Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once 'User.class.php';
- require_once 'ACL.class.php';
- /**
- * Session class
- **/
- class Session
- {
- private $db;
- private $settings;
- private $common;
- public $user;
- //Session info
- private $username;
- private $sessionKey;
- private $isLoggedIn = false;
- private $lastSeen; //TODO add this to info retrieved during check of session
- private $ip;
- private $dateCreated;
- function __construct($_db, $_settings, $_common)
- {
- $this->db = $_db;
- $this->settings = $_settings;
- $this->common = $_common;
- $this->user = new User($_db, $_settings, $_common);
- }
- public function login($username, $password, $remember=false)
- {//{{{3
- loginRedirect($username, $password, $_SERVER["PHP_SELF"], $remember);
- }//}}}3
- public function loginRedirect($username, $password, $redirect="index.php", $remember=false)
- {//{{{3
- $userpassword = $this->common->hash($password);
- // prepare SQL
- $sql = sprintf("SELECT 1 FROM users WHERE username='%s' AND password='%s'",
- mysql_real_escape_string($username),
- mysql_real_escape_string($userpassword));
- // execute query
- $result = $this->db->query($sql);
- if ($result === FALSE)
- die("Could not query database");
- // check whether we found a row
- if (mysql_num_rows($result) == 1)
- {
- $this->createSession($username, time(), $remember);
- echo header("Location: $redirect");
- }
- else
- echo "<h1>Bad login!</h1>";
- }//}}}3
- // Admin functions {{{2
- //--------------------
- public function getUserName()
- { return $this->username; }
- public function getSessionKey()
- { return $this->sessionKey;}
- public function getLastSeen()
- { return $this->lastSeen;}
- public function getIP()
- { return $this->ip;}
- public function getDateCreated()
- { return $this->dateCreated;}
- public function getSessions()
- {//{{{3
- $sql = "SELECT * FROM session";
- $result = $this->db->query($sql);
- $stack = array();
- while($row = mysql_fetch_array($result))
- {
- $object = new Session($this->db, $this->settings, $this->common);
- $object->getSessionByUser($row['user']);
- array_push($stack, $object);
- }
- return $stack;
- }//}}}3
- public function getSessionByUser($user)
- {//{{{3
- $sql = sprintf("SELECT * FROM session WHERE user='%s'", mysql_real_escape_string($user));
- $result = $this->db->query($sql);
- if($result === FALSE)
- die("Could not query database");
- $row = mysql_fetch_array($result);
- $this->sessionKey = $row['token'];
- $this->username = $user;
- $this->ip = $row['ip'];
- $this->dateCreated = $row['dateCreated'];
- $this->lastSeen = $row['lastSeen'];
- }//}}}3
- public function logoutUser($user)
- {//{{{3
- $sql = sprintf("DELETE FROM session WHERE user='%s'", mysql_real_escape_string($user));
- // execute query
- $result = $this->db->query($sql);
- return $result;
- }//}}}3
- //}}}2
- // User session functions {{{2
- //--------------------
- private function createSession($username, $time, $remember=false)
- {//{{{3
- mt_srand();
- $number = mt_rand();
- $token = $this->common->hash($number);
- //add token to database and assign to user
- $sql = sprintf("INSERT INTO session values ('%s', '%s', '%s', '%s', '%s')",
- $token, $username, $_SERVER["REMOTE_ADDR"], $time, $time);
- $result = $this->db->query($sql);
- $_SESSION['token'] = $token;
- $this->clearOtherSessions($username, $token);
- if($remember)
- setcookie("token", $token, time()+14*24*60*60);
- }//}}}3
- private function clearOtherSessions($username, $token)
- {//{{{3
- $sql = sprintf("DELETE FROM session WHERE user='%s' AND token<>'%s'", $username, $token);
- $result = $this->db->query($sql);
- if(mysql_num_rows($result) == 1)
- {
- return true;
- }
- else
- {
