Google Cache ohne Sessions @phpbb2 2.0.15

[ka/na]

Hi,

ich verwende momentan diesen Code der aber nicht mehr funktioniert.

sessions.php

Code: Alles auswählen

   global $SID, $HTTP_SERVER_VARS; 

   if ( !empty($SID) && !preg_match('#sid=#', $url) && !strstr($HTTP_SERVER_VARS['HTTP_USER_AGENT'] ,'Googlebot') && !strstr($HTTP_SERVER_VARS['HTTP_USER_AGENT'] ,'slurp@inktomi.com;'))

Gib es schon was neues?

[Moddy]

Nimm das Snippet:

https://www.phpbb.de/viewtopic.php?t=44090

Beim Punkt:
4. Ausblenden der Session ID für unregistrierte Benutzer

[ka/na]

Danke, mal hoffen das es klappt

Wie kann man das schnell testen? Glaube nicht das es funktioniert.

[larsneo]

Glaube nicht das es funktioniert.

es funktioniert
beim phpbb2 kann man im normalbetrieb gänzlich auf die session-id verzichten und muss nicht noch eine performancebremsende USER_AGENT abfrage einbauen.
zumal die SID in der url vom sicherheitsstandpunkt eh' ein recht dünnes brett ist (stichwort session hijacking), sollte man das übrigens imho unabhängig von einer eventuellen SEO machen.

[ka/na]

Ne klappt nicht, nach dem Cache Refresh wieder Sessions drin,
hier meine sessions.php :

Code: Alles auswählen

<?php
/***************************************************************************
 *                                sessions.php
 *                            -------------------
 *   begin                &#58; Saturday, Feb 13, 2001
 *   copyright            &#58; &#40;C&#41; 2001 The phpBB Group
 *   email                &#58; support@phpbb.com
 *
 *   $Id&#58; sessions.php,v 1.58.2.12 2005/02/27 20&#58;33&#58;01 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   &#40;at your option&#41; any later version.
 *
 ***************************************************************************/

//
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
//
function session_begin&#40;$user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0&#41;
&#123;
	global $db, $board_config;
	global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

	$cookiename = $board_config&#91;'cookie_name'&#93;;
	$cookiepath = $board_config&#91;'cookie_path'&#93;;
	$cookiedomain = $board_config&#91;'cookie_domain'&#93;;
	$cookiesecure = $board_config&#91;'cookie_secure'&#93;;

	if &#40; isset&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93;&#41; || isset&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_data'&#93;&#41; &#41;
	&#123;
		$session_id = isset&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93;&#41; ? $HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93; &#58; '';
		$sessiondata = isset&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_data'&#93;&#41; ? unserialize&#40;stripslashes&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_data'&#93;&#41;&#41; &#58; array&#40;&#41;;
		$sessionmethod = SESSION_METHOD_COOKIE;
	&#125;
	else
	&#123;
		$sessiondata = array&#40;&#41;;
		$session_id = &#40; isset&#40;$HTTP_GET_VARS&#91;'sid'&#93;&#41; &#41; ? $HTTP_GET_VARS&#91;'sid'&#93; &#58; '';
		$sessionmethod = SESSION_METHOD_GET;
	&#125;

	//
	if &#40;!preg_match&#40;'/^&#91;A-Za-z0-9&#93;*$/', $session_id&#41;&#41; 
	&#123;
		$session_id = '';
	&#125;
    $page_id = &#40;int&#41; $page_id;

	$last_visit = 0;
	$current_time = time&#40;&#41;;
	$expiry_time = $current_time - $board_config&#91;'session_length'&#93;;

	//
	// Try and pull the last time stored in a cookie, if it exists
	//
	$sql = "SELECT * 
		FROM " . USERS_TABLE . " 
		WHERE user_id = $user_id";
	if &#40; !&#40;$result = $db->sql_query&#40;$sql&#41;&#41; &#41;
	&#123;
		message_die&#40;CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql&#41;;
	&#125;

	$userdata = $db->sql_fetchrow&#40;$result&#41;;

	if &#40; $user_id != ANONYMOUS &#41;
	&#123;
		$auto_login_key = $userdata&#91;'user_password'&#93;;

