Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once('config.php');
- $user = new User();
- $result = $user->login('email@gmail.com', 'mysecretpassword');
- echo $result;
- echo '</br>';
- $result = $user->isLoggedIn();
- echo $result;
- ?>
- public function login($email, $password) {
- // Hash Password
- $password = $this->hashPassword($password);
- // Check if email and password match
- $query = "SELECT id, confirm_email FROM users WHERE email = ? AND password = ?";
- $a_bind_params = array($email, $password);
- $a_param_types = array('s','s');
- $results = $this->db->select($query, $a_bind_params, $a_param_types);
- // If we didnt get a result then email/password must be wrong
- if(count($results) == 0) return 1;
- // Now check that they verrified their email
- if($results[0]['confirm_email'] == 'N') return 2;
- // User is real and everything is good
- // Update login Date
- $a_bind_params = array(date('Y-m-d H:i:s'), $results[0]['id']);
- $a_param_types = array('s','s');
- $query = "UPDATE users SET login_at = ? WHERE id = ?";
- // There was a problem updating their login table so just fail the login
- if(!$this->db->update($query, $a_bind_params, $a_param_types)) return 3;
- // Login user
- Session::set("user_id", $results[0]['id']);
- session_regenerate_id(true);
- Session::set("login_fingerprint", $this->_generateLoginString ());
- return 0;
- }
- // Checks if user is logged in
- public function isLoggedIn() {
- //if $_SESSION['user_id'] is not set return false
- if(Session::get("user_id") == null)
- return false;
- $loginString = $this->_generateLoginString();
- $currentString = Session::get("login_fingerprint");
- if($currentString != null && $currentString == $loginString)
- return true;
- else {
- //destroy session, it is probably stolen by someone
- $this->logout();
- return false;
- }
- }
- public static function startSession() {
- ini_set('session.use_only_cookies', SESSION_USE_ONLY_COOKIES);
- $cookieParams = session_get_cookie_params();
- session_set_cookie_params(
- $cookieParams["lifetime"],
- $cookieParams["path"],
- $cookieParams["domain"],
- SESSION_SECURE,
- SESSION_HTTP_ONLY
- );
- session_start();
- if (SESSION_REGENERATE_ID)
- session_regenerate_id(SESSION_REGENERATE_ID);
- }
- public static function set($key, $value) {
- $_SESSION[$key] = $value;
- }
- public static function get($key, $default = null) {
- if(isset($_SESSION[$key]))
- return $_SESSION[$key];
- else
- return $default;
- }
- <?php
- // TIMEZONE
- date_default_timezone_set("America/New_York");
- // SHOW ERRORS
- define('SHOW_ERRORS', true);
- // DATABASE CONFIGURATION
- define('DB_HOST', 'localhost');
- define('DB_TYPE', 'mysql');
- define('DB_USER', 'root');
- define('DB_PASS', '');
- define('DB_NAME', 'data');
- // SALTS & PROTECTION
- define('KEY_SALT', "salty");
- define('PASSWORD_SALT', "sallt");
- define('PASSWORD_SHA512_ITERATIONS', 25000);
- //SESSION CONFIGURATION
- define('SESSION_SECURE', true);
- define('SESSION_HTTP_ONLY', true);
- define('SESSION_REGENERATE_ID', true);
- define('SESSION_USE_ONLY_COOKIES', 1);
- define('LOGIN_FINGERPRINT', true);
- // REQUIRE ALL FILES
- require_once("ClassSession.php");
- require_once("ClassDatabase.php");
- require_once("ClassUser.php");
- Session::startSession();
- ?>
- <?php
- include "config.php";
- $user = new User();
- if($user->isLoggedIn()) echo 'logged in';
- else 'Not logged in';
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement