FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » INSERTions into ses table for unknown users (Fantom sessions?)
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: INSERTions into ses table for unknown users [message #168076 is a reply to message #168075] Tue, 15 January 2013 17:19 Go to previous message
NeXuS is currently offline  NeXuS
Messages: 121
Registered: July 2010
Location: South Korea
Karma:
Senior Member
Contributing Core Developer
The problem you reported actually stems from an early return in a different function, i.e. ses_get() in the same cookies.inc.t template file.

I have patched the function and committed the change to the code repository. Given that it may represent a significant performance issue and possibly lead to a DoS attack, I suppose it will be released in a later minor update.

For the time being I am leaving the unified diff with respect to FUDf 3.0.4.1 here below.

--- cookies.inc.t-rev5581.svn000.tmp.t	수 4 18 22:31:18 2012
+++ cookies.inc.t	수 1 16 02:06:23 2013
@@ -2,7 +2,7 @@
 /**
 * copyright            : (C) 2001-2012 Advanced Internet Designs Inc.
 * email                : forum(at)prohost(dot)org
-* $Id: cookies.inc.t 5450 2012-04-18 13:31:18Z naudefj $
+* $Id: cookies.inc.t 5582 2013-01-15 17:06:15Z theonlynexus $
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
@@ -34,13 +34,16 @@
 	if (!$id) {
 		/* Cookie or URL session? If not, check for known bots. */
 		if (!empty($_COOKIE[$GLOBALS['COOKIE_NAME']])) {
+			/* Have cookie */
 			$q_opt = 's.ses_id='. _esc($_COOKIE[$GLOBALS['COOKIE_NAME']]);
 		} else if ((isset($_GET['S']) || isset($_POST['S'])) && $GLOBALS['FUD_OPT_1'] & 128) {
+			/* Have session string */
 			$url_session = 1;
 			$q_opt = 's.ses_id='. _esc((isset($_GET['S']) ? (string) $_GET['S'] : (string) $_POST['S']));
 			/* Do not validate against expired URL sessions. */
 			$q_opt .= ' AND s.time_sec > '. (__request_timestamp__ - $GLOBALS['SESSION_TIMEOUT']);
 		} else {
+			/* Unknown user, maybe bot? */
 			// Auto login authorized bots.
 			// To test: wget --user-agent="Googlebot 1.2" http://127.0.0.1:8080/forum
 			$spider_session = 0;
@@ -76,7 +79,14 @@
 				}
 				$GLOBALS['FUD_OPT_1'] ^= 128;	// Disable URL sessions for user.
 			} else {
-				return;
+				/* NeXuS: What is this? Return if user unknown? Function should
+				   return only after the query is run. */
+				//return;
+				
+				// Check sys_id, ip_addr and useragent for a possible match
+				$q_opt = 's.sys_id= '._esc(ses_make_sysid()).
+				         ' AND s.ip_addr='._esc(get_ip()).
+						 ' AND s.useragent='._esc(substr($_SERVER['HTTP_USER_AGENT'], 0, 32));
 			}
 		}
 

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: CKEditor conflicts with default formatting tools
Next Topic: Censorship bug
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 23:06:11 GMT 2024

Total time taken to generate the page: 0.02912 seconds