Advertisement
Guest User

Untitled

a guest
Jun 23rd, 2017
82
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.03 KB | None | 0 0
  1. <?php
  2.  
  3. require_once 'User.class.php';
  4. require_once 'ACL.class.php';
  5. /**
  6.  * Session class
  7.  **/
  8. class Session
  9. {
  10.  
  11.     private $db;
  12.     private $settings;
  13.     private $common;
  14.     public $user;
  15.  
  16.     //Session info
  17.     private $username;
  18.     private $sessionKey;
  19.     private $isLoggedIn = false;
  20.     private $lastSeen; //TODO add this to info retrieved during check of session
  21.     private $ip;
  22.     private $dateCreated;
  23.  
  24.     function __construct($_db, $_settings, $_common)
  25.     {
  26.         $this->db = $_db;
  27.         $this->settings = $_settings;
  28.         $this->common = $_common;
  29.         $this->user = new User($_db, $_settings, $_common);
  30.     }
  31.  
  32.     public function login($username, $password, $remember=false)
  33.     {//{{{3
  34.         loginRedirect($username, $password,  $_SERVER["PHP_SELF"], $remember);
  35.     }//}}}3
  36.  
  37.     public function loginRedirect($username, $password, $redirect="index.php", $remember=false)
  38.     {//{{{3
  39.         $userpassword = $this->common->hash($password);
  40.  
  41.         // prepare SQL
  42.         $sql = sprintf("SELECT 1 FROM users WHERE username='%s' AND password='%s'",
  43.                        mysql_real_escape_string($username),
  44.                        mysql_real_escape_string($userpassword));
  45.  
  46.         // execute query
  47.         $result = $this->db->query($sql);
  48.         if ($result === FALSE)
  49.             die("Could not query database");
  50.  
  51.         // check whether we found a row
  52.         if (mysql_num_rows($result) == 1)
  53.         {
  54.             $this->createSession($username, time(), $remember);
  55.             echo header("Location: $redirect");
  56.         }
  57.         else
  58.             echo "<h1>Bad login!</h1>";
  59.     }//}}}3
  60.  
  61.     //   Admin functions {{{2
  62.     //--------------------
  63.     public function getUserName()
  64.     { return $this->username; }
  65.  
  66.     public function getSessionKey()
  67.     { return $this->sessionKey;}
  68.  
  69.     public function getLastSeen()
  70.     { return $this->lastSeen;}
  71.  
  72.     public function getIP()
  73.     { return $this->ip;}
  74.  
  75.     public function getDateCreated()
  76.     { return $this->dateCreated;}
  77.  
  78.     public function getSessions()
  79.     {//{{{3
  80.         $sql = "SELECT * FROM session";
  81.  
  82.         $result = $this->db->query($sql);
  83.  
  84.         $stack = array();
  85.         while($row = mysql_fetch_array($result))
  86.         {
  87.             $object = new Session($this->db, $this->settings, $this->common);
  88.             $object->getSessionByUser($row['user']);
  89.             array_push($stack, $object);
  90.         }
  91.  
  92.         return $stack;
  93.     }//}}}3
  94.  
  95.     public function getSessionByUser($user)
  96.     {//{{{3
  97.         $sql = sprintf("SELECT * FROM session WHERE user='%s'", mysql_real_escape_string($user));
  98.  
  99.         $result = $this->db->query($sql);
  100.         if($result === FALSE)
  101.             die("Could not query database");
  102.  
  103.         $row = mysql_fetch_array($result);
  104.  
  105.         $this->sessionKey = $row['token'];
  106.         $this->username = $user;
  107.         $this->ip = $row['ip'];
  108.         $this->dateCreated = $row['dateCreated'];
  109.         $this->lastSeen = $row['lastSeen'];
  110.  
  111.     }//}}}3
  112.  
  113.     public function logoutUser($user)
  114.     {//{{{3
  115.         $sql = sprintf("DELETE FROM session WHERE user='%s'", mysql_real_escape_string($user));
  116.  
  117.         // execute query
  118.         $result = $this->db->query($sql);
  119.  
  120.         return $result;
  121.     }//}}}3
  122.     //}}}2
  123.  
  124.     //   User session functions {{{2
  125.     //--------------------
  126.     private function createSession($username, $time, $remember=false)
  127.     {//{{{3
  128.         mt_srand();
  129.         $number = mt_rand();
  130.         $token = $this->common->hash($number);
  131.  
  132.         //add token to database and assign to user
  133.         $sql = sprintf("INSERT INTO session values ('%s', '%s', '%s', '%s', '%s')",
  134.                 $token, $username, $_SERVER["REMOTE_ADDR"], $time, $time);
  135.         $result = $this->db->query($sql);
  136.         $_SESSION['token'] = $token;
  137.         $this->clearOtherSessions($username, $token);
  138.  
  139.         if($remember)
  140.             setcookie("token", $token, time()+14*24*60*60);
  141.     }//}}}3
  142.  
  143.     private function clearOtherSessions($username, $token)
  144.     {//{{{3
  145.             $sql = sprintf("DELETE FROM session WHERE user='%s' AND token<>'%s'", $username, $token);
  146.  
  147.             $result = $this->db->query($sql);
  148.  
  149.             if(mysql_num_rows($result) == 1)
  150.             {
  151.                 return true;
  152.             }
  153.             else
  154.             {
  155.                 return false;
  156.             }
  157.  
  158.     }//}}}3
  159.  
  160.     private function deleteSession()
  161.     {//{{{3
  162.  
  163.         if(isset($_SESSION['token']))
  164.         {
  165.             $sql = sprintf("DELETE FROM session WHERE token='%s'", mysql_real_escape_string($_SESSION["token"]));
  166.  
  167.             // execute query
  168.             $result = $this->db->query($sql);
  169.         }
  170.         elseif(isset($_COOKIE['token']))
  171.         {
  172.             $sql = sprintf("DELETE FROM session WHERE token='%s'", mysql_real_escape_string($_COOKIE["token"]));
  173.  
  174.             $result = $this->db->query($sql);
  175.         }
  176.         else
  177.             $result = FALSE;
  178.  
  179.         // delete cookies, if any
  180.         setcookie("token", "", time() - 3600);
  181.  
  182.         // log user out
  183.         setcookie(session_name(), "", time() - 3600);
  184.  
  185.  
  186.         session_destroy();
  187.  
  188.         if($result)
  189.             //redirect("index.php");//TODO make this redirect
  190.             echo 'You are logged out.';
  191.         else
  192.             echo "Deleteing session failed";
  193.  
  194.     }//}}}3
  195.  
  196.     public function isLoggedIn()
  197.     {//{{{3
  198.         return $this->isLoggedIn;
  199.     } //}}}3
  200.  
  201.     public function logout()
  202.     {//{{{3
  203.         return $this->deleteSession();
  204.     }//}}}3
  205.  
  206.     private function retrieveUserName()
  207.     {//{{{3
  208.         if(isset($_SESSION["token"]))
  209.         {
  210.             $getUserSQL = sprintf("SELECT user FROM session WHERE token='%s'",
  211.             mysql_real_escape_string($_SESSION["token"]));
  212.  
  213.             $result = $this->db->query($getUserSQL);
  214.  
  215.             $row = mysql_fetch_array($result);
  216.             return $row['user'];
  217.         }
  218.         elseif(isset($_COOKIE["token"]))
  219.         {
  220.  
  221.             $getUserSQL = sprintf("SELECT user FROM session WHERE token='%s'",
  222.             mysql_real_escape_string($_COOKIE["token"]));
  223.  
  224.             $result = $this->db->query($getUserSQL);
  225.  
  226.             $row = mysql_fetch_array($result);
  227.             return $row['user'];
  228.         }
  229.     }///}}}3
  230.  
  231.     public function sessionExists()
  232.     {//{{{3
  233.         //if already logged in say they are
  234.         if($this->isLoggedIn == true)
  235.             return true;
  236.         //if a token is set check to see if it is valid
  237.         elseif(isset($_SESSION["token"]))
  238.         {
  239.             $sql = sprintf("SELECT 1 FROM session WHERE token='%s'",
  240.                     mysql_real_escape_string($_SESSION["token"]));
  241.  
  242.             $result = $this->db->query($sql);
  243.             if($result === FALSE)
  244.                 die("Could not query database");
  245.  
  246.             //if token is valid load user
  247.             if(mysql_num_rows($result) == 1)
  248.             {
  249.                 $this->sessionKey = $_SESSION["token"]; //get key from user
  250.                 $this->userName = $this->retrieveUserName(); //load username
  251.                 $this->updateSession(); //update the session if it exists
  252.                 $this->isLoggedIn = true; //set logged in to true
  253.                 return true;
  254.             }
  255.         }
  256.         //if a sesion is loaded in a cookie check to see if it is valid
  257.         elseif(isset($_COOKIE["token"]))
  258.         {
  259.             $sql = sprintf("SELECT 1 FROM session WHERE token='%s'", mysql_real_escape_string($_COOKIE["token"]));
  260.  
  261.             $result = $this->db->query($sql);//query database
  262.             if($result === FALSE)
  263.                 die("Could not query databae");
  264.  
  265.             if(mysql_num_rows($result) == 1) //if it's good
  266.             {
  267.                 $_SESSION['token'] = $_COOKIE['token']; //set session token
  268.                 $this->sessionKey = $_SESSION["token"]; //set session key
  269.                 $this->userName = $this->user->retrieveUserName(); //load username
  270.                 $this->updateSession(); //update session
  271.                 $this->isLoggedIn = true; //login set to true
  272.                 return true;
  273.             }
  274.         }
  275.         else
  276.             return false;
  277.     }//}}}3
  278.  
  279.     public function sessionStart()
  280.     {//{{{3
  281.         session_start();
  282.  
  283.         //check for session
  284.         if($this->sessionExists())
  285.         {
  286.             $this->user->loadUser($this->userName);
  287.             $this->isLoggedIn = true;
  288.             return true;
  289.         }
  290.         else
  291.             return false;
  292.     }//}}}3
  293.  
  294.     public function redirectToLogin()
  295.     {//{{{3
  296.         echo header("Location: login.php");
  297.     }//}}}3
  298.  
  299.     private function updateSession()
  300.     {//{{{3
  301.         $sql = sprintf("UPDATE session SET lastSeen='%s', ip='%s' WHERE token='%s'",
  302.                 time(),
  303.                 $_SERVER["REMOTE_ADDR"],
  304.                 $this->sessionKey);
  305.  
  306.         $result = $this->db->query($sql);
  307.  
  308.         if($result === FALSE)
  309.             die("Could not update time last seen");
  310.  
  311.     }//}}}3
  312.  
  313.     //--End session functions }}}2
  314. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement