📄 ipb2.php
字号:
<?phpif(!defined('IN_SUBDREAMER')) die('Hacking attempt!');$tableprefix = $usersystem['tblprefix'];$cookietime = $usersystem['cookietimeout'];$cookieprefix = $usersystem['cookieprefix'];$cookiedomain = "";$cookiepath = "/";// set defaults$sessioncreated = false;// ################################## DEFINES ##################################define('TIMENOW', time());define('USER_AGENT', substr($_SERVER['HTTP_USER_AGENT'], 0, 50));define('IPADDRESS', substr($_SERVER['REMOTE_ADDR'] , 0, 50));// ################################ SET COOKIE #################################function sdsetcookie($name, $value = '', $permanent = 1){ global $_SERVER, $cookieprefix, $cookiepath, $cookiedomain; // cokie path should always be / $expire = $permanent ? (TIMENOW + 60 * 60 * 24 * 365) : 0; $secure = $_SERVER['SERVER_PORT'] == '443' ? 1 : 0; // secure(1) = using SSL $name = $cookieprefix . $name; setcookie($name, $value, $expire, $cookiepath, $cookiedomain, $secure);}// ############################ CREATE SESSION HASH ############################function CreateSessionHash(){ return md5(uniqid(microtime()));}// ############################## CREATE SESSION ###############################function CreateSession($userid = 0, $usergroupid = 2, $username = '', $logintype = 0) // usergroupid 2 = IPB2 Guest{ global $DB, $sessioncreated, $tableprefix; // setup the session $session = array('id' => CreateSessionHash(), 'member_id' => intval($userid), 'ip_address' => IPADDRESS, 'browser' => USER_AGENT, 'running_time' => TIMENOW); // return if we are logging in our logging out (since logging in and out already creates sessions) if(isset($_POST['login']) || isset($_GET['logout'])) { return; } $DB->query("INSERT INTO " . $tableprefix . "sessions (id, member_name, member_id, ip_address, browser, running_time, login_type, member_group) VALUES ('" . addslashes($session['id']) . "', '" . addslashes($username) . "', $session[member_id], '" . addslashes($session['ip_address']) . "', '" . addslashes($session['browser']) . "', '" . addslashes($session['running_time']) . "', '$logintype', '$usergroupid')"); // save the sessionhash sdsetcookie('session_id', $session['id'], 0); // set sessioncreated to true so that we don't update this session later on in the script // (because it was just created) $sessioncreated = true; return $session;}function ipb_clean($val){ $val = str_replace( " " , " " , $val ); $val = str_replace( chr(0xCA) , "" , $val ); //Remove sneaky spaces $val = str_replace( "&" , "&" , $val ); $val = str_replace( "<!--" , "<!--" , $val ); $val = str_replace( "-->" , "-->" , $val ); $val = preg_replace( "/<script/i" , "<script" , $val ); $val = str_replace( ">" , ">" , $val ); $val = str_replace( "<" , "<" , $val ); $val = str_replace( "\"" , """ , $val ); $val = preg_replace( "/\n/" , "<br />" , $val ); // Convert literal newlines $val = preg_replace( "/\\\$/" , "$" , $val ); $val = preg_replace( "/\r/" , "" , $val ); // Remove literal carriage returns $val = str_replace( "!" , "!" , $val ); $val = str_replace( "'" , "'" , $val ); // IMPORTANT: It helps to increase sql query safety. return $val;}// ############################# FIND SESSION HASH #############################if(!empty($_POST['s'])){ $sessionid = $_POST['s'];}else if (!empty($_GET['s'])){ $sessionid = $_GET['s'];}else{ $sessionid = isset($_COOKIE[$cookieprefix . 'session_id']) ? $_COOKIE[$cookieprefix . 'session_id'] : $_COOKIE['session_id'];}// ############################# CONTINUE SESSION ##############################if(!empty($sessionid)){ $session = $DB->query_first("SELECT * FROM " . $tableprefix . "sessions WHERE id = '" . addslashes(trim($sessionid)) . "' AND running_time > " . (TIMENOW - $cookietime) . " AND browser = '" . addslashes(USER_AGENT) . "'");}// ############################### COOKIE LOGIN ################################if(empty($session) OR $session['member_id'] == 0){ if(!empty($_COOKIE[$cookieprefix . 'member_id']) AND !empty($_COOKIE[$cookieprefix . 'pass_hash']) AND is_numeric($_COOKIE[$cookieprefix . 'member_id'])) { if($user = $DB->query_first("SELECT * FROM " . $tableprefix . "members WHERE id = " . $_COOKIE[$cookieprefix . 'member_id'] . " AND member_login_key = '" . addslashes($_COOKIE[$cookieprefix . 'pass_hash']) . "'")) { // combination is valid if(!empty($session['id'])) { // old session still exists; kill it $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE id = '" . addslashes($session['id']). "'"); } $session = CreateSession($user['id'], $user['mgroup'], $user['name']); } else if(isset($_POST['login'])) // cookie is bad! { // cookie's bad and since we're not doing anything login related, kill the bad cookie sdsetcookie('member_id', '', 1); sdsetcookie('pass_hash', '', 1); } }}// ########################### CREATE GUEST SESSION ############################if(empty($session)){ // create a guest session $session = CreateSession();}// ############################ SETUP USER VARIABLE ############################if($session['member_id'] == 0){ $user = array('userid' => 0, 'usergroupids' => 2, // IPB2 - Guest 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1);}else{ $user = $DB->query_first("SELECT * FROM " . $tableprefix . "members WHERE id = $session[member_id]"); // everything else is filled from the database query (email, lastactivity) $user['loggedin'] = 1; $user['userid'] = $user['id']; $user['username'] = $user['name']; $user['usergroupids'] = $user['mgroup']; $user['timezoneoffset'] = $user['time_offset']; $user['dstonoff'] = $user['dst_in_use']; $user['dstauto'] = 0; // not available // update last activity if(TIMENOW - $user['last_activity'] > $cookietime) { // see if session has 'expired' $DB->query("UPDATE " . $tableprefix . "members SET last_visit = last_activity, last_activity = " . TIMENOW . " WHERE id = $user[id]"); $user['lastvisit'] = $user['last_activity']; } else { $DB->query("UPDATE " . $tableprefix . "members SET last_activity = " . TIMENOW . " WHERE id = $user[id]"); }}// ############################## UPDATE SESSION ###############################if(!$sessioncreated){ $DB->query("UPDATE " . $tableprefix . "sessions SET browser = '" . addslashes(USER_AGENT) . "', running_time = " . TIMENOW . " WHERE id = '" . addslashes($session['id']) . "'");}// ################################### LOGIN ###################################if(isset($_POST['login'])){ $loginusername = ipb_clean($_POST['loginusername']); $loginpassword = ipb_clean($_POST['loginpassword']); if(strlen($loginusername) != 0) { // get userid for given username if($user = $DB->query_first("SELECT * FROM " . $tableprefix . "members WHERE name = '" . addslashes($loginusername) . "'")) { if($converge = $DB->query_first("SELECT converge_pass_hash, converge_pass_salt FROM " . $tableprefix . "members_converge WHERE converge_id = '" . $user['id'] . "' AND converge_email = '" . addslashes($user['email']) . "' ")) /*AND converge_joined = '" . addslashes($user['joined']) . "'")) - This check causes problems for some users and also isn't used in IPB itself */ { $md5password = md5($loginpassword); $salt = $converge['converge_pass_salt']; $encryptedpassword = md5(md5($salt) . $md5password); if($converge['converge_pass_hash'] != $encryptedpassword) { $loginerrors[] = $sdlanguage['wrong_password']; } else { // logged in $user['loggedin'] = 1; $user['userid'] = $user['id']; $user['username'] = $user['name']; $user['usergroupids'] = $user['mgroup']; $user['timezoneoffset'] = $user['time_offset']; $user['dstonoff'] = $user['dst_in_use']; $user['dstauto'] = 0; // not available // erase old session $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE id = '" . addslashes($session['id']) . "'"); // insert new session $session['id'] = CreateSessionHash(); // insert the session into the database $DB->query("INSERT INTO " . $tableprefix . "sessions (id, member_name, member_id, ip_address, browser, running_time, login_type, member_group) VALUES ('" . addslashes($session['id']) . "', '" . addslashes($user['name']) . "', $user[id], '" . addslashes(IPADDRESS) . "', '" . addslashes(USER_AGENT) . "', '" . TIMENOW . "', 0, $user[mgroup])"); // save the sessionhash in the cookie sdsetcookie('session_id', $session['id'], 0); // save the userid and password if the user has selected the 'remember me' option if($_POST['rememberme']) { sdsetcookie('member_id', $user['id'], 1); sdsetcookie('pass_hash', $user['member_login_key'], 1); } } unset($md5password, $salt, $converge); } else { $loginerrors[] = 'User not found.'; } } else { $loginerrors[] = $sdlanguage['wrong_username']; } } else { $loginerrors[] = $sdlanguage['please_enter_username']; }}// ################################## LOGOUT ###################################if(isset($_GET['logout'])){ if($user['userid'] != 0 AND $user['userid'] != -1) { $DB->query("UPDATE " . $tableprefix . "members SET last_activity = " . (TIMENOW - $cookietime) . ", last_visit = " . TIMENOW . " WHERE id = $user[userid]"); // make sure any other of this user's sessions are deleted (in case they ended up with more than one) $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE member_id = $user[userid]"); } $DB->query("DELETE FROM " . $tableprefix . "sessions WHERE id = '" . addslashes($session['id']) . "'"); $session['id'] = CreateSessionHash(); $DB->query("INSERT INTO " . $tableprefix . "sessions (id, member_name, member_id, ip_address, browser, running_time, member_group) VALUES ('" . addslashes($session['id']) . "', '', 0, '" . addslashes(IPADDRESS) . "', '" . addslashes(USER_AGENT) . "', '" . addslashes(TIMENOW) . "', 2)"); sdsetcookie('pass_hash', '', 0); sdsetcookie('member_id', '', 0); sdsetcookie('session_id', $session['id'], 0); $user = array('userid' => 0, 'usergroupids' => 2, // IPB2 - Guest 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1);}// ############################ ADD SESSION TO URL? ############################if(sizeof($_COOKIE) > 0 OR preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT'])){ $user['sessionurl'] = '';}else if(strlen($session['id']) > 0){ $user['sessionurl'] = 's=' . $session['id'];}// ############################ DELETE OLD SESSIONS ############################$DB->query("DELETE FROM " . $tableprefix . "sessions WHERE running_time < " . intval(TIMENOW - $cookietime));// ###################### SUBDREAMER USER SETTINGS SETUP #######################$usersettings = array('userid' => $user['userid'], 'usergroupids' => $user['usergroupids'], 'username' => $user['username'], 'loggedin' => $user['loggedin'], 'email' => $user['email'], 'timezoneoffset' => $user['timezoneoffset'], 'dstonoff' => $user['dstonoff'], 'dstauto' => $user['dstauto'], 'sessionurl' => $user['sessionurl']);// ############################## UNSET VARIABLES ##############################unset($user, $session, $sessionid);// ############################## USER FUNCTIONS ##############################function IsIPBanned($clientip){ global $DB, $usersystem, $dbname; $query = "SELECT ban_content FROM " . $usersystem['tblprefix'] . "banfilters WHERE ban_type = 'ip'"; if($usersystem['dbname'] != $dbname) { // Subdreamer is being integrated with a Forum in a different database $DB->select_db($usersystem['dbname']); $getbanip = $DB->query($query); $DB->select_db($dbname); } else { $getbanip = $DB->query($query); } while($banip = $DB->fetch_array($getbanip)) { $banip[0] = str_replace( '\*', '.*', preg_quote($banip[0], "/") ); if ( preg_match( "/^" . $banip[0] . "$/", $clientip ) ) { return true; } } return false;}// Returns the relevent forum link url// linkType// 1 - Register// 2 - UserCP// 3 - Recover Password// 4 - UserCP (requires $userid)// 5 - SendPM (requires $userid)function ForumLink($linkType, $userid = -1){ global $sdurl, $usersystem; switch($linkType) { case 1: $url = 'index.php?act=Reg&CODE=00'; break; case 2: $url = 'index.php?act=UserCP&CODE=00'; break; case 3: $url = 'index.php?act=Reg&CODE=10'; break; case 4: $url = 'index.php?showuser=' . $userid; break; case 5: $url = 'index.php?act=Msg&CODE=4&MID=' . $userid; break; } return $sdurl . $usersystem['folderpath'] . $url;}?>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -