phpBB

Code Changes

File: phpbb/session.php

  Unmodified   Added   Modified   Removed
Line 91Line 91
			$page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));
}


			$page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));
}


 
		if (substr($root_path, 0, 2) === './' && strpos($root_path, '..') === false)
{
$root_dirs = explode('/', str_replace('\\', '/', rtrim($root_path, '/')));
$page_dirs = explode('/', str_replace('\\', '/', '.'));
}
else
{

		// current directory within the phpBB root (for example: adm)
$root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path)));
$page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./')));

		// current directory within the phpBB root (for example: adm)
$root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path)));
$page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./')));

 
		}


		$intersection = array_intersect_assoc($root_dirs, $page_dirs);

$root_dirs = array_diff_assoc($root_dirs, $intersection);
$page_dirs = array_diff_assoc($page_dirs, $intersection);


		$intersection = array_intersect_assoc($root_dirs, $page_dirs);

$root_dirs = array_diff_assoc($root_dirs, $intersection);
$page_dirs = array_diff_assoc($page_dirs, $intersection);


		$page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);

		$page_dir = str_repeat('../', count($root_dirs)) . implode('/', $page_dirs);


if ($page_dir && substr($page_dir, -1, 1) == '/')
{


if ($page_dir && substr($page_dir, -1, 1) == '/')
{

Line 118Line 127

// The script path from the webroot to the phpBB root (for example: /phpBB3/)
$script_dirs = explode('/', $script_path);


// The script path from the webroot to the phpBB root (for example: /phpBB3/)
$script_dirs = explode('/', $script_path);

		array_splice($script_dirs, -sizeof($page_dirs));
$root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : '');

		array_splice($script_dirs, -count($page_dirs));
$root_script_path = implode('/', $script_dirs) . (count($root_dirs) ? '/' . implode('/', $root_dirs) : '');


// We are on the base level (phpBB root == webroot), lets adjust the variables a bit...
if (!$root_script_path)


// We are on the base level (phpBB root == webroot), lets adjust the variables a bit...
if (!$root_script_path)

Line 575Line 584
		$provider = $provider_collection->get_provider();
$this->data = $provider->autologin();


		$provider = $provider_collection->get_provider();
$this->data = $provider->autologin();


		if ($user_id !== false && sizeof($this->data) && $this->data['user_id'] != $user_id)

		if ($user_id !== false && isset($this->data['user_id']) && $this->data['user_id'] != $user_id)

		{
$this->data = array();
}


		{
$this->data = array();
}


		if (sizeof($this->data))

		if (isset($this->data['user_id']))

		{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];

		{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $this->data['user_id'];

Line 588Line 597

// If we're presented with an autologin key we'll join against it.
// Else if we've been passed a user_id we'll grab data based on that


// If we're presented with an autologin key we'll join against it.
// Else if we've been passed a user_id we'll grab data based on that

		if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))

		if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && empty($this->data))

		{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k

		{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k

Line 608Line 617
			$db->sql_freeresult($result);
}


			$db->sql_freeresult($result);
}


		if ($user_id !== false && !sizeof($this->data))

		if ($user_id !== false && empty($this->data))

		{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $user_id;

		{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = $user_id;

Line 636Line 645
		// User does not exist
// User is inactive
// User is bot

		// User does not exist
// User is inactive
// User is bot

		if (!sizeof($this->data) || !is_array($this->data))

		if (!is_array($this->data) || !count($this->data))

		{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS;

		{
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS;

Line 1013Line 1022
		}
$db->sql_freeresult($result);


		}
$db->sql_freeresult($result);


		if (sizeof($del_user_id))

		if (count($del_user_id))

		{
// Delete expired sessions
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '

		{
// Delete expired sessions
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '

Line 1147Line 1156
			$where_sql[] = $_sql;
}


			$where_sql[] = $_sql;
}


		$sql .= (sizeof($where_sql)) ? implode(' AND ', $where_sql) : '';

		$sql .= (count($where_sql)) ? implode(' AND ', $where_sql) : '';

		$result = $db->sql_query($sql, $cache_ttl);

$ban_triggered_by = 'user';

		$result = $db->sql_query($sql, $cache_ttl);

$ban_triggered_by = 'user';