class_session.php

来自「sabreipb 2.1.6 utf-8中文版本！」· PHP 代码 · 共 1,207 行 · 第 1/3 页

<?php
/*
+--------------------------------------------------------------------------
|   Invision Power Board v2.1.5
|   =============================================
|   by Matthew Mecham
|   (c) 2001 - 2005 Invision Power Services, Inc.
|   
|   =============================================
|   Web: 
|   Time: Wed, 01 Mar 2006 19:11:28 GMT
|   Release: 
|   Licence Info: 
+---------------------------------------------------------------------------
|   > $Date: 2006-02-06 23:08:03 +0000 (Mon, 06 Feb 2006) $
|   > $Revision: 140 $
|   > $Author: bfarber $
+---------------------------------------------------------------------------
|
|   > SESSION CLASS
|   > Module written by Matt Mecham
|   > Date started: 26th January 2004
|
|	> Module Version Number: 1.0.0
|   > DBA Checked: Wed 19 May 2004
+--------------------------------------------------------------------------
*/

class session
{
	# Global
	var $ipsclass;
	
    var $ip_address = 0;
    var $user_agent = "";
    
    # Flag
    var $session_recorded = FALSE;
    
    var $time_now          = 0;
    var $session_id        = 0;
    
    var $session_dead_id   = 0;
    var $session_user_id   = 0;
    var $session_user_pass = "";
    
    var $last_click        = 0;
    var $location          = "";
    
    var $member            = array();
	var $botmap            = array();
	
	var $do_update         = 1;
    
    /*-------------------------------------------------------------------------*/
    // Authorise
    /*-------------------------------------------------------------------------*/
    
    function authorise()
    {
    	//-----------------------------------------
        // INIT
        //-----------------------------------------
        
        $this->member     = array( 'id' => 0, 'name' => "", 'members_display_name' => "", 'mgroup' => $this->ipsclass->vars['guest_group'], 'member_forum_markers' => array() );
        $this->time_now   = time();
        $cookie           = array();
        
        # TMP:
        $this->ipsclass->vars['match_ipaddress'] = 1;
        
        //-----------------------------------------
        // Before we go any lets check the load settings..
        //-----------------------------------------
        
        if ($this->ipsclass->vars['load_limit'] > 0)
        {
	        # @ supressor fixes warning in >4.3.2 with open_basedir restrictions
        	if ( @file_exists('/proc/loadavg') )
        	{
        		if ( $fh = @fopen( '/proc/loadavg', 'r' ) )
        		{
        			$data = @fread( $fh, 6 );
        			@fclose( $fh );
        			
        			$load_avg = explode( " ", $data );
        			
        			$this->ipsclass->server_load = trim($load_avg[0]);
        			
        			if ($this->ipsclass->server_load > $this->ipsclass->vars['load_limit'])
        			{
        				$this->ipsclass->Error( array( 'LEVEL' => 1, 'MSG' => 'server_too_busy', 'INIT' => 1 ) );
        			}
        		}
        	}
        	else
        	{
				if ( $serverstats = @exec("uptime") )
				{
					preg_match( "/(?:averages)?\: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/", $serverstats, $load );
					
					$this->ipsclass->server_load = $load[1];
					
					if ($this->ipsclass->server_load > $this->ipsclass->vars['load_limit'])
        			{
        				$this->ipsclass->Error( array( 'LEVEL' => 1, 'MSG' => 'server_too_busy', 'INIT' => 1 ) );
        			}
				}
			}
        }
       
        //-----------------------------------------
		// Are they banned?
		//-----------------------------------------
		
		if ( is_array( $this->ipsclass->cache['banfilters'] ) and count( $this->ipsclass->cache['banfilters'] ) )
		{
			foreach ($this->ipsclass->cache['banfilters'] as $ip)
			{
				$ip = str_replace( '\*', '.*', preg_quote($ip, "/") );
				
				if ( preg_match( "/^$ip$/", $this->ipsclass->input['IP_ADDRESS'] ) )
				{
					$this->ipsclass->Error( array( 'LEVEL' => 1, 'MSG' => 'you_are_banned', 'INIT' => 1 ) );
				}
			}
		}
        
