includes/sessions.php
changeset 1103 90225c988124
parent 1101 30d8bb88572d
child 1132 05fe0039d952
equal deleted inserted replaced
1102:faef5e62e1e0 1103:90225c988124
     1 <?php
     1 <?php
     2 
     2 
     3 /*
     3 /*
     4  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
     4  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
     5  * Version 1.1.6 (Caoineag beta 1)
     5  * Copyright (C) 2006-2009 Dan Fuhry
     6  * Copyright (C) 2006-2008 Dan Fuhry
       
     7  * sessions.php - everything related to security and user management
     6  * sessions.php - everything related to security and user management
     8  *
     7  *
     9  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
     8  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
    10  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
     9  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    11  *
    10  *
   156    */
   155    */
   157    
   156    
   158   var $auth_level = 1;
   157   var $auth_level = 1;
   159   
   158   
   160   /**
   159   /**
       
   160    * Preference for date formatting
       
   161    * @var string
       
   162    */
       
   163   
       
   164   var $date_format = DATE_4;
       
   165   
       
   166   /**
       
   167    * Preference for time formatting
       
   168    * @var string
       
   169    */
       
   170   
       
   171   var $time_format = TIME_24_NS;
       
   172   
       
   173   /**
   161    * State variable to track if a session timed out
   174    * State variable to track if a session timed out
   162    * @var bool
   175    * @var bool
   163    */
   176    */
   164   
   177   
   165   var $sw_timed_out = false;
   178   var $sw_timed_out = false;
   411       $db->_die('The error seems to have occurred somewhere in the session management code.');
   424       $db->_die('The error seems to have occurred somewhere in the session management code.');
   412     }
   425     }
   413     return $result;
   426     return $result;
   414   }
   427   }
   415   
   428   
       
   429   /**
       
   430    * Returns true if we're currently on a page that shouldn't be blocked even if we have an inactive or banned account
       
   431    * @param bool strict - if true, whitelist of pages is even stricter (Login, Logout and CSS only). if false (default), admin access is allowed, assuming other factors allow it
       
   432    * @return bool
       
   433    */
       
   434   
       
   435   function on_critical_page($strict = false)
       
   436   {
       
   437     global $title;
       
   438     list($page_id, $namespace) = RenderMan::strToPageID($title);
       
   439     list($page_id) = explode('/', $page_id);
       
   440     
       
   441     if ( $strict )
       
   442     {
       
   443       return $namespace == 'Special' && in_array($page_id, array('CSS', 'Login', 'Logout'));
       
   444     }
       
   445     else
       
   446     {
       
   447       return $namespace == 'Admin' || ($namespace == 'Special' && in_array($page_id, array('CSS', 'Login', 'Logout', 'Administration')));
       
   448     }
       
   449   }
       
   450   
   416   # Session restoration and permissions
   451   # Session restoration and permissions
   417   
   452   
   418   /**
   453   /**
   419    * Initializes the basic state of things, including most user prefs, login data, cookie stuff
   454    * Initializes the basic state of things, including most user prefs, login data, cookie stuff
   420    */
   455    */
   437       {
   472       {
   438         $userdata = $this->validate_session($_COOKIE['sid']);
   473         $userdata = $this->validate_session($_COOKIE['sid']);
   439       }
   474       }
   440       if ( is_array($userdata) )
   475       if ( is_array($userdata) )
   441       {
   476       {
   442         $data = RenderMan::strToPageID($paths->get_pageid_from_url());
       
   443         
       
   444         if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
       
   445         {
       
   446           $this->show_inactive_error($userdata);
       
   447         }
       
   448         
       
   449         $this->sid = $_COOKIE['sid'];
   477         $this->sid = $_COOKIE['sid'];
   450         $this->user_logged_in = true;
   478         $this->user_logged_in = true;
   451         $this->user_id =       intval($userdata['user_id']);
   479         $this->user_id =       intval($userdata['user_id']);
   452         $this->username =      $userdata['username'];
   480         $this->username =      $userdata['username'];
   453         $this->user_level =    intval($userdata['user_level']);
   481         $this->user_level =    intval($userdata['user_level']);
   551     }
   579     }
   552     
   580     
   553     // make sure we aren't banned
   581     // make sure we aren't banned
   554     $this->check_banlist();
   582     $this->check_banlist();
   555     
   583     
       
   584     // make sure the account is active
       
   585     if ( !$this->compat && $this->user_logged_in && $userdata['account_active'] != 1 && !$this->on_critical_page() )
       