		if &#40; $auto_create &#41;
		&#123;
			if &#40; isset&#40;$sessiondata&#91;'autologinid'&#93;&#41; && $userdata&#91;'user_active'&#93; &#41;
			&#123;
				// We have to login automagically
				if&#40; $sessiondata&#91;'autologinid'&#93; === $auto_login_key &#41;
				&#123;
					// autologinid matches password
					$login = 1;
					$enable_autologin = 1;
				&#125;
				else
				&#123;
					// No match; don't login, set as anonymous user
					$login = 0; 
					$enable_autologin = 0; 
					$user_id = $userdata&#91;'user_id'&#93; = ANONYMOUS;
					$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
					$result = $db->sql_query&#40;$sql&#41;;
					$userdata = $db->sql_fetchrow&#40;$result&#41;;
					$db->sql_freeresult&#40;$result&#41;;
				&#125;
			&#125;
			else
			&#123;
				// Autologin is not set. Don't login, set as anonymous user
				$login = 0;
				$enable_autologin = 0;
				$user_id = $userdata&#91;'user_id'&#93; = ANONYMOUS;
				$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
				$result = $db->sql_query&#40;$sql&#41;;
				$userdata = $db->sql_fetchrow&#40;$result&#41;;
				$db->sql_freeresult&#40;$result&#41;;
			&#125;
		&#125;
		else
		&#123;
			$login = 1;
		&#125;
	&#125;
	else
	&#123;
		$login = 0;
		$enable_autologin = 0;
	&#125;

	//
	// Initial ban check against user id, IP and email address
	//
	preg_match&#40;'/&#40;..&#41;&#40;..&#41;&#40;..&#41;&#40;..&#41;/', $user_ip, $user_ip_parts&#41;;

	$sql = "SELECT ban_ip, ban_userid, ban_email 
		FROM " . BANLIST_TABLE . " 
		WHERE ban_ip IN &#40;'" . $user_ip_parts&#91;1&#93; . $user_ip_parts&#91;2&#93; . $user_ip_parts&#91;3&#93; . $user_ip_parts&#91;4&#93; . "', '" . $user_ip_parts&#91;1&#93; . $user_ip_parts&#91;2&#93; . $user_ip_parts&#91;3&#93; . "ff', '" . $user_ip_parts&#91;1&#93; . $user_ip_parts&#91;2&#93; . "ffff', '" . $user_ip_parts&#91;1&#93; . "ffffff'&#41;
			OR ban_userid = $user_id";
	if &#40; $user_id != ANONYMOUS &#41;
	&#123;
		$sql .= " OR ban_email LIKE '" . str_replace&#40;"\'", "''", $userdata&#91;'user_email'&#93;&#41; . "' 
			OR ban_email LIKE '" . substr&#40;str_replace&#40;"\'", "''", $userdata&#91;'user_email'&#93;&#41;, strpos&#40;str_replace&#40;"\'", "''", $userdata&#91;'user_email'&#93;&#41;, "@"&#41;&#41; . "'";
	&#125;
	if &#40; !&#40;$result = $db->sql_query&#40;$sql&#41;&#41; &#41;
	&#123;
		message_die&#40;CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql&#41;;
	&#125;

	if &#40; $ban_info = $db->sql_fetchrow&#40;$result&#41; &#41;
	&#123;
		if &#40; $ban_info&#91;'ban_ip'&#93; || $ban_info&#91;'ban_userid'&#93; || $ban_info&#91;'ban_email'&#93; &#41;
		&#123;
			message_die&#40;CRITICAL_MESSAGE, 'You_been_banned'&#41;;
		&#125;
	&#125;

	//
	// Create or update the session
	//
	$sql = "UPDATE " . SESSIONS_TABLE . "
		SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin
		WHERE session_id = '" . $session_id . "' 
			AND session_ip = '$user_ip'";
	if &#40; !$db->sql_query&#40;$sql&#41; || !$db->sql_affectedrows&#40;&#41; &#41;
	&#123;
		list&#40;$sec, $usec&#41; = explode&#40;' ', microtime&#40;&#41;&#41;;
		mt_srand&#40;&#40;float&#41; $sec + &#40;&#40;float&#41; $usec * 100000&#41;&#41;;
		$session_id = md5&#40;uniqid&#40;mt_rand&#40;&#41;, true&#41;&#41;;

		$sql = "INSERT INTO " . SESSIONS_TABLE . "
			&#40;session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin&#41;
			VALUES &#40;'$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin&#41;";
		if &#40; !$db->sql_query&#40;$sql&#41; &#41;
		&#123;
			message_die&#40;CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql&#41;;
		&#125;
	&#125;

	if &#40; $user_id != ANONYMOUS &#41;
	&#123;// &#40; $userdata&#91;'user_session_time'&#93; > $expiry_time && $auto_create &#41; ? $userdata&#91;'user_lastvisit'&#93; &#58; &#40; 
		$last_visit = &#40; $userdata&#91;'user_session_time'&#93; > 0 &#41; ? $userdata&#91;'user_session_time'&#93; &#58; $current_time;
		if &#40;!$admin&#41;
		&#123;

		$sql = "UPDATE " . USERS_TABLE . " 
			SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
			WHERE user_id = $user_id";
		if &#40; !$db->sql_query&#40;$sql&#41; &#41;
		&#123;
			message_die&#40;CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql&#41;;
		&#125;

		&#125;

		$userdata&#91;'user_lastvisit'&#93; = $last_visit;

