API tools faq
paste
Guest User

Untitled

a guest
Jul 20th, 2018
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.53 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /* requires sql.class.php to function */
  3. class Session
  4. {
  5. private $link;
  6.  
  7. /*
  8. * initialize the session
  9. */
  10. public function Session($sql)
  11. {
  12. session_start();
  13. $this->link = $sql;
  14. }
  15.  
  16. /*
  17. * login utils
  18. */
  19. // only needed on registration and password change.
  20. public function GenerateSalt()
  21. {
  22. $salt = uniqid(rand(), true);
  23. $salt = md5($salt);
  24. return substr($salt, 0, 8);
  25. }
  26. public function GenerateHash($plainText, $salt)
  27. {
  28. $hash = $salt . sha1($salt . $plainText);
  29. return $hash;
  30. }
  31.  
  32. /*
  33. * check if user is logged in
  34. */
  35. public function IsLogged()
  36. {
  37. if( !isset($_SESSION['uid']) )
  38. return false;
  39. return $this->TestPassword($_SESSION['uid'],$_SESSION['pass']);
  40. }
  41.  
  42. /*
  43. * get password/salt for a given user
  44. */
  45. private function GetSalt($uid)
  46. {
  47. $uid = mysql_fetch_array($this->link->Query("SELECT salt FROM users WHERE id='?' LIMIT 1", $uid));
  48. return $uid[0];
  49. }
  50. private function GetPassword($uid)
  51. {
  52. $password = mysql_fetch_array($this->link->Query("SELECT password FROM users WHERE id='?' LIMIT 1", $uid));
  53. return $password[0];
  54. }
  55. /*
  56. * make sure the stored password matches the given one.
  57. */
  58. private function TestPassword($uid,$password)
  59. {
  60. // get password from cookie
  61. $password = $_SESSION['pass'];
  62.  
  63. // get known password
  64. $knownpass = $this->GetPassword($uid);
  65.  
  66. // if this returns false, someone has tampered with the cookie.
  67. return $password == $knownpass;
  68. }
  69.  
  70. /*
  71. * returns true if successful
  72. */
  73. public function Login()
  74. {
  75. // get the uid from the posted password
  76. $uid = mysql_fetch_array($this->link->Query("SELECT id FROM users WHERE username='?' LIMIT 1",$_POST['username']));
  77. $uid = $uid[0];
  78.  
  79. $password = $_POST['password'];
  80.  
  81. $salt = $this->GetSalt($uid);
  82. $password = $this->GenerateHash($password,$salt);
  83.  
  84. $_SESSION['pass'] = $password;
  85.  
  86. if( $this->TestPassword($uid, $password) )
  87. {
  88. $_SESSION['uid'] = $uid;
  89. return true;
  90. }
  91. // don't leave the password hash there if the login failed (paranoia)
  92. unset($_SESSION['pass']);
  93. return false;
  94. }
  95.  
  96. /*
  97. * logout, as if I'm actually doing something.
  98. */
  99. public function Logout() { session_destroy(); }
  100. }
  101.  
  102.  
  103. $session = new Session($link); // make sure $link is a database connection, e.g.
  104.  
  105. // you may wish to change these if you want your site to behave differently!
  106. if( isset($_POST['login']) && !isset($_SESSION['uid']) )
  107. {
  108. $login = $session->Login();
  109. }
  110. elseif( $_GET['logout'] )
  111. $session->Logout();
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!