Line 420 | Line 420 |
---|
// Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide. if (!$this->data['session_autologin']) {
|
// Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide. if (!$this->data['session_autologin']) {
|
if ($this->data['session_time'] < $this->time_now - ($config['session_length'] + 60))
| if ($this->data['session_time'] < $this->time_now - ((int) $config['session_length'] + 60))
|
{ $session_expired = true; }
| { $session_expired = true; }
|
Line 439 | Line 439 |
---|
// Is user banned? Are they excluded? Won't return on ban, exists within method $this->check_ban_for_current_session($config);
|
// Is user banned? Are they excluded? Won't return on ban, exists within method $this->check_ban_for_current_session($config);
|
| // Update user last active time accordingly, but in a minute or so if ($this->time_now - (int) $this->data['user_last_active'] > 60) { $this->update_last_active_time(); }
|
return true; }
| return true; }
|
Line 688 | Line 694 |
---|
if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) { // Update the last visit time
|
if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) { // Update the last visit time
|
$sql = 'UPDATE ' . USERS_TABLE . ' SET user_lastvisit = ' . (int) $this->data['session_time'] . ' WHERE user_id = ' . (int) $this->data['user_id']; $db->sql_query($sql);
| $this->update_user_lastvisit();
|
}
$SID = '?sid=';
| }
$SID = '?sid=';
|
Line 815 | Line 818 |
---|
$this->data['user_form_salt'] = unique_id(); // Update the form key $sql = 'UPDATE ' . USERS_TABLE . '
|
$this->data['user_form_salt'] = unique_id(); // Update the form key $sql = 'UPDATE ' . USERS_TABLE . '
|
SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\'
| SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\', user_last_active = ' . (int) $this->time_now . '
|
WHERE user_id = ' . (int) $this->data['user_id']; $db->sql_query($sql);
|
WHERE user_id = ' . (int) $this->data['user_id']; $db->sql_query($sql);
|
| } else { $this->update_last_active_time();
|
} } else { $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
|
} } else { $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
|
// Update the last visit time $sql = 'UPDATE ' . USERS_TABLE . ' SET user_lastvisit = ' . (int) $this->data['session_time'] . ' WHERE user_id = ' . (int) $this->data['user_id']; $db->sql_query($sql);
| $this->update_user_lastvisit();
|
$SID = '?sid='; $_SID = '';
| $SID = '?sid='; $_SID = '';
|
Line 1344 | Line 1348 |
---|
$this->check_ban($this->data['user_id'], $ips); } }
|
$this->check_ban($this->data['user_id'], $ips); } }
|
| }
/** * Check if ip is blacklisted by Spamhaus SBL * * Disables DNSBL setting if errors are returned by Spamhaus due to a policy violation. * https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/ * * @param string $dnsbl the blacklist to check against * @param string|false $ip the IPv4 address to check * * @return bool true if listed in spamhaus database, false if not */ function check_dnsbl_spamhaus($dnsbl, $ip = false) { global $config, $phpbb_log;
if ($ip === false) { $ip = $this->ip; }
// Spamhaus does not support IPv6 addresses. if (strpos($ip, ':') !== false) { return false; }
if ($ip) { $quads = explode('.', $ip); $reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0];
$records = dns_get_record($reverse_ip . '.' . $dnsbl . '.', DNS_A); if (empty($records)) { return false; } else { $error = false; foreach ($records as $record) { if ($record['ip'] == '127.255.255.254') { $error = 'LOG_SPAMHAUS_OPEN_RESOLVER'; break; } else if ($record['ip'] == '127.255.255.255') { $error = 'LOG_SPAMHAUS_VOLUME_LIMIT'; break; } }
if ($error !== false) { $config->set('check_dnsbl', 0); $phpbb_log->add('critical', $this->data['user_id'], $ip, $error); } else { // The existence of a non-error A record means it's a hit return true; } } }