        //-----------------------------------------
        // Return as guest if running a task
        //-----------------------------------------
        
        if ( $this->ipsclass->input['act'] == 'task' )
        {
        	$this->member = $this->ipsclass->set_up_guest();
        	$this->member['mgroup'] = $this->ipsclass->vars['guest_group'];
        	$this->ipsclass->input['last_activity'] = time();
			$this->ipsclass->input['last_visit']    = time();
			
			return $this->member;
        }
         
        //-----------------------------------------
        // no new headers if we're simply viewing an attachment..
        //-----------------------------------------
        
        if ( $this->ipsclass->input['act'] == 'Attach' or $this->ipsclass->input['act'] == 'Reg' )
        {
        	$this->ipsclass->no_print_header = 1;
        }
        
        //-----------------------------------------
        // no new headers if we're updating chat
        //-----------------------------------------
        
        if ( ($this->ipsclass->input['act'] == 'chat' and $this->ipsclass->input['CODE'] == 'update')
          OR $this->ipsclass->input['act'] == 'xmlout'
          OR $this->ipsclass->input['act'] == 'rssout' )
        {
        	$this->ipsclass->no_print_header = 1;
        	$this->do_update                 = 0;
        }
        
        //-----------------------------------------
        // Manage bots? (tee-hee)
        //-----------------------------------------
        // Gotta love Mac's ;)
        $this->ipsclass->vars['search_engine_bots'] = str_replace( "\r", '', $this->ipsclass->vars['search_engine_bots'] );
        //-----------------------------------------
        
        if ( $this->ipsclass->vars['spider_sense'] == 1 and $this->ipsclass->vars['search_engine_bots'] )
        {
        	foreach( explode( "\n", $this->ipsclass->vars['search_engine_bots'] ) as $bot )
        	{
        		list($ua, $n) = explode( "=", $bot );
        		
        		if ( $ua and $n )
        		{
        			$this->bot_map[ strtolower($ua) ] = $n;
        			$this->bot_safe[] = preg_quote( $ua, "/" );
        		}
        	}
        	
        	if ( preg_match( '/('.implode( '|', $this->bot_safe ) .')/i', $_SERVER['HTTP_USER_AGENT'], $match ) )
        	{
        		$this->ipsclass->DB->simple_construct( array( 'select' => '*',
															  'from'   => 'groups',
															  'where'  =>" g_id=".intval($this->ipsclass->vars['spider_group'])
													 )      );
        		$this->ipsclass->DB->simple_exec();
        	
        		$group = $this->ipsclass->DB->fetch_row();
        
				foreach ($group as $k => $v)
				{
					$this->member[ $k ] = $v;
				}
				
				$this->member['restrict_post']    = 1;
				$this->member['g_use_search']     = 0;
				$this->member['g_email_friend']   = 0;
				$this->member['g_edit_profile']   = 0;
				$this->member['g_use_pm']         = 0;
				$this->member['g_is_supmod']      = 0;
				$this->member['g_access_cp']      = 0;
				$this->member['g_access_offline'] = 0;
				$this->member['g_avoid_flood']    = 0;
				$this->member['id']               = 0;
				
				$this->ipsclass->perm_id       = $this->member['g_perm_id'];
       			$this->ipsclass->perm_id_array = explode( ",", $this->ipsclass->perm_id );
       			$this->ipsclass->session_type  = 'cookie';
       			$this->ipsclass->is_bot        = 1;
       			$this->session_id              = "";
       			
       			$agent = trim($match[0]);
       			$agent = str_replace( '\r', '', $agent );
       			
       			//-----------------------------------------
       			// Using lofi?
       			//-----------------------------------------
       			
       			if ( strstr( $_SERVER['PHP_SELF'], 'lofiversion' ) )
       			{
       				$qstring = "Lo-Fi: ".str_replace( "/", "", strrchr( $_SERVER['PHP_SELF'], "/" ) );
       			}
       			else
       			{
       				$qstring = str_replace( "'", "", $_SERVER['QUERY_STRING']);
       			}
       			
       			if ( $this->ipsclass->vars['spider_visit'] )
       			{
       				$this->ipsclass->DB->do_shutdown_insert( 'spider_logs', array (
																	'bot'          => $agent,
																	'query_string' => $qstring,
																	'ip_address'   => $_SERVER['REMOTE_ADDR'],
																	'entry_date'   => time(),
														)        );
       			}
       			
       			if ( $this->ipsclass->vars['spider_active'] )
       			{
       				$this->ipsclass->DB->simple_construct( array( 'delete' => 'sessions',
												  				  'where'  => "id='".$agent.'='.str_replace('.','',$this->ipsclass->ip_address )."_session'"
										 				 )      );
					$this->ipsclass->DB->simple_shutdown_exec();
        		
