| [ Index ] |
PHP Cross Reference of phpBB-3.2.11-deutsch |
[Source view] [Print] [Project Stats]
This file is part of the phpBB Forum Software package.
| Copyright: | (c) phpBB Limited |
| License: | GNU General Public License, version 2 (GPL-2.0) |
| File Size: | 1676 lines (54 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
session:: (16 methods):
extract_current_page()
extract_current_hostname()
session_begin()
session_create()
session_kill()
session_gc()
set_cookie()
check_ban()
check_ban_for_current_session()
check_dnsbl()
set_login_key()
reset_login_keys()
validate_referer()
unset_admin()
update_session()
update_session_infos()
| extract_current_page($root_path) X-Ref |
| Extract current session page param: string $root_path current root path (phpbb_root_path) return: array |
| extract_current_hostname() X-Ref |
| Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present. |
| session_begin($update_session_page = true) X-Ref |
| Start session management This is where all session activity begins. We gather various pieces of information from the client and server. We test to see if a session already exists. If it does, fine and dandy. If it doesn't we'll go on to create a new one ... pretty logical heh? We also examine the system load (if we're running on a system which makes such information readily available) and halt if it's above an admin definable limit. param: bool $update_session_page if true the session page gets updated. |
| session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true) X-Ref |
| Create a new session If upon trying to start a session we discover there is nothing existing we jump here. Additionally this method is called directly during login to regenerate the session for the specific user. In this method we carry out a number of tasks; garbage collection, (search)bot checking, banned user comparison. Basically though this method will result in a new session for a specific user. |
| session_kill($new_session = true) X-Ref |
| Kills a session This method does what it says on the tin. It will delete a pre-existing session. It resets cookie information (destroying any autologin key within that cookie data) and update the users information from the relevant session data. It will then grab guest user information. |
| session_gc() X-Ref |
| Session garbage collection This looks a lot more complex than it really is. Effectively we are deleting any sessions older than an admin definable limit. Due to the way in which we maintain session data we have to ensure we update user data before those sessions are destroyed. In addition this method removes autologin key information that is older than an admin defined limit. |
| set_cookie($name, $cookiedata, $cookietime, $httponly = true) X-Ref |
| Sets a cookie Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set. param: string $name Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then. param: string $cookiedata The data to hold within the cookie param: int $cookietime The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set. param: bool $httponly Use HttpOnly. Defaults to true. Use false to make cookie accessible by client-side scripts. |
| check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false) X-Ref |
| Check for banned user Checks whether the supplied user is banned by id, ip or email. If no parameters are passed to the method pre-existing session data is used. param: int|false $user_id The user id param: mixed $user_ips Can contain a string with one IP or an array of multiple IPs param: string|false $user_email The user email param: bool $return If $return is false this routine does not return on finding a banned user, |
| check_ban_for_current_session($config) X-Ref |
| Check the current session for bans return: true if session user is banned. |
| check_dnsbl($mode, $ip = false) X-Ref |
| Check if ip is blacklisted This should be called only where absolutely necessary Only IPv4 (rbldns does not support AAAA records/IPv6 lookups) param: string $mode register/post - spamcop for example is ommitted for posting param: string|false $ip the IPv4 address to check author: satmd (from the php manual) return: false if ip is not blacklisted, else an array([checked server], [lookup]) |
| set_login_key($user_id = false, $key = false, $user_ip = false) X-Ref |
| Set/Update a persistent login key This method creates or updates a persistent session key. When a user makes use of persistent (formerly auto-) logins a key is generated and stored in the DB. When they revisit with the same key it's automatically updated in both the DB and cookie. Multiple keys may exist for each user representing different browsers or locations. As with _any_ non-secure-socket no passphrase login this remains vulnerable to exploit. |
| reset_login_keys($user_id = false) X-Ref |
| Reset all login keys for the specified user This method removes all current login keys for a specified (or the current) user. It will be called on password change to render old keys unusable |
| validate_referer($check_script_path = false) X-Ref |
| Check if the request originated from the same page. param: bool $check_script_path If true, the path will be checked as well |
| unset_admin() X-Ref |
| No description |
| update_session($session_data, $session_id = null) X-Ref |
| Update the session data param: array $session_data associative array of session keys to be updated param: string $session_id optional session_id, defaults to current user's session_id |
| update_session_infos() X-Ref |
| No description |
| Generated: Wed Nov 11 20:33:01 2020 | Cross-referenced by PHPXref 0.7.1 |