Updating session handle to remove explicit phpBB3 dependancy.
This commit is contained in:
parent
901f879bba
commit
a79795d96b
@ -47,7 +47,6 @@ use MIME::Base64;
|
||||
use Data::Dumper;
|
||||
|
||||
# Custom module imports
|
||||
use phpBB3;
|
||||
use Logging qw(die_log);
|
||||
|
||||
# Globals...
|
||||
@ -72,7 +71,7 @@ sub new {
|
||||
my $self = {
|
||||
cgi => undef,
|
||||
dbh => undef,
|
||||
phpbb => undef,
|
||||
auth => undef,
|
||||
template => undef,
|
||||
settings => undef,
|
||||
@_,
|
||||
@ -81,7 +80,7 @@ sub new {
|
||||
# Ensure that we have objects that we need
|
||||
return set_error("cgi object not set") unless($self -> {"cgi"});
|
||||
return set_error("dbh object not set") unless($self -> {"dbh"});
|
||||
return set_error("phpbb object not set") unless($self -> {"phpbb"});
|
||||
return set_error("auth object not set") unless($self -> {"auth"});
|
||||
return set_error("template object not set") unless($self -> {"template"});
|
||||
return set_error("settings object not set") unless($self -> {"settings"});
|
||||
|
||||
@ -152,15 +151,15 @@ sub create_session {
|
||||
my $now = time();
|
||||
|
||||
# If persistent logins are not permitted, disable them
|
||||
$self -> {"autokey"} = $persist = '' if(!$self -> {"phpbb"} -> get_config("allow_autologin"));
|
||||
$self -> {"autokey"} = $persist = '' if(!$self -> {"auth"} -> get_config("allow_autologin"));
|
||||
|
||||
# Set a default last visit, might be updated later
|
||||
$self -> {"last_visit"} = $now;
|
||||
|
||||
# If we have a key, and a user in the cookies, try to get it
|
||||
if($self -> {"autokey"} && $self -> {"sessuser"} && $self -> {"sessuser"} != $phpBB3::ANONYMOUS) {
|
||||
if($self -> {"autokey"} && $self -> {"sessuser"} && $self -> {"sessuser"} != $self -> {"auth"} -> {"ANONYMOUS"}) {
|
||||
my $autocheck = $self -> {"dbh"} -> prepare("SELECT u.* FROM ".
|
||||
$self -> {"phpbb"} -> {"prefix"}."users AS u, ".
|
||||
$self -> {"auth"} -> {"prefix"}."users AS u, ".
|
||||
$self -> {"settings"} -> {"database"} -> {"keys"}." AS k
|
||||
WHERE u.user_id = ?
|
||||
AND u.user_type IN (0, 3)
|
||||
@ -176,7 +175,7 @@ sub create_session {
|
||||
$self -> {"autokey"} = '';
|
||||
$self -> {"sessuser"} = $user;
|
||||
|
||||
my $userh = $self -> {"dbh"} -> prepare("SELECT * FROM ".$self -> {"phpbb"} -> {"prefix"}."users
|
||||
my $userh = $self -> {"dbh"} -> prepare("SELECT * FROM ".$self -> {"auth"} -> {"prefix"}."users
|
||||
WHERE user_id = ?
|
||||
AND user_type IN (0, 3)");
|
||||
$userh -> execute($self -> {"sessuser"})
|
||||
@ -189,9 +188,9 @@ sub create_session {
|
||||
# the user doesn't exist, is inactive, or is a bot. Just get the anonymous user
|
||||
if(!$userdata) {
|
||||
$self -> {"autokey"} = '';
|
||||
$self -> {"sessuser"} = $phpBB3::ANONYMOUS;
|
||||
$self -> {"sessuser"} = $self -> {"auth"} -> {"ANONYMOUS"};
|
||||
|
||||
my $userh = $self -> {"dbh"} -> prepare("SELECT * FROM ".$self -> {"phpbb"} -> {"prefix"}."users
|
||||
my $userh = $self -> {"dbh"} -> prepare("SELECT * FROM ".$self -> {"auth"} -> {"prefix"}."users
|
||||
WHERE user_id = ?");
|
||||
$userh -> execute($self -> {"sessuser"})
|
||||
or return set_error("Unable to peform user lookup query\nError was: ".$self -> {"dbh"} -> errstr);
|
||||
@ -212,19 +211,19 @@ sub create_session {
|
||||
}
|
||||
|
||||
# Determine whether the session can be made persistent (requires the user to be registered, and normal)
|
||||
my $is_registered = ($userdata -> {"user_id"} && $userdata -> {"user_id"} != $phpBB3::ANONYMOUS && ($userdata -> {"user_type"} == 0 || $userdata -> {"user_type"} == 3));
|
||||
my $is_registered = ($userdata -> {"user_id"} && $userdata -> {"user_id"} != $self -> {"auth"} -> {"ANONYMOUS"} && ($userdata -> {"user_type"} == 0 || $userdata -> {"user_type"} == 3));
|
||||
$persist = (($self -> {"autokey"} || $persist) && $is_registered) ? 1 : 0;
|
||||
|
||||
# Do we already have a session id? If we do, and it's an anonymous session, we want to nuke it
|
||||
if($self -> {"sessid"}) {
|
||||
my $killsess = $self -> {"dbh"} -> prepare("DELETE FROM ".$self -> {"settings"} -> {"database"} -> {"sessions"}.
|
||||
" WHERE session_id = ? AND session_user_id = ?");
|
||||
$killsess -> execute($self -> {"sessid"}, $phpBB3::ANONYMOUS)
|
||||
$killsess -> execute($self -> {"sessid"}, $self -> {"auth"} -> {"ANONYMOUS"})
|
||||
or return set_error("Unable to remove anonymous session\nError was: ".$self -> {"dbh"} -> errstr);
|
||||
}
|
||||
|
||||
# generate a new session id. The md5 of a unique ID should be unique enough...
|
||||
$self -> {"sessid"} = md5_hex($self -> {"phpbb"} -> unique_id());
|
||||
$self -> {"sessid"} = md5_hex($self -> {"auth"} -> unique_id());
|
||||
|
||||
# store the time
|
||||
$self -> {"session_time"} = $now;
|
||||
@ -261,7 +260,7 @@ sub delete_session {
|
||||
|
||||
# If we're not dealing with anonymous, we need to store the visit time,
|
||||
# and nuke any autologin key for the now defunct session
|
||||
if($self -> {"sessuser"} != $phpBB3::ANONYMOUS) {
|
||||
if($self -> {"sessuser"} != $self -> {"auth"} -> {"ANONYMOUS"}) {
|
||||
|
||||
# If we don't have a session time for some reason, make it now
|
||||
$self -> {"session_time"} = time() if(!$self -> {"session_time"});
|
||||
@ -337,11 +336,11 @@ sub session_cookies {
|
||||
# removed before any changes are made... but this shouldn't really be called before
|
||||
# create_session in reality anyway.
|
||||
if(!$self -> {"cookies"}) {
|
||||
my $expires = "+".($self -> {"phpbb"} -> get_config("max_autologin_time") || 365)."d";
|
||||
my $expires = "+".($self -> {"auth"} -> get_config("max_autologin_time") || 365)."d";
|
||||
my $sesscookie = $self -> create_cookie($self -> {"settings"} -> {"config"} -> {"cookie_name"}.'_sid', $self -> {"sessid"}, $expires);
|
||||
my $sessuser = $self -> create_cookie($self -> {"settings"} -> {"config"} -> {"cookie_name"}.'_u', $self -> {"sessuser"}, $expires);
|
||||
my $sesskey;
|
||||
if($self -> {"sessuser"} != $phpBB3::ANONYMOUS) {
|
||||
if($self -> {"sessuser"} != $self -> {"auth"} -> {"ANONYMOUS"}) {
|
||||
if($self -> {"autokey"}) {
|
||||
$sesskey = $self -> create_cookie($self -> {"settings"} -> {"config"} -> {"cookie_name"}.'_k', $self -> {"autokey"}, $expires);
|
||||
}
|
||||
@ -375,7 +374,7 @@ sub ip_check {
|
||||
my $sessip = shift;