   586     {
       
   587       $this->show_inactive_error($userdata);
       
   588     }
       
   589     
   556     // Printable page view? Probably the wrong place to control
   590     // Printable page view? Probably the wrong place to control
   557     // it but $template is pretty dumb, it will just about always
   591     // it but $template is pretty dumb, it will just about always
   558     // do what you ask it to do, which isn't always what we want
   592     // do what you ask it to do, which isn't always what we want
   559     if ( isset ( $_GET['printable'] ) )
   593     if ( isset ( $_GET['printable'] ) )
   560     {
   594     {
   722     if ( $db->numrows() < 1 )
   756     if ( $db->numrows() < 1 )
   723     {
   757     {
   724       // This wasn't logged in <1.0.2, dunno how it slipped through
   758       // This wasn't logged in <1.0.2, dunno how it slipped through
   725       if ( $level > USER_LEVEL_MEMBER )
   759       if ( $level > USER_LEVEL_MEMBER )
   726         $this->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
   760         $this->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
   727                    . '  (\'security\', \'admin_auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', '
   761                    . '  (\'security\', \'admin_auth_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', '
   728                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   762                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   729       else
   763       else
   730         $this->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary) VALUES\n"
   764         $this->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary) VALUES\n"
   731                    . '  (\'security\', \'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', '
   765                    . '  (\'security\', \'auth_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', '
   732                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
   766                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
   733       
   767       
   734       // Do we also need to increment the lockout countdown?
   768       // Do we also need to increment the lockout countdown?
   735       if ( @$lockout_data['lockout_policy'] != 'disable' && !defined('IN_ENANO_INSTALL') )
   769       if ( @$lockout_data['lockout_policy'] != 'disable' && !defined('IN_ENANO_INSTALL') )
   736       {
   770       {
   820       if((int)$level > (int)$row['user_level'])
   854       if((int)$level > (int)$row['user_level'])
   821         return array(
   855         return array(
   822           'success' => false,
   856           'success' => false,
   823           'error' => 'too_big_for_britches'
   857           'error' => 'too_big_for_britches'
   824         );
   858         );
       
   859       
       
   860       // grant session
   825       $sess = $this->register_session($row['user_id'], $username, ( isset($password_hmac) ? $password_hmac : $password ), $level, $remember);
   861       $sess = $this->register_session($row['user_id'], $username, ( isset($password_hmac) ? $password_hmac : $password ), $level, $remember);
       
   862       
   826       if($sess)
   863       if($sess)
   827       {
   864       {
   828         if($level > USER_LEVEL_MEMBER)
   865         if($level > USER_LEVEL_MEMBER)
   829           $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   866           $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_good\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   830         else
   867         else
   831           $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
   868           $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_good\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
   832         
   869         
   833         $code = $plugins->setHook('login_success');
   870         $code = $plugins->setHook('login_success');
   834         foreach ( $code as $cmd )
   871         foreach ( $code as $cmd )
   835         {
   872         {
   836           eval($cmd);
   873           eval($cmd);
   847         );
   884         );
   848     }
   885     }
   849     else
   886     else
   850     {
   887     {
   851       if($level > USER_LEVEL_MEMBER)
   888       if($level > USER_LEVEL_MEMBER)
   852         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   889         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
   853       else
   890       else
   854         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
   891         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
   855         
   892         
   856       // Do we also need to increment the lockout countdown?
   893       // Do we also need to increment the lockout countdown?
   857       if ( !defined('IN_ENANO_INSTALL') && $lockout_data['lockout_policy'] != 'disable' )
   894       if ( !defined('IN_ENANO_INSTALL') && $lockout_data['lockout_policy'] != 'disable' )
   858       {
   895       {
   859         $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
   896         $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
   965     {
  1002     {
   966       // Stash it in a cookie
  1003       // Stash it in a cookie
   967       // For now, make the cookie last forever, we can change this in 1.1.x
  1004       // For now, make the cookie last forever, we can change this in 1.1.x
   968       setcookie( 'sid', $session_key, time()+15552000, scriptPath.'/', null, $GLOBALS['is_https']);
  1005       setcookie( 'sid', $session_key, time()+15552000, scriptPath.'/', null, $GLOBALS['is_https']);
   969       $_COOKIE['sid'] = $session_key;
  1006       $_COOKIE['sid'] = $session_key;
       
  1007       $this->sid = $session_key;
   970     }
  1008     }
   971     // $keyhash is stored in the database, this is for compatibility with the older DB structure
  1009     // $keyhash is stored in the database, this is for compatibility with the older DB structure
   972     $keyhash = md5($session_key);
  1010     $keyhash = md5($session_key);
   973     // Record the user's IP
  1011     // Record the user's IP
   974     $ip = $_SERVER['REMOTE_ADDR'];
  1012     $ip = $_SERVER['REMOTE_ADDR'];
  1190     
  1228     
  1191     $columns_groupby = "u.user_id, u.username, u.password, u.password_salt, u.email, u.real_name, u.user_level, u.theme, u.style, u.signature,\n"
  1229     $columns_groupby = "u.user_id, u.username, u.password, u.password_salt, u.email, u.real_name, u.user_level, u.theme, u.style, u.signature,\n"
  1192                       . "           u.reg_time, u.account_active, u.activation_key, u.user_lang, u.user_timezone, u.user_title, u.user_dst,\n"
  1230                       . "           u.reg_time, u.account_active, u.activation_key, u.user_lang, u.user_timezone, u.user_title, u.user_dst,\n"
  1193                       . "           k.salt, k.source_ip, k.time, k.auth_level, k.key_type, x.user_id, x.user_aim, x.user_yahoo, x.user_msn,\n"
  1231                       . "           k.salt, k.source_ip, k.time, k.auth_level, k.key_type, x.user_id, x.user_aim, x.user_yahoo, x.user_msn,\n"
  1194                       . "           x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public,\n"
  1232                       . "           x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public,\n"
  1195                       . "           x.disable_js_fx";
  1233                       . "           x.disable_js_fx, x.date_format, x.time_format";
  1196     
  1234     
  1197     $joins = "  LEFT JOIN " . table_prefix . "users AS u\n"
  1235     $joins = "  LEFT JOIN " . table_prefix . "users AS u\n"
  1198             . "    ON ( u.user_id=k.user_id )\n"
  1236             . "    ON ( u.user_id=k.user_id )\n"
  1199             . "  LEFT JOIN " . table_prefix . "users_extra AS x\n"
  1237             . "  LEFT JOIN " . table_prefix . "users_extra AS x\n"
  1200             . "    ON ( u.user_id=x.user_id OR x.user_id IS NULL )\n"
  1238             . "    ON ( u.user_id=x.user_id OR x.user_id IS NULL )\n"
  1219                             . "  GROUP BY $columns_groupby;");
  1257                             . "  GROUP BY $columns_groupby;");
  1220     }
  1258     }
  1221     
  1259     
  1222     if ( !$query && ( defined('IN_ENANO_INSTALL') or defined('IN_ENANO_UPGRADE') ) )
  1260     if ( !$query && ( defined('IN_ENANO_INSTALL') or defined('IN_ENANO_UPGRADE') ) )
  1223     {
  1261     {
  1224       $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,\'\' AS password_salt,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms, 1440 AS user_timezone, \'0;0;0;0;60\' AS user_dst, ' . SK_SHORT . ' AS key_type FROM '.table_prefix.'session_keys AS k
  1262       $key_md5 = $loose_call ? $key : md5($key);
       
  1263       $query = $this->sql('SELECT u.user_id AS uid,u.username,u.password,\'\' AS password_salt,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms, 1440 AS user_timezone, \'0;0;0;0;60\' AS user_dst, ' . SK_SHORT . ' AS key_type, k.salt FROM '.table_prefix.'session_keys AS k
  1225                              LEFT JOIN '.table_prefix.'users AS u
  1264                              LEFT JOIN '.table_prefix.'users AS u
  1226                                ON ( u.user_id=k.user_id )
  1265                                ON ( u.user_id=k.user_id )
  1227                              LEFT JOIN '.table_prefix.'privmsgs AS p
  1266                              LEFT JOIN '.table_prefix.'privmsgs AS p
  1228                                ON ( p.message_to=u.username AND p.message_read=0 )
  1267                                ON ( p.message_to=u.username AND p.message_read=0 )
  1229                              WHERE k.session_key=\''.$key.'\'
  1268                              WHERE k.session_key=\''.$key_md5.'\'
  1230                                AND k.salt=\''.$salt.'\'
  1269                              GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,k.salt;');
  1231                              GROUP BY u.user_id,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level;');
       
