class user extends session

Base user class

This is the overarching class which contains (through session extend) all methods utilised for user functionality during a session.

Properties

$cookie_data from  session
$page from  session
$data from  session
$browser from  session
$forwarded_for from  session
$host from  session
$session_id from  session
$ip from  session
$load from  session
$time_now from  session
$update_session_page from  session
protected language $language
$style
$date_format
$timezone

DateTimeZone object holding the timezone of the user

protected string $datetime
$lang_name
$lang_id
$lang_path
$img_lang
$img_array
protected bool $is_setup_flag
$keyoptions

Methods

static array
extract_current_page(string $root_path)

Extract current session page

from  session
extract_current_hostname()

Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present.

from  session
session_begin(bool $update_session_page = true)

Start session management

from  session
session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)

Create a new session

from  session
session_kill($new_session = true)

Kills a session

from  session
session_gc()

Session garbage collection

from  session
set_cookie(string $name, string $cookiedata, int $cookietime, bool $httponly = true)

Sets a cookie

from  session
check_ban(int|false $user_id = false, mixed $user_ips = false, string|false $user_email = false, bool $return = false)

Check for banned user

from  session
true
check_ban_for_current_session($config)

Check the current session for bans

from  session
bool
check_dnsbl_spamhaus(string $dnsbl, string|false $ip = false)

Check if ip is blacklisted by Spamhaus SBL

from  session
bool
check_dnsbl_ipv4_generic(string $dnsbl, string|false $ip = false)

Checks if an IPv4 address is in a specified DNS blacklist

from  session
false
check_dnsbl(string $mode, string|false $ip = false)

Check if ip is blacklisted This should be called only where absolutely necessary

from  session
set_login_key($user_id = false, $key = false, $user_ip = false)

Set/Update a persistent login key

from  session
reset_login_keys($user_id = false)

Reset all login keys for the specified user

from  session
validate_referer(bool $check_script_path = false)

Check if the request originated from the same page.

from  session
unset_admin()

No description

from  session
update_session(array $session_data, string $session_id = null)

Update the session data

from  session
update_session_infos()

No description

from  session
int
id()

Get user ID

from  session
update_user_lastvisit()

Update user last visit time

from  session
void
update_last_active_time()

Update user's last active time

from  session
__construct(language $lang, string $datetime_class)

Constructor to set the lang path

bool
is_setup()

Returns whether user::setup was called

static int
get_token_expiration()

Get expiration time for user tokens, e.g. activation or reset password tokens

array
__get(string $param_name) deprecated

Magic getter for BC compatibility

setup($lang_set = false, $style_id = false)

Setup basic user-specific items (style, language, ...)

lang() deprecated

More advanced language substitution Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms.

int|bool
get_plural_form($number, $force_rule = false)

Determine which plural form we should use.

add_lang(mixed $lang_set, bool $use_db = false, bool $use_help = false, string $ext_name = '')

Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion)

add_lang_ext(string $ext_name, mixed $lang_set, bool $use_db = false, bool $use_help = false)

Add Language Items from an extension - use_db and use_help are assigned where needed (only use them to force inclusion)

mixed
format_date(int $gmepoch, string $format = false, bool $forcedate = false)

Format user date

create_timezone(string $user_timezone = null)

Create a DateTimeZone object in the context of the current user

create_datetime(string $time = 'now', DateTimeZone $timezone = null)

Create a \phpbb\datetime object in the context of the current user

int
get_timestamp_from_format(string $format, string $time, DateTimeZone $timezone = null)

Get the UNIX timestamp for a datetime in the users timezone, so we can store it in the database.

get_iso_lang_id()

Get language id currently used by the user

get_profile_fields($user_id)

Get users profile fields

img($img, $alt = '')

Specify/Get image

bool
optionget(int $key, int $data = false)

Get option bit field from user options.

int|bool
optionset(int $key, bool $value, int $data = false)

Set option bit field for user options.

leave_newly_registered()

Function to make the user leave the NEWLY_REGISTERED system group.

array
get_passworded_forums()

Returns all password protected forum ids the user is currently NOT authenticated for.

Details

in session at line 39
static array extract_current_page(string $root_path)

Extract current session page

Parameters

string $root_path

current root path (phpbb_root_path)

Return Value

array

in session at line 164
extract_current_hostname()

Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present.

in session at line 228
session_begin(bool $update_session_page = true)

Start session management

This is where all session activity begins. We gather various pieces of information from the client and server. We test to see if a session already exists. If it does, fine and dandy. If it doesn't we'll go on to create a new one ... pretty logical heh? We also examine the system load (if we're running on a system which makes such information readily available) and halt if it's above an admin definable limit.

Parameters

bool $update_session_page

if true the session page gets updated. This can be set to circumvent certain scripts to update the users last visited page.

in session at line 490
session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)

Create a new session

If upon trying to start a session we discover there is nothing existing we jump here. Additionally this method is called directly during login to regenerate the session for the specific user. In this method we carry out a number of tasks; garbage collection, (search)bot checking, banned user comparison. Basically though this method will result in a new session for a specific user.