- return false;
- }
- }//}}}3
- private function deleteSession()
- {//{{{3
- if(isset($_SESSION['token']))
- {
- $sql = sprintf("DELETE FROM session WHERE token='%s'", mysql_real_escape_string($_SESSION["token"]));
- // execute query
- $result = $this->db->query($sql);
- }
- elseif(isset($_COOKIE['token']))
- {
- $sql = sprintf("DELETE FROM session WHERE token='%s'", mysql_real_escape_string($_COOKIE["token"]));
- $result = $this->db->query($sql);
- }
- else
- $result = FALSE;
- // delete cookies, if any
- setcookie("token", "", time() - 3600);
- // log user out
- setcookie(session_name(), "", time() - 3600);
- session_destroy();
- if($result)
- //redirect("index.php");//TODO make this redirect
- echo 'You are logged out.';
- else
- echo "Deleteing session failed";
- }//}}}3
- public function isLoggedIn()
- {//{{{3
- return $this->isLoggedIn;
- } //}}}3
- public function logout()
- {//{{{3
- return $this->deleteSession();
- }//}}}3
- private function retrieveUserName()
- {//{{{3
- if(isset($_SESSION["token"]))
- {
- $getUserSQL = sprintf("SELECT user FROM session WHERE token='%s'",
- mysql_real_escape_string($_SESSION["token"]));
- $result = $this->db->query($getUserSQL);
- $row = mysql_fetch_array($result);
- return $row['user'];
- }
- elseif(isset($_COOKIE["token"]))
- {
- $getUserSQL = sprintf("SELECT user FROM session WHERE token='%s'",
- mysql_real_escape_string($_COOKIE["token"]));
- $result = $this->db->query($getUserSQL);
- $row = mysql_fetch_array($result);
- return $row['user'];
- }
- }///}}}3
- public function sessionExists()
- {//{{{3
- //if already logged in say they are
- if($this->isLoggedIn == true)
- return true;
- //if a token is set check to see if it is valid
- elseif(isset($_SESSION["token"]))
- {
- $sql = sprintf("SELECT 1 FROM session WHERE token='%s'",
- mysql_real_escape_string($_SESSION["token"]));
- $result = $this->db->query($sql);
- if($result === FALSE)
- die("Could not query database");
- //if token is valid load user
- if(mysql_num_rows($result) == 1)
- {
- $this->sessionKey = $_SESSION["token"]; //get key from user
- $this->userName = $this->retrieveUserName(); //load username
- $this->updateSession(); //update the session if it exists
- $this->isLoggedIn = true; //set logged in to true
- return true;
- }
- }
- //if a sesion is loaded in a cookie check to see if it is valid
- elseif(isset($_COOKIE["token"]))
- {
- $sql = sprintf("SELECT 1 FROM session WHERE token='%s'", mysql_real_escape_string($_COOKIE["token"]));
- $result = $this->db->query($sql);//query database
- if($result === FALSE)
- die("Could not query databae");
- if(mysql_num_rows($result) == 1) //if it's good
- {
- $_SESSION['token'] = $_COOKIE['token']; //set session token
- $this->sessionKey = $_SESSION["token"]; //set session key
- $this->userName = $this->user->retrieveUserName(); //load username
- $this->updateSession(); //update session
- $this->isLoggedIn = true; //login set to true
- return true;
- }
- }
- else
- return false;
- }//}}}3
- public function sessionStart()
- {//{{{3
- session_start();
- //check for session
- if($this->sessionExists())
- {
- $this->user->loadUser($this->userName);
- $this->isLoggedIn = true;
- return true;
- }
- else
- return false;
- }//}}}3
- public function redirectToLogin()
- {//{{{3
- echo header("Location: login.php");
- }//}}}3
- private function updateSession()
- {//{{{3
- $sql = sprintf("UPDATE session SET lastSeen='%s', ip='%s' WHERE token='%s'",
- time(),
- $_SERVER["REMOTE_ADDR"],
- $this->sessionKey);
- $result = $this->db->query($sql);
- if($result === FALSE)
- die("Could not update time last seen");
- }//}}}3
- //--End session functions }}}2
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement