1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
|
<?php
mt_srand(intval(substr(microtime(), 2, 8)));
if(mt_rand(1,100)==50) {
$db->unbuffered_query("DELETE FROM bb".$n."_sessions WHERE lastactivity<".(time()-$sessiontimeout),1);
$db->unbuffered_query("DELETE FROM bb".$n."_searchs WHERE searchtime<".(time()-86400*7),1);
$temp_res_attachments = $db->query("SELECT attachmentid FROM bb".$n."_attachments WHERE sid!='1' AND timestamp < ".(time()-$sessiontimeout));
while($temp_row_attachments = $db->fetch_array($temp_res_attachments)) {
attachment_delete($temp_row_attachments[attachmentid]);
}
}
$REMOTE_ADDR = getIpAddress();
$HTTP_USER_AGENT = substr($_SERVER['HTTP_USER_AGENT'], 0, 100);
$REQUEST_URI = $_SERVER['REQUEST_URI'];
if(!$REQUEST_URI) {
if($_SERVER['PATH_INFO']) $REQUEST_URI = $_SERVER['PATH_INFO'];
else $REQUEST_URI = $_SERVER['PHP_SELF'];
if($_SERVER['QUERY_STRING']) $REQUEST_URI.="?".$_SERVER['QUERY_STRING'];
}
$REQUEST_URI = substr(basename($REQUEST_URI), 0, 250);
if(!strstr($REQUEST_URI,".")) $REQUEST_URI="index.php";
$REMOTE_ADDR=htmlspecialchars($REMOTE_ADDR);
$HTTP_USER_AGENT=htmlspecialchars($HTTP_USER_AGENT);
unset($wbbuserdata);
unset($session);
unset($wbb_userid);
if(isset($_COOKIE['wbb_userid'])) $wbb_userid=intval($_COOKIE['wbb_userid']);
if(isset($_REQUEST['styleid'])) $styleid = intval($_REQUEST['styleid']);
else unset($styleid);
if(isset($boardid)) $sboardid=intval($boardid);
else $sboardid=0;
if(isset($threadid)) $sthreadid=$threadid;
else $sthreadid=0;
if(isset($_GET['sid'])) $sid=$_GET['sid'];
elseif(isset($_POST['sid'])) $sid=$_POST['sid'];
else $sid="";
if(!$sid && isset($_COOKIE['cookiehash'])) $sid=$_COOKIE['cookiehash'];
if($sid && isset($_COOKIE['cookiehash']) && $_COOKIE['cookiehash'] && $sid!=$_COOKIE['cookiehash']) $falsecookiehash=1;
$createsession=0;
if($sid) {
$session = $db->query_first("SELECT * FROM bb".$n."_sessions WHERE hash = '".addslashes($sid)."' AND ipaddress = '".addslashes($REMOTE_ADDR)."' AND useragent = '".addslashes($HTTP_USER_AGENT)."'");
if($session['hash']) {
$wbb_userid=$session['userid'];
$session['lastactivity'] = time();
if(isset($styleid)) {
$styleid_add = " styleid = '$styleid',";
$session['styleid']=$styleid;
}
else $styleid_add = "";
$db->unbuffered_query("UPDATE bb".$n."_sessions SET lastactivity = '".$session['lastactivity']."', request_uri = '".addslashes($REQUEST_URI)."',$styleid_add boardid = '$sboardid', threadid = '$sthreadid' WHERE hash = '$sid'",1);
}
else $createsession = 1;
}
else $createsession = 1;
if($createsession==1 || $session['userid']==0) {
if(isset($wbb_userid) && isset($_COOKIE['wbb_userpassword'])) { /* maybe member */
$wbbuserdata = $db->query_first("SELECT bb".$n."_users.*, bb".$n."_groups.* FROM bb".$n."_users LEFT JOIN bb".$n."_groups USING (groupid) WHERE userid = '$wbb_userid'");
if($_COOKIE['wbb_userpassword']==$wbbuserdata['password']) { /* member */
$session = array();
$session['hash'] = md5(uniqid(microtime()));
$session['userid'] = $wbb_userid;
$session['ipaddress'] = $REMOTE_ADDR;
$session['useragent'] = addslashes($HTTP_USER_AGENT);
$session['lastactivity'] = time();
$session['request_uri'] = $REQUEST_URI;
if(isset($styleid)) $session['styleid'] = $styleid;
else $session['styleid']=$wbbuserdata['styleid'];
$db->unbuffered_query("DELETE FROM bb".$n."_sessions WHERE userid = '$session[userid]'",1);
$db->unbuffered_query("INSERT INTO bb".$n."_sessions VALUES ('$session[hash]','$session[userid]','".addslashes($session[ipaddress])."','".addslashes($session[useragent])."','$session[lastactivity]','".addslashes($session[request_uri])."','$session[styleid]','$sboardid','$sthreadid')",1);
bbcookie("cookiehash","$session[hash]",0);
}
else {
if($createsession==1) $guestsession = 1;
unset($wbb_userid);
unset($wbbuserdata);
bbcookie("wbb_userid","",1);
bbcookie("wbb_userpassword","",1);
}
}
elseif($createsession==1) {
unset($wbb_userid);
$guestsession = 1;
}
if(isset($guestsession)) { /* guest */
$db->unbuffered_query("DELETE FROM bb".$n."_sessions WHERE userid='0' AND ipaddress = '".addslashes($REMOTE_ADDR)."' AND useragent = '".addslashes($HTTP_USER_AGENT)."'",1);
$session['hash'] = md5(uniqid(microtime()));
$session['userid'] = 0;
$session['ipaddress'] = $REMOTE_ADDR;
$session['useragent'] = addslashes($HTTP_USER_AGENT);
$session['lastactivity'] = time();
$session['request_uri'] = $REQUEST_URI;
if(isset($styleid)) $session['styleid'] = $styleid;
else $session['styleid']=0;
$db->unbuffered_query("INSERT INTO bb".$n."_sessions VALUES ('$session[hash]','0','".addslashes($session[ipaddress])."','".addslashes($session[useragent])."','$session[lastactivity]','".addslashes($session[request_uri])."','$session[styleid]','$sboardid','$sthreadid')",1);
bbcookie("cookiehash","$session[hash]",0);
}
}
if(!isset($wbbuserdata)) {
if(isset($wbb_userid) && $wbb_userid!=0) $wbbuserdata = $db->query_first("SELECT bb".$n."_users.*, bb".$n."_groups.* FROM bb".$n."_users LEFT JOIN bb".$n."_groups USING (groupid) WHERE userid = '$wbb_userid'");
else {
if(!isset($_COOKIE['lastvisit'])) bbcookie("lastvisit",time(),0);
$wbbuserdata = $db->query_first("SELECT * FROM bb".$n."_groups WHERE default_group = 1");
$wbbuserdata['userid'] = 0;
$wbbuserdata['username'] = "guest"; //default guestname
if(!isset($_COOKIE['lastvisit'])) $wbbuserdata['lastvisit'] = time();
else $wbbuserdata['lastvisit']=intval($_COOKIE['lastvisit']);
$wbbuserdata['lastactivity'] = time();
$wbbuserdata['showsignatures'] = $default_register_showsignatures;
$wbbuserdata['showavatars'] = $default_register_showavatars;
$wbbuserdata['showimages'] = $default_register_showimages;
$wbbuserdata['usecookies']=$default_register_usecookies;
if($wbbuserdata['lastactivity'] < time()-$sessiontimeout) {
bbcookie("lastvisit",$wbbuserdata['lastactivity'],0);
$wbbuserdata['lastvisit'] = $wbbuserdata['lastactivity'];
}
}
}
$sid = $session['hash'];
if(isset($falsecookiehash)) {
bbcookie("cookiehash","$session[hash]",0);
$wbbuserdata['nosessionhash']=0;
}
if($wbbuserdata['nosessionhash']==1) $session['hash']="";
if(isset($styleid)) $wbbuserdata['styleid']=$styleid;
if($wbbuserdata['userid']!=0) {
if($wbbuserdata['lastactivity']< time()-$sessiontimeout) {
$db->unbuffered_query("UPDATE bb".$n."_users SET lastvisit=lastactivity, lastactivity = '".time()."', styleid = '$wbbuserdata[styleid]'".ifelse($wbbuserdata['pmpopup']==2,", pmpopup=1")." WHERE userid = '$wbbuserdata[userid]'",1);
$wbbuserdata['lastvisit'] = $wbbuserdata['lastactivity'];
$wbbuserdata['lastactivity'] = time();
}
else {
$db->unbuffered_query("UPDATE bb".$n."_users SET lastactivity = '".time()."', styleid = '$wbbuserdata[styleid]'".(($wbbuserdata['pmpopup']==2 && (!isset($_POST) || count($_POST)==0) && $filename!="logout.php" && $filename!="markread.php" && $filename!="misc.php" && $filename!="modcp.php" && $filename!="polledit.php" && $filename!="register.php" && $filename!="search.php" && ($filename!="thread.php" || !isset($_REQUEST['goto'])) && $filename!="threadrating.php" && $filename!="usercp.php") ? (", pmpopup=1") : (""))." WHERE userid = '$wbbuserdata[userid]'",1);
$wbbuserdata['lastactivity'] = time();
}
}
?>
|