i wrote this code to do exactly what i stated above. I'm just not sure this is the best way for doing this. Could some one have a look at this?
PHP Code:
// copied from vb3.5 gold
function fetch_alt_ip()
{
if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$alt_ip = $_SERVER['HTTP_CLIENT_IP'];
}
else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
{
// make sure we dont pick up an internal IP defined by RFC1918
foreach ($matches[0] AS $ip)
{
if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip))
{
$alt_ip = $ip;
break;
}
}
}
else if (isset($_SERVER['HTTP_FROM']))
{
$alt_ip = $_SERVER['HTTP_FROM'];
}
else
{
$alt_ip = $_SERVER['REMOTE_ADDR'];
}
return $alt_ip;
}
// define vars
define('COOKIE_SALT', 'blablablabla');
$alt_ip = fetch_alt_ip();
define('ALT_IP', $alt_ip);
define('IPADDRESS', $_SERVER['REMOTE_ADDR']);
if($_COOKIE['bbsessionhash']){
//check if cookie exists
$sessionhash = $_COOKIE['bbsessionhash'];
}elseif($_REQUEST['s']){
// check session in request
$sessionhash = $_REQUEST['s'];
}else{
// no cookie and no session, use vb engine en redirect
chdir('/xx/xx/xxx/forums');
require('./global.php');
header("Location: " .str_replace('.php', '.php' .$vbulletin->session->vars['sessionurl_q']. '&', $_SERVER['PHP_SELF']));
}
define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . ALT_IP ));
define('SESSION_HOST', substr(IPADDRESS, 0, 15));
define('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
$cookietime = intval(time() - 900);
$sessie = $DB_site->query_first("SELECT * FROM session WHERE sessionhash = '$sessionhash' AND lastactivity > '$cookietime' AND host = '" .SESSION_HOST. "' AND idhash = '" .SESSION_IDHASH. "' AND useragent='" .USER_AGENT. "'");
if(($_COOKIE['bbuserid']) AND ($_COOKIE['bbpassword'])){
$getuser = $DB_site->query("SELECT * FROM user WHERE userid = '$_COOKIE[bbuserid]'");
$user = $DB_site->fetch_array($getuser);
if($_COOKIE['bbpassword'] == md5($user['password'] . COOKIE_SALT)){
$user['logouthash'] = md5($user['userid'] . $user['salt'] . COOKIE_SALT);
$bbuserinfo = $user;
}
}elseif($sessie['userid']){
$getuser = $DB_site->query("SELECT * FROM user WHERE userid = '$sessie[userid]'");
$user = $DB_site->fetch_array($getuser);
$user['logouthash'] = md5($user['userid'] . $user['salt'] . COOKIE_SALT);
$bbuserinfo = $user;
}
$DB_site->query("UPDATE session SET lastactivity = '" .time(). "' WHERE sessionhash = '$sessionhash'");
if($bbuserinfo['userid']>0){
$DB_site->query("UPDATE user SET lastactivity = '" .time(). "' WHERE userid = '$bbuserinfo[userid]'");
}