<?php/////////////////////////////////////////////////////////////////////////

1. <?php
2. ////////////////////////////////////////////////////////////////////////////////////////
3. // Class: sentry
4. // Purpose: Control access to pages
5. ///////////////////////////////////////////////////////////////////////////////////////
6. class sentry {
7.  
8. var $loggedin = false; // Boolean to store whether the user is logged in
9. var $userdata; // Array to contain user's data
10.  
11. function sentry(){
12. session_start();
13. header("Cache-control: private");
14. }
15.  
16. //======================================================================================
17. // Log out, destroy session
18. function logout(){
19. unset($this->userdata);
20. session_destroy();
21. return true;
22. }
23.  
24. //======================================================================================
25. // Log in, and either redirect to goodRedirect or badRedirect depending on success
26. function checkLogin($user = '',$pass = '',$group = 10,$goodRedirect = '',$badRedirect = ''){
27.  
28. // Include database and validation classes, and create objects
29. require_once('DbConnector.php');
30. require_once('Validator.php');
31. $validate = new Validator();
32. $loginConnector = new DbConnector();
33.  
34. // If user is already logged in then check credentials
35. if ($_SESSION['user'] && $_SESSION['pass']){
36.  
37. // Validate session data
38. if (!$validate->validateTextOnly($_SESSION['user'])){return false;}
39. if (!$validate->validateTextOnly($_SESSION['pass'])){return false;}
40.  
41. $getUser = $loginConnector->query("SELECT * FROM cmsusers WHERE user = '".$_SESSION['user']."' AND pass = '".$_SESSION['pass']."' AND thegroup <= ".$group.' AND enabled = 1');
42.  
43. if ($loginConnector->getNumRows($getUser) > 0){
44. // Existing user ok, continue
45. if ($goodRedirect != '') {
46. header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
47. }
48. return true;
49. }else{
50. // Existing user not ok, logout
51. $this->logout();
52. return false;
53. }
54.  
55. // User isn't logged in, check credentials
56. }else{
57. // Validate input
58. if (!$validate->validateTextOnly($user)){return false;}
59. if (!$validate->validateTextOnly($pass)){return false;}
60.  
61. // Look up user in DB
62. $getUser = $loginConnector->query("SELECT * FROM cmsusers WHERE user = '$user' AND pass = PASSWORD('$pass') AND thegroup <= $group AND enabled = 1");
63. $this->userdata = $loginConnector->fetchArray($getUser);
64.  
65. if ($loginConnector->getNumRows($getUser) > 0){
66. // Login OK, store session details
67. // Log in
68. $_SESSION["user"] = $user;
69. $_SESSION["pass"] = $this->userdata['pass'];
70. $_SESSION["thegroup"] = $this->userdata['thegroup'];
71.  
72. if ($goodRedirect) {
73. header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
74. }
75. return true;
76.  
77. }else{
78. // Login BAD
79. unset($this->userdata);
80. if ($badRedirect) {
81. header("Location: ".$badRedirect) ;
82. }
83. return false;
84. }
85. }
86. }
87. }
88. ?>