CreateSessionID(), 'userid' => intval($userid), 'ipaddress' => USERIP, 'useragent' => USERAGENT, 'lastactivity' => TIMENOW, 'location' => $location, 'loggedin' => $loggedin); // login creates its own session if(isset($_POST['login'])) { return null; } $DB->query("REPLACE INTO {sessions} (sessionid, userid, ipaddress, useragent, lastactivity, location, loggedin) VALUES ('%s', %d, '%s', '%s', %d, '%s', %d) ", $session['sessionid'], $session['userid'], $session['ipaddress'], $session['useragent'], $session['lastactivity'], $session['location'], $session['loggedin']); if(!isset($_POST['login']) && !isset($_GET['logout'])) { // save the sessionid setcookie(COOKIE_PREFIX . "sessionid", $session['sessionid'], TIMENOW + 60*60*24*365, "/"); } $sessioncreated = true; return $session; } // ############################## FIND SESSIONID ############################### if(!empty($_POST['s'])) { $sessionid = $_POST['s']; } else if(!empty($_GET['s'])) { $sessionid = $_GET['s']; } else { $sessionid = isset($_COOKIE[COOKIE_PREFIX . 'sessionid']) ? $_COOKIE[COOKIE_PREFIX . 'sessionid'] : ''; } // ############################# CHECK IF SESSION ############################## if(!empty($sessionid)) { $session = $DB->query_first("SELECT * FROM {sessions} WHERE sessionid = '%s' AND ipaddress = '%s' AND lastactivity > %d AND useragent = '%s' AND admin = 0", $sessionid, USERIP, (TIMENOW - $mainsettings['cookietimeout']), USERAGENT); // will return an empty session if last activity is expired, meaning the user // will have to login via cookies 'remember me option' } // if a session doesn't exist that means two things // 1) This is a user who's session deleted (empty($session)) because it expired (Subdreamer always deletes old sessions) // If this is the case, then we'll try logging in via a cookie // 2) This is a guest (userid == 0) if(empty($session) OR $session['userid'] == 0) { if(!empty($_COOKIE[COOKIE_PREFIX . 'userid']) AND !empty($_COOKIE[COOKIE_PREFIX . 'password']) AND is_numeric($_COOKIE[COOKIE_PREFIX . 'userid'])) { if($user = $DB->query_first("SELECT * FROM {users} WHERE userid = %d AND password = '%s'", $_COOKIE[COOKIE_PREFIX . 'userid'], $_COOKIE[COOKIE_PREFIX . 'password'])) { // cookie login is correct // delete old sessions if(!empty($session['sessionid'])) { $DB->query("DELETE FROM {sessions} WHERE sessionid = '%s'", $sessionid); } // create a new session for this user $session = CreateSession($_COOKIE[COOKIE_PREFIX . 'userid']); } else if(!isset($_POST['login'])) { // user has bad cookies, set the cookies to empty if we are not logging in // cookie's bad and since we're not doing anything login related, kill the bad cookie setcookie(COOKIE_PREFIX . "userid", "", TIMENOW + 60*60*24*365, "/"); setcookie(COOKIE_PREFIX . "password", "", TIMENOW + 60*60*24*365, "/"); } } } // ########################### CREATE GUEST SESSION ############################ if(empty($session)) { $session = CreateSession(); } // ############################ SETUP USER VARIABLE ############################ if($session['userid'] == 0) { $user = array('userid' => 0, 'usergroupids' => 4, // Subdreamer 2 - Guests 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1); } else { $user = $DB->query_first("SELECT * FROM {users} WHERE userid = %d", $session['userid']); // everything else is filled from the database query $user['usergroupids'] = $user['usergroupid']; $user['loggedin'] = 1; $user['timezoneoffset'] = 0; $user['dstonoff'] = 0; $user['dstauto'] = 1; // update user last activity date $DB->query("UPDATE {users} SET lastactivity = %d WHERE userid = %d", TIMENOW, $user['userid']); } // ############################## UPDATE SESSION ############################### if(!$sessioncreated) { $DB->query("UPDATE {sessions} SET useragent = '%s', lastactivity = %d, location = '%s' WHERE sessionid = '%s' ", USERAGENT, TIMENOW, $location, $session['sessionid']); } // ################################ FORM LOGIN ################################ if(isset($_POST['login']) && $_POST['login'] == 'login') { $loginusername = $_POST['loginusername']; $loginpassword = $_POST['loginpassword']; $rememberme = $_POST['rememberme']; if(strlen($loginusername)) { if($user = $DB->query_first("SELECT userid, usergroupid, email, username, password, banned, activated FROM {users} WHERE username = '%s'", $loginusername)) { if($user['banned'] == 1) { $loginerrors[] = $sdlanguage['you_are_banned']; } else if($user['activated'] == 0) { $loginerrors[] = $sdlanguage['not_yet_activated']; } else if($user['password'] != md5($loginpassword)) { $loginerrors[] = $sdlanguage['wrong_password']; } else { // user successfully logged in // everything else is filled from the database query $user['usergroupids'] = $user['usergroupid']; $user['loggedin'] = 