|
||||
|
||||
# How may IP address segments should be compared?
|
||||
my $iplen = $self -> {"phpbb"} -> get_config('ip_check');
|
||||
my $iplen = $self -> {"auth"} -> get_config('ip_check');
|
||||
|
||||
# bomb immediately if we aren't checking IPs
|
||||
return 1 if($iplen == 0);
|
||||
@ -399,10 +398,10 @@ sub session_cleanup {
|
||||
my $self = shift;
|
||||
|
||||
my $now = time();
|
||||
my $timelimit = $now - $self -> {"phpbb"} -> get_config("session_length");
|
||||
my $timelimit = $now - $self -> {"auth"} -> get_config("session_length");
|
||||
|
||||
# We only want to run the garbage collect occasionally
|
||||
if($self -> {"settings"} -> {"config"} -> {"lastgc"} < $now - $self -> {"phpbb"} -> get_config("session_gc")) {
|
||||
if($self -> {"settings"} -> {"config"} -> {"lastgc"} < $now - $self -> {"auth"} -> get_config("session_gc")) {
|
||||
# Okay, we're due a garbage collect, update the config to reflect that we're doing it
|
||||
$self -> {"settings"} -> set_db_config($self -> {"dbh"}, $self -> {"settings"} -> {"database"} -> {"settings"}, "lastgc", $now);
|
||||
|
||||
@ -410,7 +409,7 @@ sub session_cleanup {
|
||||
my $nukesess = $self -> {"dbh"} -> prepare("DELETE FROM ".$self -> {"settings"} -> {"database"} -> {"sessions"}.
|
||||
" WHERE session_user_id = ?
|
||||
AND session_time < ?");
|
||||
$nukesess -> execute($phpBB3::ANONYMOUS, $timelimit)
|
||||
$nukesess -> execute($self -> {"auth"} -> {"ANONYMOUS"}, $timelimit)
|
||||
or return set_error("Unable to remove expired guest sessions\nError was: ".$self -> {"dbh"} -> errstr);
|
||||
|
||||
# now get the most recent expired sessions for each user
|
||||
@ -458,13 +457,13 @@ sub session_expired {
|
||||
|
||||
# If the session is not an autologin session, and the last update was before the session length, it is expired
|
||||
if(!$sessdata -> {"session_autologin"}) {
|
||||
return 1 if($sessdata -> {"session_time"} < time() - ($self -> {"phpbb"} -> get_config("session_length") + 60));
|
||||
return 1 if($sessdata -> {"session_time"} < time() - ($self -> {"auth"} -> get_config("session_length") + 60));
|
||||
|
||||
} else {
|
||||
my $max_autologin = $self -> {"phpbb"} -> get_config("max_autologin_time");
|
||||
my $max_autologin = $self -> {"auth"} -> get_config("max_autologin_time");
|
||||
|
||||
# If the session is autologin, and it is older than the max autologin time, or autologin is not enabled, it's expired
|
||||
return 1 if(!$self -> {"phpbb"} -> get_config("allow_autologin") ||
|
||||
return 1 if(!$self -> {"auth"} -> get_config("allow_autologin") ||
|
||||
($max_autologin && $sessdata -> {"session_time"} < time() - ((86400 * $max_autologin) + 60)));
|
||||
}
|
||||
|
||||
@ -522,7 +521,7 @@ sub set_login_key {
|
||||
my $self = shift;
|
||||
|
||||
my $key = $self -> {"autokey"};
|
||||
my $key_id = $self -> {"phpbb"} -> unique_id(substr($self -> {"sessid"}, 0, 8));
|
||||
my $key_id = $self -> {"auth"} -> unique_id(substr($self -> {"sessid"}, 0, 8));
|
||||
|
||||
# If we don't have a key, we want to create a new key in the table
|
||||
if(!$key) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user