return false; }
/** * Checks if an IPv4 address is in a specified DNS blacklist * * Only checks if a record is returned or not. * * @param string $dnsbl the blacklist to check against * @param string|false $ip the IPv4 address to check * * @return bool true if record is returned, false if not */ function check_dnsbl_ipv4_generic($dnsbl, $ip = false) { if ($ip === false) { $ip = $this->ip; }
// This function does not support IPv6 addresses. if (strpos($ip, ':') !== false) { return false; }
$quads = explode('.', $ip); $reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0];
if (checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true) { return true; }
return false;
|
}
/**
| }
/**
|
Line 1372 | Line 1479 |
---|
}
$dnsbl_check = array(
|
}
$dnsbl_check = array(
|
'sbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=',
| 'sbl.spamhaus.org' => ['https://check.spamhaus.org/listed/?searchterm=', 'check_dnsbl_spamhaus'],
|
);
if ($mode == 'register') {
|
);
if ($mode == 'register') {
|
$dnsbl_check['bl.spamcop.net'] = 'http://spamcop.net/bl.shtml?';
| $dnsbl_check['bl.spamcop.net'] = ['https://www.spamcop.net/bl.shtml?', 'check_dnsbl_ipv4_generic'];
|
}
if ($ip) {
|
}
if ($ip) {
|
$quads = explode('.', $ip); $reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0];
| |
// Need to be listed on all servers... $listed = true; $info = array();
foreach ($dnsbl_check as $dnsbl => $lookup) {
|
// Need to be listed on all servers... $listed = true; $info = array();
foreach ($dnsbl_check as $dnsbl => $lookup) {
|
if (checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true)
| if (call_user_func(array($this, $lookup[1]), $dnsbl, $ip) === true)
|
{
|
{
|
$info = array($dnsbl, $lookup . $ip);
| $info = array($dnsbl, $lookup[0] . $ip);
|
} else {
| } else {
|
Line 1660 | Line 1764 |
---|
}
// Do not update the session page for ajax requests, so the view online still works as intended
|
}
// Do not update the session page for ajax requests, so the view online still works as intended
|
$page_changed = $this->update_session_page && (!isset($this->data['session_page']) || $this->data['session_page'] != $this->page['page']) && !$request->is_ajax();
| $page_changed = $this->update_session_page && (!isset($this->data['session_page']) || $this->data['session_page'] != $this->page['page'] || $this->data['session_forum_id'] != $this->page['forum']) && !$request->is_ajax();
|
// Only update session DB a minute or so after last update or if page changes if ($this->time_now - (isset($this->data['session_time']) ? $this->data['session_time'] : 0) > 60 || $page_changed)
| // Only update session DB a minute or so after last update or if page changes if ($this->time_now - (isset($this->data['session_time']) ? $this->data['session_time'] : 0) > 60 || $page_changed)
|
Line 1696 | Line 1800 |
---|
public function id() : int { return isset($this->data['user_id']) ? (int) $this->data['user_id'] : ANONYMOUS;
|
public function id() : int { return isset($this->data['user_id']) ? (int) $this->data['user_id'] : ANONYMOUS;
|
| }
/** * Update user last visit time */ public function update_user_lastvisit() { global $db;
if (isset($this->data['session_time'], $this->data['user_id'])) { $sql = 'UPDATE ' . USERS_TABLE . ' SET user_lastvisit = ' . (int) $this->data['session_time'] . ', user_last_active = ' . $this->time_now . ' WHERE user_id = ' . (int) $this->data['user_id']; $db->sql_query($sql); } }
/** * Update user's last active time * * @return void */ public function update_last_active_time() { global $db;
if (isset($this->time_now, $this->data['user_id'])) { $sql = 'UPDATE ' . USERS_TABLE . ' SET user_last_active = ' . $this->time_now . ' WHERE user_id = ' . (int) $this->data['user_id']; $db->sql_query($sql); }
|
} }
| } }
|