Parameters

$user_id
$set_admin
$persist_login
$viewonline

in session at line 865
session_kill($new_session = true)

Kills a session

This method does what it says on the tin. It will delete a pre-existing session. It resets cookie information (destroying any autologin key within that cookie data) and update the users information from the relevant session data. It will then grab guest user information.

Parameters

$new_session

in session at line 957
session_gc()

Session garbage collection

This looks a lot more complex than it really is. Effectively we are deleting any sessions older than an admin definable limit. Due to the way in which we maintain session data we have to ensure we update user data before those sessions are destroyed. In addition this method removes autologin key information that is older than an admin defined limit.

Sets a cookie

Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.

Parameters

string $name

Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then.

string $cookiedata

The data to hold within the cookie

int $cookietime

The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set.

bool $httponly

Use HttpOnly. Defaults to true. Use false to make cookie accessible by client-side scripts.

in session at line 1127
check_ban(int|false $user_id = false, mixed $user_ips = false, string|false $user_email = false, bool $return = false)

Check for banned user

Checks whether the supplied user is banned by id, ip or email. If no parameters are passed to the method pre-existing session data is used.

Parameters

int|false $user_id

The user id

mixed $user_ips

Can contain a string with one IP or an array of multiple IPs

string|false $user_email

The user email

bool $return

If $return is false this routine does not return on finding a banned user, it outputs a relevant message and stops execution.

in session at line 1335
protected true check_ban_for_current_session($config)

Check the current session for bans

Parameters

$config

Return Value

true

if session user is banned.

in session at line 1363
bool check_dnsbl_spamhaus(string $dnsbl, string|false $ip = false)

Check if ip is blacklisted by Spamhaus SBL

Disables DNSBL setting if errors are returned by Spamhaus due to a policy violation. https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/

Parameters

string $dnsbl

the blacklist to check against

string|false $ip

the IPv4 address to check

Return Value

bool

true if listed in spamhaus database, false if not

in session at line 1431
bool check_dnsbl_ipv4_generic(string $dnsbl, string|false $ip = false)

Checks if an IPv4 address is in a specified DNS blacklist

Only checks if a record is returned or not.

Parameters

string $dnsbl

the blacklist to check against

string|false $ip

the IPv4 address to check

Return Value

bool

true if record is returned, false if not

in session at line 1467
false check_dnsbl(string $mode, string|false $ip = false)

Check if ip is blacklisted This should be called only where absolutely necessary

Only IPv4 (rbldns does not support AAAA records/IPv6 lookups)

Parameters

string $mode

register/post - spamcop for example is omitted for posting

string|false $ip

the IPv4 address to check

Return Value

false

if ip is not blacklisted, else an array([checked server], [lookup])

in session at line 1561
set_login_key($user_id = false, $key = false, $user_ip = false)

Set/Update a persistent login key

This method creates or updates a persistent session key. When a user makes use of persistent (formerly auto-) logins a key is generated and stored in the DB. When they revisit with the same key it's automatically updated in both the DB and cookie. Multiple keys may exist for each user representing different browsers or locations. As with any non-secure-socket no passphrase login this remains vulnerable to exploit.

Parameters

$user_id
$key
$user_ip

in session at line 1631
reset_login_keys($user_id = false)

Reset all login keys for the specified user

This method removes all current login keys for a specified (or the current) user. It will be called on password change to render old keys unusable

Parameters

$user_id

in session at line 1680
validate_referer(bool $check_script_path = false)

Check if the request originated from the same page.

Parameters

bool $check_script_path

If true, the path will be checked as well

in session at line 1717
unset_admin()

No description

in session at line 1732
update_session(array $session_data, string $session_id = null)

Update the session data

Parameters

array $session_data

associative array of session keys to be updated

string $session_id

optional session_id, defaults to current user's session_id

in session at line 1755
update_session_infos()

No description

in session at line 1799
int id()

Get user ID

Return Value

int

User ID

in session at line 1807
update_user_lastvisit()

Update user last visit time

in session at line 1826
void update_last_active_time()

Update user's last active time

Return Value

void

at line 60
__construct(language $lang, string $datetime_class)

Constructor to set the lang path

Parameters

language $lang

phpBB's Language loader

string $datetime_class

Class name of datetime class

at line 76
bool is_setup()

Returns whether user::setup was called

Return Value

bool

at line 86
static int get_token_expiration()

Get expiration time for user tokens, e.g. activation or reset password tokens

Return Value

int

Expiration for user tokens

at line 102
array __get(string $param_name) deprecated

deprecated 3.2.0-dev (To be removed: 4.0.0)

Magic getter for BC compatibility

Implement array access for user::lang.