  1232     }
  1270     }
  1233     else if ( !$query )
  1271     else if ( !$query )
  1234     {
  1272     {
  1235       $db->_die();
  1273       $db->_die();
  1236     }
  1274     }
  1237     if($db->numrows() < 1)
  1275     if($db->numrows() < 1)
  1238     {
  1276     {
  1239       // echo '(debug) $session->validate_session: Key was not found in database<br />';
  1277       // echo '(debug) $session->validate_session: Key was not found in database: ' . $key_md5 . '<br />';
  1240       return false;
  1278       return false;
  1241     }
  1279     }
  1242     $row = $db->fetchrow();
  1280     $row = $db->fetchrow();
  1243     profiler_log("SessionManager: session check: selected and fetched results");
  1281     profiler_log("SessionManager: session check: selected and fetched results");
  1244     
  1282     
  1344         $user_extra[$column] = $row[$column];
  1382         $user_extra[$column] = $row[$column];
  1345       else
  1383       else
  1346         $user_extra[$column] = '';
  1384         $user_extra[$column] = '';
  1347     }
  1385     }
  1348     
  1386     
       
  1387     if ( isset($row['date_format']) )
       
  1388       $this->date_format = $row['date_format'];
       
  1389     if ( isset($row['time_format']) )
       
  1390       $this->time_format = $row['time_format'];
       
  1391     
  1349     $this->user_extra = $user_extra;
  1392     $this->user_extra = $user_extra;
  1350     // Leave the rest to PHP's automatic garbage collector ;-)
  1393     // Leave the rest to PHP's automatic garbage collector ;-)
  1351     
  1394     
  1352     $row['password'] = '';
  1395     $row['password'] = '';
  1353     $row['user_timezone'] = intval($row['user_timezone']) - 1440;
  1396     $row['user_timezone'] = intval($row['user_timezone']) - 1440;
  1473   
  1516   
  1474   function show_inactive_error($userdata)
  1517   function show_inactive_error($userdata)
  1475   {
  1518   {
  1476     global $db, $session, $paths, $template, $plugins; // Common objects
  1519     global $db, $session, $paths, $template, $plugins; // Common objects
  1477     global $lang;
  1520     global $lang;
       
  1521     
       
  1522     global $title;
       
  1523     $paths->init($title);
  1478     
  1524     
  1479     $language = intval(getConfig('default_language'));
  1525     $language = intval(getConfig('default_language'));
  1480     $lang = new Language($language);
  1526     $lang = new Language($language);
  1481     @setlocale(LC_ALL, $lang->lang_code);
  1527     @setlocale(LC_ALL, $lang->lang_code);
  1482     
  1528     
  1539                    <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
  1585                    <p><input type="submit" name="logout" value="' . $lang->get('user_login_noact_btn_log_out') . '" /></p>
  1540                  </form>';
  1586                  </form>';
  1541       }
  1587       }
  1542     }
  1588     }
  1543     
  1589     
  1544     die_semicritical($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form);
  1590     global $output;
       
  1591     $output = new Output_HTML();
       
  1592     $output->set_title($lang->get('user_login_noact_title'));
       
  1593     die_friendly($lang->get('user_login_noact_title'), '<p>' . $lang->get('user_login_noact_msg_intro') . ' '.$solution.'</p>' . $form);
  1545   }
  1594   }
  1546   
  1595   
  1547   /**
  1596   /**
  1548    * Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff
  1597    * Appends the high-privilege session key to the URL if we are authorized to do high-privilege stuff
  1549    * @param string $url The URL to add session data to
  1598    * @param string $url The URL to add session data to
  1755   function check_banlist()
  1804   function check_banlist()
  1756   {
  1805   {
  1757     global $db, $session, $paths, $template, $plugins; // Common objects
  1806     global $db, $session, $paths, $template, $plugins; // Common objects
  1758     global $lang;
  1807     global $lang;
  1759     
  1808     
  1760     $col_reason = ( $this->compat ) ? '"No reason entered (session manager is in compatibility mode)" AS reason' : 'reason';
  1809     $col_reason = ( $this->compat ) ? '\'No reason available (session manager is in compatibility mode)\' AS reason' : 'reason';
       
  1810     $remote_addr = ( strstr($_SERVER['REMOTE_ADDR'], ':') ) ? expand_ipv6_address($_SERVER['REMOTE_ADDR']) : $_SERVER['REMOTE_ADDR'];
       