1; $user['timezoneoffset'] = 0; $user['dstonoff'] = 0; $user['dstauto'] = 1; // delete old session or the newly created session for this user // (a session was created before this login script was even executed) $DB->query("DELETE FROM {sessions} WHERE sessionid = '%s'", $sessionid); // create new session $DB->query("REPLACE INTO {sessions} (sessionid, userid, ipaddress, useragent, lastactivity, location, loggedin) VALUES ('%s', %d, '%s', '%s', %d, '%s', 1)", $sessionid, $user['userid'], USERIP, USERAGENT, TIMENOW, $location); // save sessionid into cookie setcookie(COOKIE_PREFIX . "sessionid", $sessionid, TIMENOW + 60*60*24*365, "/"); // if remember me then save username and password if($rememberme) { setcookie(COOKIE_PREFIX . "userid", $user['userid'], TIMENOW + 60*60*24*365, "/"); setcookie(COOKIE_PREFIX . "password", $user['password'], TIMENOW + 60*60*24*365, "/"); } } } else { $loginerrors[] = $sdlanguage['wrong_username']; } } else { $loginerrors[] = $sdlanguage['please_enter_username']; } } // ################################## LOGOUT ################################### if(isset($_GET['logout'])) { // erase all cookies setcookie(COOKIE_PREFIX . "sessionid", "", TIMENOW + 60*60*24*365, "/"); setcookie(COOKIE_PREFIX . "userid", "", TIMENOW + 60*60*24*365, "/"); setcookie(COOKIE_PREFIX . "password", "", TIMENOW + 60*60*24*365, "/"); if($user['userid'] != 0 AND $user['userid'] != -1) { // update user lastactivity and user lastvisit $DB->query("UPDATE {users} SET lastactivity = %d WHERE userid = %d", (TIMENOW - $mainsettings['cookietimeout']), $user['userid']); // delete sessions with same userid $DB->query("DELETE FROM {sessions} WHERE userid = %d AND admin = 0", $user['userid']); } // delete sessions with same sessionid $DB->query("DELETE FROM {sessions} WHERE sessionid = '%s'", $sessionid); // create a new sessionid for this guest $sessionid = CreateSessionID(); // save this new sessionid in the sessions table $DB->query("REPLACE INTO {sessions} (sessionid, userid, ipaddress, useragent, lastactivity, location, loggedin) VALUES ('%s', 0, '%s', '%s', %d, '%s', 0)", $sessionid, USERIP, USERAGENT, TIMENOW, $location); // save sessionid into cookie setcookie(COOKIE_PREFIX . "sessionid", $sessionid, TIMENOW + 60*60*24*365, "/"); $user = array('userid' => 0, 'usergroupids' => 4, // Subdreamer 2 - Guests 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1); } // ############################ DELETE OLD SESSIONS ############################ $DB->query("DELETE FROM {sessions} WHERE lastactivity < %d", intval(TIMENOW - $mainsettings['cookietimeout'])); // ###################### SUBDREAMER USER SETTINGS SETUP ####################### $usersettings = array('userid' => $user['userid'], 'usergroupids' => $user['usergroupids'], 'username' => $user['username'], 'loggedin' => $user['loggedin'], 'email' => $user['email'], 'timezoneoffset' => $user['timezoneoffset'], 'dstonoff' => $user['dstonoff'], 'dstauto' => $user['dstauto'], 'sessionurl' => ''); // ############################## UNSET VARIABLES ############################## unset($user, $session, $sessionid); // ############################## USER FUNCTIONS ############################## function IsIPBanned($clientip) { global $DB; $getbanip = $DB->query_first("SELECT value FROM {pluginsettings} WHERE pluginid='12' AND title = 'Banned IP Addresses'"); $addresses = explode(' ', preg_replace("/[[:space:]]+/", " ", trim($getbanip[0])) ); if(count($addresses) > 0) { foreach ( $addresses as $ip ) { if(strpos($ip, '*') === false) { // Not wildcard so go for exact match if($ip == $clientip) { return true; } } elseif(eregi($ip, $clientip)) { return true; } } } return false; } // Returns the relevent forum link url // linkType // 1 - Register // 2 - UserCP // 3 - Recover Password // 4 - UserCP (requires $userid) // 5 - SendPM (requires $userid) function ForumLink($linkType, $userid = -1) { global $DB; $url = ''; switch($linkType) { case 1: $getregpath = $DB->query_first("SELECT categoryid FROM {pagesort} WHERE pluginid = 12"); if(isset($getregpath[0]) && $getregpath[0] > 0) { $url = RewriteLink('index.php?categoryid=' . $getregpath['categoryid']); } break; case 2: $getcppath = $DB->query_first("SELECT categoryid FROM {pagesort} WHERE pluginid = 11"); if(isset($getcppath[0]) && $getcppath[0] > 0) { $url = RewriteLink('index.php?categoryid=' . $getcppath['categoryid']); } break; case 3: $getregpath = $DB->query_first("SELECT categoryid FROM {pagesort} WHERE pluginid = 12"); if(isset($getregpath[0]) && $getregpath[0] > 0) { $url = RewriteLink('index.php?categoryid=' . $getregpath['categoryid'] . '&p12_forgotpwd=1'); } break; case 4: break; case 5: break; } return $url; } function ForumAvatar($userid, $username) { return ''; } ?>