Parameters

string $param_name

Name of the BC component the user want to access

Return Value

array

The appropriate array

at line 120
setup($lang_set = false, $style_id = false)

Setup basic user-specific items (style, language, ...)

Parameters

$lang_set
$style_id

at line 469
lang() deprecated

deprecated 3.2.0-dev (To be removed 4.0.0)

More advanced language substitution Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms.

Params are the language key and the parameters to be substituted. This function/functionality is inspired by SHS` and Ashe.

Example call: $user->lang('NUM_POSTS_IN_QUEUE', 1);

If the first parameter is an array, the elements are used as keys and subkeys to get the language entry: Example: $user->lang(array('datetime', 'AGO'), 1) uses $user->lang['datetime']['AGO'] as language entry.

at line 487
int|bool get_plural_form($number, $force_rule = false)

Determine which plural form we should use.

For some languages this is not as simple as for English.

Parameters

$number

int|float The number we want to get the plural case for. Float numbers are floored.

$force_rule

mixed False to use the plural rule of the language package or an integer to force a certain plural rule

Return Value

int|bool

The plural-case we need to use for the number plural-rule combination, false if $force_rule was invalid.

at line 514
add_lang(mixed $lang_set, bool $use_db = false, bool $use_help = false, string $ext_name = '')

Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion)

Parameters

mixed $lang_set

specifies the language entries to include

bool $use_db

internal variable for recursion, do not use @deprecated 3.2.0-dev (To be removed: 4.0.0)

bool $use_help

internal variable for recursion, do not use @deprecated 3.2.0-dev (To be removed: 4.0.0)

string $ext_name

The extension to load language from, or empty for core files

Examples:

$lang_set = array('posting', 'help' => 'faq');
$lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq'))
$lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq'))
$lang_set = 'posting'
$lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting'))

Note: $use_db and $use_help should be removed. The old function was kept for BC purposes, so the BC logic is handled here.

at line 591
add_lang_ext(string $ext_name, mixed $lang_set, bool $use_db = false, bool $use_help = false)

Add Language Items from an extension - use_db and use_help are assigned where needed (only use them to force inclusion)

Parameters

string $ext_name

The extension to load language from, or empty for core files

mixed $lang_set

specifies the language entries to include

bool $use_db

internal variable for recursion, do not use

bool $use_help

internal variable for recursion, do not use

Note: $use_db and $use_help should be removed. Kept for BC purposes.

at line 610
mixed format_date(int $gmepoch, string $format = false, bool $forcedate = false)

Format user date

Parameters

int $gmepoch

unix timestamp

string $format

date format in date() notation. | used to indicate relative dates, for example |d m Y|, h:i is translated to Today, h:i.

bool $forcedate

force non-relative date format.

Return Value

mixed

translated date

at line 656
DateTimeZone create_timezone(string $user_timezone = null)

Create a DateTimeZone object in the context of the current user

Parameters

string $user_timezone

Time zone of the current user.

Return Value

DateTimeZone

DateTimeZone object linked to the current users locale

at line 688
datetime create_datetime(string $time = 'now', DateTimeZone $timezone = null)

Since: 3.1

Create a \phpbb\datetime object in the context of the current user

Parameters

string $time

String in a format accepted by strtotime().

DateTimeZone $timezone

Time zone of the time.

Return Value

datetime

Date time object linked to the current users locale

at line 702
int get_timestamp_from_format(string $format, string $time, DateTimeZone $timezone = null)

Get the UNIX timestamp for a datetime in the users timezone, so we can store it in the database.

Parameters

string $format

Format of the entered date/time

string $time

Date/time with the timezone applied

DateTimeZone $timezone

Timezone of the date/time, falls back to timezone of current user

Return Value

int

Returns the unix timestamp

at line 712
get_iso_lang_id()

Get language id currently used by the user

at line 739
get_profile_fields($user_id)

Get users profile fields

Parameters

$user_id

at line 759
img($img, $alt = '')

Specify/Get image

Parameters

$img
$alt

at line 778
bool optionget(int $key, int $data = false)

Get option bit field from user options.

Parameters

int $key

option key, as defined in $keyoptions property.

int $data

bit field value to use, or false to use $this->data['user_options']

Return Value

bool

true if the option is set in the bit field, false otherwise

at line 796
int|bool optionset(int $key, bool $value, int $data = false)

Set option bit field for user options.

Parameters

int $key

Option key, as defined in $keyoptions property.

bool $value

True to set the option, false to clear the option.

int $data

Current bit field value, or false to use $this->data['user_options']

Return Value

int|bool

If $data is false, the bit field is modified and written back to $this->data['user_options'], and return value is true if the bit field changed and false otherwise. If $data is not false, the new bitfield value is returned.

at line 824
leave_newly_registered()

Function to make the user leave the NEWLY_REGISTERED system group.

at line 854
array get_passworded_forums()

Returns all password protected forum ids the user is currently NOT authenticated for.

Return Value

array

Array of forum ids