[ Index ]

PHP Cross Reference of phpBB-3.2.0-deutsch

title

Body

[close]

/phpbb/ -> session.php (summary)

This file is part of the phpBB Forum Software package.

Copyright: (c) phpBB Limited
License: GNU General Public License, version 2 (GPL-2.0)
File Size: 1621 lines (53 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

session:: (15 methods):
  extract_current_page()
  extract_current_hostname()
  session_begin()
  session_create()
  session_kill()
  session_gc()
  set_cookie()
  check_ban()
  check_dnsbl()
  set_login_key()
  reset_login_keys()
  validate_referer()
  unset_admin()
  update_session()
  update_session_infos()


Class: session  - X-Ref

Session class

extract_current_page($root_path)   X-Ref
Extract current session page

return: array
param: string $root_path current root path (phpbb_root_path)

extract_current_hostname()   X-Ref
Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present.


session_begin($update_session_page = true)   X-Ref
Start session management

This is where all session activity begins. We gather various pieces of
information from the client and server. We test to see if a session already
exists. If it does, fine and dandy. If it doesn't we'll go on to create a
new one ... pretty logical heh? We also examine the system load (if we're
running on a system which makes such information readily available) and
halt if it's above an admin definable limit.

param: bool $update_session_page if true the session page gets updated.

session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)   X-Ref
Create a new session

If upon trying to start a session we discover there is nothing existing we
jump here. Additionally this method is called directly during login to regenerate
the session for the specific user. In this method we carry out a number of tasks;
garbage collection, (search)bot checking, banned user comparison. Basically
though this method will result in a new session for a specific user.

session_kill($new_session = true)   X-Ref
Kills a session

This method does what it says on the tin. It will delete a pre-existing session.
It resets cookie information (destroying any autologin key within that cookie data)
and update the users information from the relevant session data. It will then
grab guest user information.

session_gc()   X-Ref
Session garbage collection

This looks a lot more complex than it really is. Effectively we are
deleting any sessions older than an admin definable limit. Due to the
way in which we maintain session data we have to ensure we update user
data before those sessions are destroyed. In addition this method
removes autologin key information that is older than an admin defined
limit.

set_cookie($name, $cookiedata, $cookietime, $httponly = true)   X-Ref
Sets a cookie

Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.

param: string $name        Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then.
param: string $cookiedata    The data to hold within the cookie
param: int $cookietime    The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set.
param: bool $httponly        Use HttpOnly. Defaults to true. Use false to make cookie accessible by client-side scripts.

check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false)   X-Ref
Check for banned user

Checks whether the supplied user is banned by id, ip or email. If no parameters
are passed to the method pre-existing session data is used.

param: int|false        $user_id        The user id
param: mixed            $user_ips        Can contain a string with one IP or an array of multiple IPs
param: string|false    $user_email        The user email
param: bool            $return            If $return is false this routine does not return on finding a banned user,

check_dnsbl($mode, $ip = false)   X-Ref
Check if ip is blacklisted
This should be called only where absolutely necessary

Only IPv4 (rbldns does not support AAAA records/IPv6 lookups)

return: false if ip is not blacklisted, else an array([checked server], [lookup])
author: satmd (from the php manual)
param: string         $mode    register/post - spamcop for example is ommitted for posting
param: string|false    $ip        the IPv4 address to check

set_login_key($user_id = false, $key = false, $user_ip = false)   X-Ref
Set/Update a persistent login key

This method creates or updates a persistent session key. When a user makes
use of persistent (formerly auto-) logins a key is generated and stored in the
DB. When they revisit with the same key it's automatically updated in both the
DB and cookie. Multiple keys may exist for each user representing different
browsers or locations. As with _any_ non-secure-socket no passphrase login this
remains vulnerable to exploit.

reset_login_keys($user_id = false)   X-Ref
Reset all login keys for the specified user

This method removes all current login keys for a specified (or the current)
user. It will be called on password change to render old keys unusable

validate_referer($check_script_path = false)   X-Ref
Check if the request originated from the same page.

param: bool $check_script_path If true, the path will be checked as well

unset_admin()   X-Ref
No description

update_session($session_data, $session_id = null)   X-Ref
Update the session data

param: array $session_data associative array of session keys to be updated
param: string $session_id optional session_id, defaults to current user's session_id

update_session_infos()   X-Ref
No description



Generated: Sun Feb 19 19:47:08 2017 Cross-referenced by PHPXref 0.7.1