Mercurial Mercurial > repos > enano-1.0 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/sessions.php
changeset 343 7e6537fd4730
parent 338 c3f8982a961c
equal deleted inserted replaced
342:a78b0798a116 343:7e6537fd4730 
   163    * State variable to track if a session timed out
 
   163    * State variable to track if a session timed out
 
   164    * @var bool
 
   164    * @var bool
 
   165    */
 
   165    */
 
   166   
   166   
   167   var $sw_timed_out = false;
 
   167   var $sw_timed_out = false;
 
       
   168   
       
   169   /**
 
       
   170    * Token appended to some important forms to prevent CSRF.
 
       
   171    * @var string
 
       
   172    */
 
       
   173 	
       
   174   var $csrf_token = false;
 
   168   
   175   
   169   /**
 
   176   /**
 
   170    * Switch to track if we're started or not.
 
   177    * Switch to track if we're started or not.
 
   171    * @access private
 
   178    * @access private
 
   172    * @var bool
 
   179    * @var bool
 
   461         $this->password_hash = $userdata['password'];
 
   468         $this->password_hash = $userdata['password'];
 
   462         $this->user_level =    intval($userdata['user_level']);
 
   469         $this->user_level =    intval($userdata['user_level']);
 
   463         $this->real_name =     $userdata['real_name'];
 
   470         $this->real_name =     $userdata['real_name'];
 
   464         $this->email =         $userdata['email'];
 
   471         $this->email =         $userdata['email'];
 
   465         $this->unread_pms =    $userdata['num_pms'];
 
   472         $this->unread_pms =    $userdata['num_pms'];
 
       
   473         // generate an anti-CSRF token
 
       
   474 		$this->csrf_token =    sha1($this->username . $this->sid . $this->user_id);
 
   466         if(!$this->compat)
 
   475         if(!$this->compat)
 
   467         {
 
   476         {
 
   468           $this->theme =         $userdata['theme'];
 
   477           $this->theme =         $userdata['theme'];
 
   469           $this->style =         $userdata['style'];
 
   478           $this->style =         $userdata['style'];
 
   470           $this->signature =     $userdata['signature'];
 
   479           $this->signature =     $userdata['signature'];
 
   960     {
 
   969     {
 
   961       $this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme;
 
   970       $this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme;
 
   962       $this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
 
   971       $this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
 
   963     }
 
   972     }
 
   964     $this->user_id = 1;
 
   973     $this->user_id = 1;
 
       
   974     
       
   975     // make a CSRF token
 
       
   976 	$this->csrf_token = sha1($_SERVER['REMOTE_ADDR'] . '::' . sha1($this->private_key));
 
   965   }
 
   977   }
 
   966   
   978   
   967   /**
 
   979   /**
 
   968    * Validates a session key, and returns the userdata associated with the key or false
 
   980    * Validates a session key, and returns the userdata associated with the key or false
 
   969    * @param string $key The session key to validate
 
   981    * @param string $key The session key to validate
 
   997                              . '  LEFT JOIN '.table_prefix.'users AS u' . "\n"
 
  1009                              . '  LEFT JOIN '.table_prefix.'users AS u' . "\n"
 
   998                              . '    ON ( u.user_id=k.user_id )' . "\n"
 
  1010                              . '    ON ( u.user_id=k.user_id )' . "\n"
 
   999                              . '  LEFT JOIN '.table_prefix.'users_extra AS x' . "\n"
 
  1011                              . '  LEFT JOIN '.table_prefix.'users_extra AS x' . "\n"
 
  1000                              . '    ON ( u.user_id=x.user_id OR x.user_id IS NULL )' . "\n"
 
  1012                              . '    ON ( u.user_id=x.user_id OR x.user_id IS NULL )' . "\n"
 
  1001                              . '  LEFT JOIN '.table_prefix.'privmsgs AS p' . "\n"
 
  1013                              . '  LEFT JOIN '.table_prefix.'privmsgs AS p' . "\n"
 
  1002                              . '    ON ( p.message_to=u.username AND p.message_read=0 )' . "\n"
 
  1014                              . '    ON ( p.message_to=u.username AND p.message_read=0 AND p.folder_name != \'drafts\' )' . "\n"
 
  1003                              . '  WHERE k.session_key=\''.$keyhash.'\'' . "\n"
 
  1015                              . '  WHERE k.session_key=\''.$keyhash.'\'' . "\n"
 
  1004                              . '    AND k.salt=\''.$salt.'\'' . "\n"
 
  1016                              . '    AND k.salt=\''.$salt.'\'' . "\n"
 
  1005                              . '  GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;');
 
  1017                              . '  GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;');
 
  1006     
  1018     
  1007     if ( !$query )
 
  1019     if ( !$query )
Enano CMS (1.0.x)