Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class user
- {
- private $session_id = null;
- public $logged_in = false,
- $id = 0;
- public function __construct( )
- {
- global $core, $db;
- $this->session_id = $core->encrypt( session_id( ) );
- $db->setParam( 'rndKey', $core->clean( $_SESSION['ticket'] ) );
- $db->setParam( 'sessionId', $this->session_id );
- /* TODO: work on time based session handling.. p: low */
- $query = $db->query( "SELECT id_user FROM %prefix%sessions WHERE id_rndKey = @rndKey AND id_sessionId = @sessionId LIMIT 1;" );
- if( $db->num_rows( $query, true ) > 0 )
- {
- $this->id = $db->result( $query, true );
- if( $this->_userChecks( ) )
- {
- $this->_cacheUser();
- $this->logged_in = true;
- }
- }
- }
- public function reCache( )
- {
- $this->_cacheUser();
- }
- public function doLogin( )
- {
- global $core, $db;
- if( empty( $_POST['username'] ) || empty( $_POST['password'] ) )
- {
- return 'All fields are required';
- }
- $db->setParam
- (
- array
- (
- array( 'credName', $core->clean( $_POST['username'] ) ),
- array( 'credPass', $core->encrypt( $_POST['password'] ) )
- )
- );
- $query = $db->query("SELECT id, lock_to_email, username FROM %prefix%users WHERE (username = @credName OR email = @credName) AND password = @credPass LIMIT 1;");
- if( $db->num_rows( $query, true ) > 0 )
- {
- $fetch = $db->fetch_array( $query, true );
- if( $fetch[1] != '1' )
- {
- $this->_createSession( $fetch[0] );
- return true;
- }
- else
- {
- if( $fetch[2] == $_POST['username'] )
- {
- return 'Your credenitals do not match our records..';
- }
- else
- {
- $this->_createSession( $fetch[0] );
- return true;
- }
- }
- }
- else
- {
- return 'Your credenitals do not match our records..';
- }
- }
- public function hasPermissions( $userGroup, $permissionName )
- {
- global $userGroups;
- if( $this->data['privileges'] == null )
- {
- return false;
- }
- if( $userGroups[ $userGroup ][ $permissionName ] & $this->data['privileges'][ $userGroup ] )
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- public function group2html( $groupId, $userName = null )
- {
- global $db;
- $db->setParam( 'groupId', ( int ) $groupId );
- $fetchArray = $db->fetch_array( "SELECT groupColour, groupBold FROM %prefix%usergroups WHERE groupId = @groupId LIMIT 1;" );
- return sprintf('<span style="color: %s; font-weight: %s">%s</span>', $fetchArray[0], ( ( ( bool ) $fetchArray[1] ) ? 'bold' : 'normal' ), ( ( $userName ) ? $userName : $this->data['username'] ) );
- }
- private function _createSession( $userId )
- {
- global $db, $core;
- for( $i = 0; $i < 10; $i++ )
- {
- $ticket .= rand( 0, 1 );
- }
- $_SESSION['ticket'] = $ticket;
- $db->setParam
- (
- array(
- array( 'id', $userId ),
- array( 'id_session', $core->encrypt( session_id( ) ) ),
- array( 'rndKey', $ticket )
- )
- );
- $db->query( 'INSERT INTO %prefix%sessions (id_user, id_sessionId, id_rndKey)VALUES(@id, @id_session, @rndKey)' );
- }
- private function _cacheUser( )
- {
- global $db;
- $query = $db->fetch_array( "SELECT * FROM %prefix%users WHERE id = '".$this->id."' LIMIT 1;" );
- foreach ( $query as $key => $value )
- {
- if( !is_numeric( $key ) )
- {
- if( $key != 'privileges' )
- {
- $this->data[ $key ] = $value;
- }
- else
- {
- $this->data[ $key ] = unserialize( $value );
- }
- }
- }
- }
- private function _userChecks( )
- {
- return true;
- }
- }
- $user = new user();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement