function session_defaults() { $_SESSION['logged'] = false; $_SESSION['uid'] =

1. function session_defaults() {
2. $_SESSION['logged'] = false;
3. $_SESSION['uid'] = 0;
4. $_SESSION['username'] = '';
5. $_SESSION['cookie'] = 0;
6. $_SESSION['remember'] = false;
7. }
8.  
9. function &db_connect() {
10. require_once 'includes/DB.php';
11. PEAR::setErrorHandling(PEAR_ERROR_DIE);
12. $db_host = 'localhost';
13. $db_user = '';
14. $db_pass = '';
15. $db_name = '';
16. $dsn = "mysql://$db_user:$db_pass@unix+$db_host/$db_name";
17. $db = DB::connect($dsn);
18. $db->setFetchMode(DB_FETCHMODE_OBJECT);
19. return $db;
20. }
21.  
22. $date = gmdate("'Y-m-d'");
23. $db = db_connect();
24. $user = new User($db);
25.  
26. class User {
27. var $db = null;
28. var $failed = false;
29. var $date;
30. var $id = 0;
31. function User(&$db) {
32. $this->db = $db;
33. $this->date = $GLOBALS['date'];
34. if ($_SESSION['logged']) {
35. $this->_checkSession();
36. } elseif ( isset($_COOKIE['emrLogin']) ) {
37. $this->_checkRemembered($_COOKIE['emrLogin']);
38. }
39. }
40.  
41. function _checkLogin($username, $password, $remember) {
42. $username = $this->db->quote($username);
43. $password = $this->db->quote(md5($password));
44. $sql = "SELECT * FROM users WHERE " .
45. "username = $username AND " .
46. "password = $password";
47. $result = $this->db->getRow($sql);
48. if ( is_object($result) ) {
49. $this->_setSession($result, $remember);
50. header ("Location: home.php");
51. return true;
52. } else {
53. echo '<strong>Incorrect Log In and/or Password. Please try again.</strong><br>
54. <form><input type="button" value="Back" onClick="history.back()"></form>';
55. $this->_logout();
56. return false;
57. }
58. } //check login
59.  
60. function _setSession(&$values, $remember, $init = true) {
61. $this->id = $values->id;
62. $_SESSION['uid'] = $this->id;
63. $_SESSION['username'] = htmlspecialchars($values->username);
64. $_SESSION['cookie'] = $values->cookie;
65. $_SESSION['logged'] = true;
66. if ($remember) {
67. $this->updateCookie($values->cookie, true);
68. }
69. if ($init) {
70. $session = $this->db->quote(session_id());
71. $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
72. $sql = "UPDATE users SET session = $session, ip = $ip WHERE " .
73. "id = $this->id";
74. $this->db->query($sql);
75. }
76. } //set session
77. function updateCookie($cookie, $save) {
78. $_SESSION['cookie'] = $cookie;
79. if ($save) {
80. $cookie = serialize(array($_SESSION['username'], $cookie) );
81. setcookie('emrLogin', $cookie, time() + 31104000, '/');
82. }
83. } // update cookie
84. function _checkRemembered($cookie) {
85. list($username, $cookie) = @unserialize($cookie);
86. if (!$username or !$cookie) return;
87. $username = $this->db->quote($username);
88. $cookie = $this->db->quote($cookie);
89. $sql = "SELECT * FROM users WHERE " .
90. "(username = $username) AND (cookie = $cookie)";
91. $result = $this->db->getRow($sql);
92. if (is_object($result) ) {
93. $this->_setSession($result, true);
94. }
95. } // check remembered
96. function _checkSession() {
97. $username = $this->db->quote($_SESSION['username']);
98. $cookie = $this->db->quote($_SESSION['cookie']);
99. $session = $this->db->quote(session_id());
100. $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
101. $sql = "SELECT * FROM users WHERE " .
102. "(username = $username) AND (cookie = $cookie) AND " .
103. "(session = $session) AND (ip = $ip)";
104. $result = $this->db->getRow($sql);
105. if (is_object($result) ) {
106. $this->_setSession($result, false, false);
107. } else {
108. $this->_logout();
109. }
110. } // check session
111. function _logout() {
112. $logout = session_defaults();
113. setcookie('emrLogin', $_SESSION['cookie'], time() - 31104000, '/');
114. } // logout
115. } //user class