  1811     
  1761     $banned = false;
  1812     $banned = false;
  1762     if ( $this->user_logged_in )
  1813     if ( $this->user_logged_in )
  1763     {
  1814     {
  1764       // check by IP, email, and username
  1815       // check by IP, email, and username
  1765       if ( ENANO_DBLAYER == 'MYSQL' )
  1816       if ( ENANO_DBLAYER == 'MYSQL' )
  1795             $regexp = parse_ip_range_regex($ban_value);
  1846             $regexp = parse_ip_range_regex($ban_value);
  1796             if ( !$regexp )
  1847             if ( !$regexp )
  1797             {
  1848             {
  1798               continue;
  1849               continue;
  1799             }
  1850             }
  1800             if ( preg_match("/$regexp/", $_SERVER['REMOTE_ADDR']) )
  1851             if ( preg_match("/$regexp/", $remote_addr) )
  1801             {
  1852             {
  1802               $reason = $reason_temp;
  1853               $reason = $reason_temp;
  1803               $banned = true;
  1854               $banned = true;
  1804             }
  1855             }
  1805           }
  1856           }
  1838           if ( $ban_type == BAN_IP && $is_regex != 1 )
  1889           if ( $ban_type == BAN_IP && $is_regex != 1 )
  1839           {
  1890           {
  1840             // check range
  1891             // check range
  1841             $regexp = parse_ip_range_regex($ban_value);
  1892             $regexp = parse_ip_range_regex($ban_value);
  1842             if ( !$regexp )
  1893             if ( !$regexp )
       
  1894             {
       
  1895               die("bad regexp for $ban_value");
  1843               continue;
  1896               continue;
  1844             if ( preg_match("/$regexp/", $_SERVER['REMOTE_ADDR']) )
  1897             }
       
  1898             if ( preg_match("/$regexp/", $remote_addr) )
  1845             {
  1899             {
  1846               $reason = $reason_temp;
  1900               $reason = $reason_temp;
  1847               $banned = true;
  1901               $banned = true;
  1848             }
  1902             }
  1849           }
  1903           }
  1855           }
  1909           }
  1856         }
  1910         }
  1857       }
  1911       }
  1858       $db->free_result();
  1912       $db->free_result();
  1859     }
  1913     }
  1860     if ( $banned && $paths->get_pageid_from_url() != $paths->nslist['Special'].'CSS' )
  1914     if ( $banned && !$this->on_critical_page(true) )
  1861     {
  1915     {
  1862       // This guy is banned - kill the session, kill the database connection, bail out, and be pretty about it
  1916       // This guy is banned - kill the session, kill the database connection, bail out, and be pretty about it
  1863       die_semicritical($lang->get('user_ban_msg_title'), '<p>' . $lang->get('user_ban_msg_body') . '</p><div class="error-box"><b>' . $lang->get('user_ban_lbl_reason') . '</b><br />' . $reason . '</div>');
  1917       die_semicritical($lang->get('user_ban_msg_title'), '<p>' . $lang->get('user_ban_msg_body') . '</p><div class="error-box"><b>' . $lang->get('user_ban_lbl_reason') . '</b><br />' . $reason . '</div>');
  1864       exit;
  1918       exit;
  1865     }
  1919     }
  2227    */
  2281    */
  2228   
  2282   
  2229   function admin_activation_request($u)
  2283   function admin_activation_request($u)
  2230   {
  2284   {
  2231     global $db;
  2285     global $db;
  2232     $this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$this->username.'\', \''.$db->escape($u).'\');');
  2286     $this->sql('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, author, edit_summary) VALUES(\'admin\', \'activ_req\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$this->username.'\', \''.$db->escape($u).'\');');
  2233   }
  2287   }
  2234   
  2288   
  2235   /**
  2289   /**
  2236    * Activates a user account. If the action fails, a report is sent to the admin.
  2290    * Activates a user account. If the action fails, a report is sent to the admin.
  2237    * @param string $user The username of the user requesting activation
  2291    * @param string $user The username of the user requesting activation
  2243     global $db, $session, $paths, $template, $plugins; // Common objects
  2297     global $db, $session, $paths, $template, $plugins; // Common objects
  2244     $this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';');
  2298     $this->sql('UPDATE '.table_prefix.'users SET account_active=1 WHERE username=\''.$db->escape($user).'\' AND activation_key=\''.$db->escape($key).'\';');
  2245     $r = mysql_affected_rows();
  2299     $r = mysql_affected_rows();
  2246     if ( $r > 0 )
  2300     if ( $r > 0 )
  2247     {
  2301     {
  2248       $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
  2302       $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_good\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
  2249     }
  2303     }
  2250     else
  2304     else
  2251     {
  2305     {
  2252       $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
  2306       $e = $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'activ_bad\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($user).'\', \''.$_SERVER['REMOTE_ADDR'].'\')');
  2253     }
  2307     }
  2254     return $r;
  2308     return $r;
  2255   }
  2309   }
  2256   
  2310   
  2257   /**
  2311   /**