phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

Guest Sessions - anyone used this?


 
Search this topic... | Search phpBB2 Discussion... | Search Box
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Author Message
JLA
Board Member



Joined: 30 Apr 2009

Posts: 310
Location: U.S.A


flag
PostPosted: Sat Jul 20, 2013 5:47 am 
Post subject: Guest Sessions - anyone used this?

Found this and it says compatible with 2.0.23. See a couple changes that would make it compatible with 2.0.24. Any other concerns here that anyone sees?

Code:
#################################################################
## MOD Title: Guest Sessions MOD
## MOD Version: 0.04
## MOD Author: ST Software
## MOD Description:
##      This mod removes session id for guests from url and this way
##      guests who don't have cookies like different robots will use
##      correct urls. It can be used to allow googlebot and other
##      search engines to spider your forum correctly.
##
## Installation Level:   Easy
## Installation Time:   1-2 Minutes
## Files To Edit (1): includes/sessions.php
##############################################################
## For Security Purposes, Please Check: http://www.phpbb.com/mods/ for the
## latest version of this MOD. Downloading this MOD from other sites could cause malicious code
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered
## in our MOD-Database, located at: http://www.phpbb.com/mods/
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################

#
#-----[ OPEN ]---------------------------------------------
#
includes/sessions.php

#
#-----[ FIND ]---------------------------------------------
# around line 157
   $sql = "UPDATE " . SESSIONS_TABLE . "
      SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin
      WHERE session_id = '" . $session_id . "'
         AND session_ip = '$user_ip'";

#
#-----[ REPLACE WITH ]---------------------------------------
#
   $sql_ip = $user_id == ANONYMOUS ? " AND session_ip = '$user_ip'" : '';
   $sql = "UPDATE " . SESSIONS_TABLE . "
      SET session_ip = '$user_ip', session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin
      WHERE session_id = '" . $session_id . "' $sql_ip
         AND session_user_id = '$user_id'";

#
#-----[ FIND ]---------------------------------------------
# around line 210
   $SID = 'sid=' . $session_id;

#
#-----[ REPLACE WITH ]---------------------------------------
#
   $SID = $user_id > 0 ? 'sid=' . $session_id : '';

#
#-----[ FIND ]---------------------------------------------
# around line 288
            $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';

#
#-----[ REPLACE WITH ]---------------------------------------
#
            $SID = $userdata['user_id'] > 0 ? (($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '') : '';

#
#-----[ FIND ]---------------------------------------------
# around line 340
   //
   // If we reach here then no (valid) session exists. So we'll create a new one,
#
#-----[ BEFORE, ADD ]---------------------------------------
#
   elseif(empty($sessiondata))
   {
      // try to login guest
      $sql = "SELECT u.*, s.*
         FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
         WHERE s.session_ip = '$user_ip'
            AND s.session_user_id = " . ANONYMOUS . "
            AND u.user_id = s.session_user_id
               LIMIT 0, 1";
      if ( !($result = $db->sql_query($sql)) )
      {
         message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
      }

      $userdata = $db->sql_fetchrow($result);

      if ( isset($userdata['user_id']) )
      {
         if ( $current_time - $userdata['session_time'] > 60 )
         {
            $sql = "UPDATE " . SESSIONS_TABLE . "
               SET session_time = $current_time, session_start = $current_time, session_page = 0
               WHERE session_id = '" . $userdata['session_id'] . "'";
            if ( !$db->sql_query($sql) )
            {
               message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
            }
         }
         return $userdata;
      }
   }

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

_________________
http://www.jlaforums.com
Back to top
lumpy burgertushie
Board Member



Joined: 19 Nov 2008

Posts: 224


flag
PostPosted: Sat Jul 20, 2013 4:32 pm 
Post subject: Re: Guest Sessions - anyone used this?

is this related to the incorrect perception that google et.al. have problems with the SID?

if so then it is not really needed. google has no problem with the SID in a URL. It is smart enough to know what it is and compensate for it.


robert
Back to top
JLA
Board Member



Joined: 30 Apr 2009

Posts: 310
Location: U.S.A


flag
PostPosted: Sat Jul 20, 2013 8:35 pm 
Post subject: Re: Guest Sessions - anyone used this?

Yes, it is. We have been running for some time with not showing the SID to Google (I think back to '05 before they were smart enough) so really no reason to change it now.

But this is related to those who are not using cookies too I think. When you start seeing a sessions table with upwards of a half million rows in a short period of time, obviously something is a bit off.

So my take is those users (or spiders) who are not using cookies can quickly fill a sessions table and eventually at some point it will start to have an effect of the serving db server.

From the script/mod I see that it is only allowing one session per ip that fits into this scenerio. For compatibility with 2.0.24, just need to add the private session ID info at the appropriate place as that was not on 2.0.23.

Anything else missing here?

_________________
http://www.jlaforums.com
Back to top
Display posts from previous:   
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0280 seconds using 15 queries. (SQL 0.0020 Parse 0.0008 Other 0.0252)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo