Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- class Sesiones
- {
- private $bd;
- public function __construct()
- {
- $this->bd = new DB('localhost', 'lacocinadeyawin_security', 'yawin', 'infernus');
- }
- public function getrealip()
- {
- if (!empty($_SERVER['HTTP_CLIENT_IP']))
- {
- return $_SERVER['HTTP_CLIENT_IP'];
- }
- if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
- {
- return $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
- return $_SERVER['REMOTE_ADDR'];
- }
- public function creasesion($userid)
- {
- //Capturar ip
- $ipadd = $this->getrealip();
- //Generamos nombre de variable y contenido
- //Nombre de variable
- $cont=rand(9,20);
- $semilla="";
- for($i=0;$i<$cont;$i++)
- {
- $semi=rand(0,9);
- $semilla=$semilla.$semi;
- }
- $nvar=jarl(substr(md5(uniqid(rand())),0,6),$semilla);
- //Contenido de la variable
- $cont=rand(9,20);
- $semilla="";
- for($i=0;$i<$cont;$i++)
- {
- $semi=rand(0,9);
- $semilla=$semilla.$semi;
- }
- $nval=jarl(substr(md5(uniqid(rand())),0,6),$semilla);
- //Si existe entrada para ese usuario
- $query = 'SELECT COUNT(ip) FROM sessiones WHERE ip=\''.$ipadd.'\'';
- $row = $this->bd->select($query);
- $_cont = 0;
- foreach($row as $r){$_cont = $r[0];}
- if($_cont > 0)
- {
- //Updatear la entrada con el nombre de variable
- $query="UPDATE sessiones SET nvar = '$nvar', nval = '$nval', ip = '$ipadd', userid = $userid WHERE ip = '$ipadd'";
- $this->bd->update($query);
- }
- else
- {
- //Insertar la entrada con el nombre de variable
- $query = "INSERT INTO sessiones (ip,nvar,nval,userid) VALUES ('$ipadd','$nvar','$nval',$userid)";
- $this->bd->insert($query);
- }
- //Crear sesión
- $_SESSION[$nvar]=$nval;
- }
- public function compruebases()
- {
- //Capturar ip
- $ipadd = $this->getrealip();
- //Recuperamos entrada para esa ip
- $hay=0;
- $query = 'SELECT count(ip), nvar, nval, userid FROM sessiones WHERE ip=\''.$ipadd.'\'';
- if($row=$this->bd->select($query))
- {
- $hay=1;
- }
- //Si existe entrada para esa ip
- if($hay>0)
- {
- //Comprobamos si las variables de sesión son correctas
- $nvar = "";
- $nval = "";
- $userid = "";
- foreach($row as $r)
- {
- $nvar = $r['nvar'];
- $nval = $r['nval'];
- $userid = $r['userid'];
- }
- if(isset($_SESSION[$nvar]))
- {
- if($_SESSION[$nvar]==$nval)
- {
- return $userid;
- }
- else
- return -3;
- }
- else
- return -2;
- }
- return -1;
- }
- public function get_login($user, $pass)
- {
- $query = "SELECT count(id), pass, id, username, semilla FROM secur WHERE username='$user'";
- $row = $this->bd->select($query);
- $_cont = 0;
- $_semilla = '';
- $_userid = '';
- $_pass = '';
- foreach($row as $r)
- {
- $_cont = $r[0];
- $_semilla = $r['semilla'];
- $_userid = $r['id'];
- $_pass = $r['pass'];
- }
- if($_cont > 0)
- {
- require('./cript.php');
- $pass = jarl($pass,$_semilla);
- if($_pass == $pass && $_userid!=0)
- {
- $_ban = $this->checkBan($_userid);
- if($_ban != 0)
- {
- return -2;
- }
- else
- {
- $this->creasesion($_userid);
- return 1;
- }
- }
- else
- {
- return -1;
- }
- }
- else
- {
- return -1;
- }
- }
- public function checkBan($_userid)
- {
- $query = "SELECT ban FROM users WHERE id = $_userid";
- $row = $GLOBALS['bd']->select($query);
- $_ban = 0;
- foreach($row as $r)
- {
- $_ban = $r['ban'];
- }
- return $_ban;
- }
- public function getPrivileges($_userid)
- {
- $query = "SELECT privilegios FROM users WHERE id = $_userid";
- $row = $GLOBALS['bd']->select($query);
- $_priv = 0;
- foreach($row as $r)
- {
- $_priv = $r['privilegios'];
- }
- return $_priv;
- }
- }
- $sesion = new Sesiones();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement