<?php require_once('config.php'); $user = new User(); $result = $user->l

1. <?php
2.  
3. require_once('config.php');
4.  
5. $user = new User();
6. $result = $user->login('email@gmail.com', 'mysecretpassword');
7. echo $result;
8. echo '</br>';
9. $result = $user->isLoggedIn();
10. echo $result;
11.  
12. ?>
13.  
14. public function login($email, $password) {
15.  
16. // Hash Password
17. $password = $this->hashPassword($password);
18.  
19. // Check if email and password match
20. $query = "SELECT id, confirm_email FROM users WHERE email = ? AND password = ?";
21.  
22. $a_bind_params = array($email, $password);
23. $a_param_types = array('s','s');
24. $results = $this->db->select($query, $a_bind_params, $a_param_types);
25.  
26. // If we didnt get a result then email/password must be wrong
27. if(count($results) == 0) return 1;
28.  
29. // Now check that they verrified their email
30. if($results[0]['confirm_email'] == 'N') return 2;
31.  
32. // User is real and everything is good
33.  
34. // Update login Date
35. $a_bind_params = array(date('Y-m-d H:i:s'), $results[0]['id']);
36. $a_param_types = array('s','s');
37. $query = "UPDATE users SET login_at = ? WHERE id = ?";
38.  
39. // There was a problem updating their login table so just fail the login
40. if(!$this->db->update($query, $a_bind_params, $a_param_types)) return 3;
41.  
42. // Login user
43. Session::set("user_id", $results[0]['id']);
44. session_regenerate_id(true);
45. Session::set("login_fingerprint", $this->_generateLoginString ());
46.  
47. return 0;
48. }
49.  
50. // Checks if user is logged in
51. public function isLoggedIn() {
52. //if $_SESSION['user_id'] is not set return false
53. if(Session::get("user_id") == null)
54. return false;
55.  
56. $loginString = $this->_generateLoginString();
57. $currentString = Session::get("login_fingerprint");
58. if($currentString != null && $currentString == $loginString)
59. return true;
60. else {
61. //destroy session, it is probably stolen by someone
62. $this->logout();
63. return false;
64. }
65. }
66.  
67. public static function startSession() {
68. ini_set('session.use_only_cookies', SESSION_USE_ONLY_COOKIES);
69.  
70. $cookieParams = session_get_cookie_params();
71. session_set_cookie_params(
72. $cookieParams["lifetime"],
73. $cookieParams["path"],
74. $cookieParams["domain"],
75. SESSION_SECURE,
76. SESSION_HTTP_ONLY
77. );
78.  
79. session_start();
80.  
81. if (SESSION_REGENERATE_ID)
82. session_regenerate_id(SESSION_REGENERATE_ID);
83. }
84.  
85. public static function set($key, $value) {
86. $_SESSION[$key] = $value;
87. }
88.  
89. public static function get($key, $default = null) {
90. if(isset($_SESSION[$key]))
91. return $_SESSION[$key];
92. else
93. return $default;
94. }
95.  
96. <?php
97.  
98. // TIMEZONE
99. date_default_timezone_set("America/New_York");
100.  
101. // SHOW ERRORS
102. define('SHOW_ERRORS', true);
103.  
104. // DATABASE CONFIGURATION
105. define('DB_HOST', 'localhost');
106.  
107. define('DB_TYPE', 'mysql');
108.  
109. define('DB_USER', 'root');
110.  
111. define('DB_PASS', '');
112.  
113. define('DB_NAME', 'data');
114.  
115.  
116. // SALTS & PROTECTION
117. define('KEY_SALT', "salty");
118.  
119. define('PASSWORD_SALT', "sallt");
120.  
121. define('PASSWORD_SHA512_ITERATIONS', 25000);
122.  
123. //SESSION CONFIGURATION
124. define('SESSION_SECURE', true);
125.  
126. define('SESSION_HTTP_ONLY', true);
127.  
128. define('SESSION_REGENERATE_ID', true);
129.  
130. define('SESSION_USE_ONLY_COOKIES', 1);
131.  
132. define('LOGIN_FINGERPRINT', true);
133.  
134. // REQUIRE ALL FILES
135. require_once("ClassSession.php");
136. require_once("ClassDatabase.php");
137. require_once("ClassUser.php");
138. Session::startSession();
139.  
140. ?>
141.  
142. <?php
143. include "config.php";
144. $user = new User();
145. if($user->isLoggedIn()) echo 'logged in';
146. else 'Not logged in';
147. ?>