		$sessiondata&#91;'autologinid'&#93; = &#40;!$admin&#41; ? &#40;&#40; $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE &#41; ? $auto_login_key &#58; ''&#41; &#58; $sessiondata&#91;'autologinid'&#93;;
		$sessiondata&#91;'userid'&#93; = $user_id;
	&#125;

	$userdata&#91;'session_id'&#93; = $session_id;
	$userdata&#91;'session_ip'&#93; = $user_ip;
	$userdata&#91;'session_user_id'&#93; = $user_id;
	$userdata&#91;'session_logged_in'&#93; = $login;
	$userdata&#91;'session_page'&#93; = $page_id;
	$userdata&#91;'session_start'&#93; = $current_time;
	$userdata&#91;'session_time'&#93; = $current_time;
	$userdata&#91;'session_admin'&#93; = $admin;

	setcookie&#40;$cookiename . '_data', serialize&#40;$sessiondata&#41;, $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure&#41;;
	setcookie&#40;$cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure&#41;;

	if &#40; $userdata&#91;'session_user_id'&#93; != ANONYMOUS || $userdata&#91;'session_page'&#93; == -4 &#41;&#123; 
   $SID = 'sid=' . $session_id; 
&#125; else &#123; 
   $SID = ''; 
&#125;

	return $userdata;
&#125;

//
// Checks for a given user session, tidies session table and updates user
// sessions at each page refresh
//
function session_pagestart&#40;$user_ip, $thispage_id&#41;
&#123;
	global $db, $lang, $board_config;
	global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

	$cookiename = $board_config&#91;'cookie_name'&#93;;
	$cookiepath = $board_config&#91;'cookie_path'&#93;;
	$cookiedomain = $board_config&#91;'cookie_domain'&#93;;
	$cookiesecure = $board_config&#91;'cookie_secure'&#93;;

	$current_time = time&#40;&#41;;
	unset&#40;$userdata&#41;;

	if &#40; isset&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93;&#41; || isset&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_data'&#93;&#41; &#41;
	&#123;
		$sessiondata = isset&#40; $HTTP_COOKIE_VARS&#91;$cookiename . '_data'&#93; &#41; ? unserialize&#40;stripslashes&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_data'&#93;&#41;&#41; &#58; array&#40;&#41;;
		$session_id = isset&#40; $HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93; &#41; ? $HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93; &#58; '';
		$sessionmethod = SESSION_METHOD_COOKIE;
	&#125;
	else
	&#123;
		$sessiondata = array&#40;&#41;;
		$session_id = &#40; isset&#40;$HTTP_GET_VARS&#91;'sid'&#93;&#41; &#41; ? $HTTP_GET_VARS&#91;'sid'&#93; &#58; '';
		$sessionmethod = SESSION_METHOD_GET;
	&#125;

	// 
	if &#40;!preg_match&#40;'/^&#91;A-Za-z0-9&#93;*$/', $session_id&#41;&#41;
	&#123;
		$session_id = '';
	&#125;
	$thispage_id = &#40;int&#41; $thispage_id;
	//
	// Does a session exist?
	//
	if &#40; !empty&#40;$session_id&#41; &#41;
	&#123;
		//
		// session_id exists so go ahead and attempt to grab all
		// data in preparation
		//
		$sql = "SELECT u.*, s.*
			FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
			WHERE s.session_id = '$session_id'
				AND u.user_id = s.session_user_id";
		if &#40; !&#40;$result = $db->sql_query&#40;$sql&#41;&#41; &#41;
		&#123;
			message_die&#40;CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql&#41;;
		&#125;

		$userdata = $db->sql_fetchrow&#40;$result&#41;;

		//
		// Did the session exist in the DB?
		//
		if &#40; isset&#40;$userdata&#91;'user_id'&#93;&#41; &#41;
		&#123;
			//
			// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
			// bits ... I've been told &#40;by vHiker&#41; this should alleviate problems with 
			// load balanced et al proxies while retaining some reliance on IP security.
			//
			$ip_check_s = substr&#40;$userdata&#91;'session_ip'&#93;, 0, 6&#41;;
			$ip_check_u = substr&#40;$user_ip, 0, 6&#41;;

			if &#40;$ip_check_s == $ip_check_u&#41;
			&#123;
				$SID = &#40;$sessionmethod == SESSION_METHOD_GET || defined&#40;'IN_ADMIN'&#41;&#41; ? 'sid=' . $session_id &#58; '';

				//
				// Only update session DB a minute or so after last update
				//
				if &#40; $current_time - $userdata&#91;'session_time'&#93; > 60 &#41;
				&#123;
					// A little trick to reset session_admin on session re-usage
					$update_admin = &#40;!defined&#40;'IN_ADMIN'&#41; && $current_time - $userdata&#91;'session_time'&#93; > &#40;$board_config&#91;'session_length'&#93;+60&#41;&#41; ? ', session_admin = 0' &#58; '';

					$sql = "UPDATE " . SESSIONS_TABLE . " 
						SET session_time = $current_time, session_page = $thispage_id$update_admin
						WHERE session_id = '" . $userdata&#91;'session_id'&#93; . "'";
					if &#40; !$db->sql_query&#40;$sql&#41; &#41;
					&#123;
						message_die&#40;CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql&#41;;
					&#125;

					if &#40; $userdata&#91;'user_id'&#93; != ANONYMOUS &#41;
					&#123;
						$sql = "UPDATE " . USERS_TABLE . " 
							SET user_session_time = $current_time, user_session_page = $thispage_id 
							WHERE user_id = " . $userdata&#91;'user_id'&#93;;
						if &#40; !$db->sql_query&#40;$sql&#41; &#41;
						&#123;
							message_die&#40;CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql&#41;;
						&#125;
					&#125;

					//
					// Delete expired sessions
					//
					$expiry_time = $current_time - $board_config&#91;'session_length'&#93;;
					$sql = "DELETE FROM " . SESSIONS_TABLE . " 
						WHERE session_time < $expiry_time 
							AND session_id <> '$session_id'";
					if &#40; !$db->sql_query&#40;$sql&#41; &#41;
					&#123;
						message_die&#40;CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql&#41;;
					&#125;

					setcookie&#40;$cookiename . '_data', serialize&#40;$sessiondata&#41;, $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure&#41;;
					setcookie&#40;$cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure&#41;;
				&#125;

				return $userdata;
			&#125;
		&#125;
	&#125;

	//
	// If we reach here then no &#40;valid&#41; session exists. So we'll create a new one,
	// using the cookie user_id if available to pull basic user prefs.
	//
	$user_id = &#40; isset&#40;$sessiondata&#91;'userid'&#93;&#41; &#41; ? intval&#40;$sessiondata&#91;'userid'&#93;&#41; &#58; ANONYMOUS;

	if &#40; !&#40;$userdata = session_begin&#40;$user_id, $user_ip, $thispage_id, TRUE&#41;&#41; &#41;
	&#123;
		message_die&#40;CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql&#41;;
	&#125;

	return $userdata;

&#125;

//
// session_end closes out a session
// deleting the corresponding entry
// in the sessions table
//
function session_end&#40;$session_id, $user_id&#41;
&#123;
	global $db, $lang, $board_config;
	global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

	$cookiename = $board_config&#91;'cookie_name'&#93;;
	$cookiepath = $board_config&#91;'cookie_path'&#93;;
	$cookiedomain = $board_config&#91;'cookie_domain'&#93;;
	$cookiesecure = $board_config&#91;'cookie_secure'&#93;;

	$current_time = time&#40;&#41;;

	//
	// Pull cookiedata or grab the URI propagated sid
	//
	if &#40; isset&#40;$HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93;&#41; &#41;
	&#123;
		$session_id = isset&#40; $HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93; &#41; ? $HTTP_COOKIE_VARS&#91;$cookiename . '_sid'&#93; &#58; '';
		$sessionmethod = SESSION_METHOD_COOKIE;
	&#125;
	else
	&#123;
		$session_id = &#40; isset&#40;$HTTP_GET_VARS&#91;'sid'&#93;&#41; &#41; ? $HTTP_GET_VARS&#91;'sid'&#93; &#58; '';
		$sessionmethod = SESSION_METHOD_GET;
	&#125;

	if &#40;!preg_match&#40;'/^&#91;A-Za-z0-9&#93;*$/', $session_id&#41;&#41;
	&#123;
		return;
	&#125;
	
	//
	// Delete existing session
	//
	$sql = "DELETE FROM " . SESSIONS_TABLE . " 
		WHERE session_id = '$session_id' 
			AND session_user_id = $user_id";
	if &#40; !$db->sql_query&#40;$sql&#41; &#41;
	&#123;
		message_die&#40;CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql&#41;;
	&#125;

	setcookie&#40;$cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure&#41;;
	setcookie&#40;$cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure&#41;;

	return true;
&#125;

//
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper
// around every single URL and form action. If you replace the session
// code you must include this routine, even if it's empty.
//
function append_sid&#40;$url, $non_html_amp = false&#41;
&#123;
	global $SID;

	if &#40; !empty&#40;$SID&#41; && !preg_match&#40;'#sid=#', $url&#41; &#41;
	&#123;
		$url .= &#40; &#40; strpos&#40;$url, '?'&#41; != false &#41; ?  &#40; &#40; $non_html_amp &#41; ? '&' &#58; '&' &#41; &#58; '?' &#41; . $SID;
	&#125;

	return $url;
&#125;

?>

[ka/na]

Keiner hier der mir helfen kann?