       				$this->create_bot_session($agent, $this->bot_map[ strtolower($agent) ]);
       			}
       			
       			return $this->member;
        	}
        }
        
        //-----------------------------------------
        // Continue!
        //-----------------------------------------
        
        $cookie['session_id']   = $this->ipsclass->my_getcookie('session_id');
        $cookie['member_id']    = $this->ipsclass->my_getcookie('member_id');
        $cookie['pass_hash']    = $this->ipsclass->my_getcookie('pass_hash');
        
        if ( $cookie['session_id'] )
        {
        	$this->get_session($cookie['session_id']);
        	$this->ipsclass->session_type = 'cookie';
        }
        elseif ( $this->ipsclass->input['s'] )
        {
        	$this->get_session($this->ipsclass->input['s']);
        	$this->ipsclass->session_type = 'url';
        }
        else
        {
        	$this->session_id = 0;
        }
        
		//-----------------------------------------
		// Do we have a valid session ID?
		//-----------------------------------------
		
		if ( $this->session_id )
		{
			//-----------------------------------------
			// We've checked the IP addy and browser, so we can assume that this is
			// a valid session.
			//-----------------------------------------
			
			if ( ($this->session_user_id != 0) and ( ! empty($this->session_user_id) ) )
			{
				//-----------------------------------------
				// It's a member session, so load the member.
				//-----------------------------------------
				
				$this->load_member($this->session_user_id);
				
				//-----------------------------------------
				// Did we get a member?
				//-----------------------------------------
				
				if ( (! $this->member['id']) or ($this->member['id'] == 0) )
				{
					$this->unload_member();
					$this->update_guest_session();
				}
				else
				{
					$this->update_member_session();
				}
			}
			else
			{
				$this->update_guest_session();
			}
		}
		else
		{
			//-----------------------------------------
			// We didn't have a session, or the session didn't validate
			// Do we have cookies stored?
			//-----------------------------------------
			
			if ($cookie['member_id'] != "" and $cookie['pass_hash'] != "")
			{
				$this->load_member($cookie['member_id']);
				
				if ( (! $this->member['id']) or ($this->member['id'] == 0) )
				{
					$this->unload_member();
					$this->create_guest_session();
				}
				else
				{
					if ($this->member['member_login_key'] == $cookie['pass_hash'])
					{
						$this->create_member_session();
					}
					else
					{
						$this->unload_member();
						$this->create_guest_session();
					}
				}
			}
			else
			{
				$this->create_guest_session();
			}
		}
		
		//-----------------------------------------
        // Knock out Google Web Accelerator
        //-----------------------------------------
       
        if ( strstr( strtolower($_SERVER['HTTP_X_MOZ']), 'prefetch' ) AND $this->member['id'] )
		{
			if ( IPB_PHP_SAPI == 'cgi-fcgi' OR IPB_PHP_SAPI == 'cgi' )
			{
				@header('Status: 403 Forbidden');
			}
			else
			{
				@header('HTTP/1.1 403 Forbidden');
			}
			
			print "Prefetching or precaching is not allowed";
			exit();
		}
		
		//-----------------------------------------
        // Are we a member of several groups?
        //-----------------------------------------
		
        if ( ! $this->member['id'] AND ! $this->ipsclass->is_bot )
        {
        	$this->member                           = $this->ipsclass->set_up_guest();
        	$this->member['mgroup']                 = $this->ipsclass->vars['guest_group'];
        	$this->ipsclass->input['last_activity'] = time();
			$this->ipsclass->input['last_visit']    = time();
        }
		
        //-----------------------------------------
        // Do we have a cache?
        //-----------------------------------------
        
        if ( ! is_array( $this->ipsclass->cache['group_cache'] ) )
		{
			$this->ipsclass->cache['group_cache'] = array();
			
			$this->ipsclass->DB->simple_construct( array( 'select' => "*",
														  'from'   => 'groups'
												 )      );
			
			$this->ipsclass->DB->simple_exec();
			
			while ( $i = $this->ipsclass->DB->fetch_row() )
			{
				$this->ipsclass->cache['group_cache'][ $i['g_id'] ] = $i;
			}
			
			$this->ipsclass->update_cache( array( 'name' => 'group_cache', 'array' => 1, 'deletefirst' => 1 ) );
		}