Untitled

Session Management with Sharp UMS
include_once("includes.php");
$auth = new TAuthentication();
$accept_roles = array('plugin');
$auth_result  = $auth->validateSession($accept_roles);

if ($auth_result->auth_code == AUTH_NO_SESSION) {
    header('Access-Control-Allow-Origin: *');
    echo "AUTH_NO_SESSION";
    // means that no session was found, therefore the page is being accessed anonymously.
} elseif ($auth_result->auth_code == AUTH_OKAY) {
    header('Access-Control-Allow-Origin: *');
    echo "AUTH_OKAY";
    // means that there was a session and the user owns all the required roles to access this content.
} elseif ($auth_result->auth_code == AUTH_INSUFFICIENT_ROLES) {
    header('Access-Control-Allow-Origin: *');
    echo "AUTH_INSUFFICIENT_ROLES";
    // means that a session exists, but the user does not own the required roles to access this content.
} else {
    // no code here
}

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function loadXMLDoc()
{
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("myDiv").innerHTML=xmlhttp.responseText;
    }
  }
xmlhttp.open("GET","user_cred.php",true);
xmlhttp.send();
}
</script>
</head>
<body>

<h2>Using the XMLHttpRequest object</h2>
<div id="myDiv"></div>
<button type="button" onclick="loadXMLDoc()">Change Content</button>

</body>
</html>

<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
    <ul>
        <li class="listitem">
            <div class="row">
                <label>Username:</label>
                <input class="textbox" type="text" name="username" value="" maxlength="80"/>
            </div>
            <div class="row">
                <label>Password:</label>
                <input class="textbox" type="password" name="password" value="" maxlength="80"/>
            </div>
        </li>
        <li class="listitem">
            <div class="row">
                <input class="form-button" type="submit" name="signin" value="Signin"/>
                <a class="loginoptions indentmore" href="signup.php">Signup</a>
                <a class="loginoptions" href="resetpassword.php">Forgot your password?</a>
            </div>
        </li>
    </ul>
</form>

include_once("includes.php");

class TSigninController extends TAbstractController {

    public function run($allowedRoles = null)
    {
        $this->allowedRoles = $allowedRoles;
        $this->execute();
    }

    protected function execute()
    {
        $this->auth_result = parent::validateSession(null);

        if ($this->auth_result->auth_code == AUTH_OKAY)
        {
            $this->goToAfterSignInPage($this->auth_result->roles);
        }
        else if (!$this->getUserAction())
        {
            $this->loadview("signin");
        }
        else
        {
            $this->signin();
        }
    }

    protected function signin()
    {
        $input   = $this->getUserInput();
        $model   = $this->loadmodel("Users");
        $account = $model->getUser($input["username"], $input["password"]);

        if ($account == null || sizeof($account) == 0)
        {
            $data = array("error" => "Could not sign you in");
            $this->loadview("signin", $data);
            return;
        }

        if ($account["disabled"] == 1 || $account["admin_disabled"] == 1)
        {
            $data = array("error" => ($account["admin_disabled"] == 0) ? "This account is disabled." : "This account is been locked by the admin. Please contact the site admin!");
            $this->loadview("signin", $data);
            return;
        }

        $this->createNewSession($account);
        $this->goToAfterSignInPage($account["roles"]);
    }

    protected function createNewSession($account) {
        $model     = $this->loadmodel("Sessions");
        $sessionid = crypt($account["username"] . date('now'));

        $_SESSION['SESSIONID'] = $sessionid;
        $model->createNewSession($sessionid, $account["id"]);
    }

    public function goToAfterSignInPage($roles)
    {
        foreach($roles as $role)
        {
            if ($this->utils->stringsEqual($role["name"], "admin", false))
            {
                $this->redirect(SITE_URL . "/admin/dashboard.php");
                return;
            }
        }

        $this->redirect(SITE_URL . "/user/userprofile.php");
    }

    protected function getUserAction()
    {
        if ($this->post("signin"))
            return "signin";
        else
            return null;
    }

    protected function getUserInput()
    {
        return array(
            "username" => $this->post("username"),
            "password" => $this->post("password")
        );
    }
}

$controller = new TSigninController();
$controller->run();

SELECT
    s.userid,
    s.id,
    s.started_on,
    (
        DATE_ADD(
             s.started_on,
             INTERVAL $this->sessionlength SECOND
        ) < NOW()
    ) expired
FROM sessions s
WHERE s.id = '$sessionid'

protected function createNewSession($account) {
    $model     = $this->loadmodel("Sessions");
    $sessionid = crypt($account["username"] . date('now'));

    $_SESSION['SESSIONID'] = $sessionid;
    $model->createNewSession($sessionid, $account["id"]);
}