             {
       
   498               $form = '<p>' . $lang->get('user_login_noact_msg_admins_asked') . '</p>
       
   499                        <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
       
   500                          <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
       
   501                        </form>';
       
   502             }
       
   503           }
       
   504           
       
   505           die_semicritical($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form);
       
   506         }
   440         }
   507         
   441         
   508         $this->sid = $_COOKIE['sid'];
   442         $this->sid = $_COOKIE['sid'];
   509         $this->user_logged_in = true;
   443         $this->user_logged_in = true;
   510         $this->user_id =       intval($userdata['user_id']);
   444         $this->user_id =       intval($userdata['user_id']);
  1153     $session_key = "u=$username;p=$passha1;s=$salt";
  1087     $session_key = "u=$username;p=$passha1;s=$salt";
  1154     
  1088     
  1155     // Encrypt the key
  1089     // Encrypt the key
  1156     $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
  1090     $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
  1157     $session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX);
  1091     $session_key = $aes->encrypt($session_key, $this->private_key, ENC_HEX);
       
  1092     $dec_DEBUG = $aes->decrypt($session_key, $this->private_key, ENC_HEX);
  1158     
  1093     
  1159     // If we're registering an elevated-privilege key, it needs to be on GET
  1094     // If we're registering an elevated-privilege key, it needs to be on GET
  1160     if($level > USER_LEVEL_MEMBER)
  1095     if($level > USER_LEVEL_MEMBER)
  1161     {
  1096     {
  1162       // Reverse it - cosmetic only ;-)
  1097       // Reverse it - cosmetic only ;-)
  1295                              . '    ON ( p.message_to=u.username AND p.message_read=0 )' . "\n"
  1230                              . '    ON ( p.message_to=u.username AND p.message_read=0 )' . "\n"
  1296                              . '  WHERE k.session_key=\''.$keyhash.'\'' . "\n"
  1231                              . '  WHERE k.session_key=\''.$keyhash.'\'' . "\n"
  1297                              . '    AND k.salt=\''.$salt.'\'' . "\n"
  1232                              . '    AND k.salt=\''.$salt.'\'' . "\n"
  1298                              . '  GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,u.user_lang,u.user_timezone,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public, x.disable_js_fx;');
  1233                              . '  GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,u.user_lang,u.user_timezone,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public, x.disable_js_fx;');
  1299     
  1234     
  1300     if ( !$query )
  1235     if ( !$query && ( defined('IN_ENANO_INSTALL') or defined('IN_ENANO_UPGRADE') ) )
  1301     {
  1236     {
  1302       $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms, 1440 AS user_timezone FROM '.table_prefix.'session_keys AS k
  1237       $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms, 1440 AS user_timezone FROM '.table_prefix.'session_keys AS k
  1303                              LEFT JOIN '.table_prefix.'users AS u
  1238                              LEFT JOIN '.table_prefix.'users AS u
  1304                                ON ( u.user_id=k.user_id )
  1239                                ON ( u.user_id=k.user_id )
  1305                              LEFT JOIN '.table_prefix.'privmsgs AS p
  1240                              LEFT JOIN '.table_prefix.'privmsgs AS p
  1306                                ON ( p.message_to=u.username AND p.message_read=0 )
  1241                                ON ( p.message_to=u.username AND p.message_read=0 )
  1307                              WHERE k.session_key=\''.$keyhash.'\'
  1242                              WHERE k.session_key=\''.$keyhash.'\'
  1308                                AND k.salt=\''.$salt.'\'
  1243                                AND k.salt=\''.$salt.'\'
  1309                              GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level;');
  1244                              GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level;');
       
  1245     }
       
  1246     else if ( !$query )
       
  1247     {
       
  1248       $db->_die();
  1310     }
  1249     }
  1311     if($db->numrows() < 1)
  1250     if($db->numrows() < 1)
  1312     {
  1251     {
  1313       // echo '(debug) $session->validate_session: Key was not found in database<br />';
  1252       // echo '(debug) $session->validate_session: Key was not found in database<br />';
  1314       return false;
  1253       return false;
  1498     }
  1437     }
  1499     return 'success';
  1438     return 'success';
  1500   }
  1439   }
  1501   
  1440   
  1502   # Miscellaneous stuff
  1441   # Miscellaneous stuff
       
  1442   
       
  1443   /**
       
  1444    * Alerts the user that their account is inactive, and tells them appropriate steps to remedy the situation. Halts execution.
       
  1445    * @param array Return from validate_session()
       
  1446    */
       
  1447   
       
  1448   function show_inactive_error($userdata)
       
  1449   {
       
  1450     global $db, $session, $paths, $template, $plugins; // Common objects
       
  1451     global $lang;
       
  1452     
       
  1453     $language = intval(getConfig('default_language'));
       
  1454     $lang = new Language($language);
       
  1455     @setlocale(LC_ALL, $lang->lang_code);
       
  1456     
       
  1457     $this->logout();
       
  1458     $a = getConfig('account_activation');
       
  1459     switch($a)
       
  1460     {
       
  1461       case 'none':
       
  1462       default:
       
  1463         $solution = $lang->get('user_login_noact_solution_none');
       
  1464         break;
       
  1465       case 'user':
       
  1466         $solution = $lang->get('user_login_noact_solution_user');
       
  1467         break;
       
  1468       case 'admin':
       
  1469         $solution = $lang->get('user_login_noact_solution_admin');
       
  1470         break;
       
  1471     }
       
  1472     
       
  1473     // admin activation request opportunity
       
  1474     $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($userdata['username']) . '\';');
       
  1475     if ( !$q )
       
  1476       $db->_die();
       
  1477     
       
  1478     $can_request = ( $db->numrows() < 1 );
       
  1479     $db->free_result();
       
  1480     
       
  1481     if ( isset($_POST['logout']) )
       
  1482     {
       
  1483       $this->sid = $_COOKIE['sid'];
       
  1484       $this->user_logged_in = true;
       
  1485       $this->user_id =       intval($userdata['user_id']);
       
  1486       $this->username =      $userdata['username'];
       
  1487       $this->auth_level =    USER_LEVEL_MEMBER;
       
  1488       $this->user_level =    USER_LEVEL_MEMBER;
       
  1489       $this->logout();
       
  1490       redirect(scriptPath . '/', $lang->get('user_login_noact_msg_logout_success_title'), $lang->get('user_login_noact_msg_logout_success_body'), 5);
       
  1491     }
       
  1492     
       
  1493     if ( $can_request && !isset($_POST['activation_request']) )
       
  1494     {
       
  1495       $form = '<p>' . $lang->get('user_login_noact_msg_ask_admins') . '</p>
       
  1496                <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
       
  1497                  <p><input type="submit" name="activation_request" value="' . $lang->get('user_login_noact_btn_request_activation') . '" /> <input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
       
  1498                </form>';
       
  1499     }
       
  1500     else
       
  1501     {
       
  1502       if ( $can_request && isset($_POST['activation_request']) )
       
  1503       {
       
  1504         $this->admin_activation_request($userdata['username']);
       
  1505         $form = '<p>' . $lang->get('user_login_noact_msg_admins_just_asked') . '</p>
       
  1506                  <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
       
  1507                    <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
       
  1508                  </form>';
       
  1509       }
       
  1510       else
       
  1511       {
       
  1512         $form = '<p>' . $lang->get('user_login_noact_msg_admins_asked') . '</p>
       
  1513                  <form action="' . makeUrlNS('System', 'ActivateStub') . '" method="post">
       
  1514                    <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
       
  1515                  </form>';
       
  1516       }
       
  1517     }
       
  1518     
       
  1519     die_semicritical($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form);
       
  1520   }
  1503   
  1521   
  1504   /**
  1522   /**
  1505    * Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff
  1523    * Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff
  1506    * @param string $url The URL to add session data to
  1524    * @param string $url The URL to add session data to
  1507    * @return string
  1525    * @return string