Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Session Management with Sharp UMS
- include_once("includes.php");
- $auth = new TAuthentication();
- $accept_roles = array('plugin');
- $auth_result = $auth->validateSession($accept_roles);
- if ($auth_result->auth_code == AUTH_NO_SESSION) {
- header('Access-Control-Allow-Origin: *');
- echo "AUTH_NO_SESSION";
- // means that no session was found, therefore the page is being accessed anonymously.
- } elseif ($auth_result->auth_code == AUTH_OKAY) {
- header('Access-Control-Allow-Origin: *');
- echo "AUTH_OKAY";
- // means that there was a session and the user owns all the required roles to access this content.
- } elseif ($auth_result->auth_code == AUTH_INSUFFICIENT_ROLES) {
- header('Access-Control-Allow-Origin: *');
- echo "AUTH_INSUFFICIENT_ROLES";
- // means that a session exists, but the user does not own the required roles to access this content.
- } else {
- // no code here
- }
- <!DOCTYPE html>
- <html>
- <head>
- <script type="text/javascript">
- function loadXMLDoc()
- {
- if (window.XMLHttpRequest)
- {// code for IE7+, Firefox, Chrome, Opera, Safari
- xmlhttp=new XMLHttpRequest();
- }
- else
- {// code for IE6, IE5
- xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
- }
- xmlhttp.onreadystatechange=function()
- {
- if (xmlhttp.readyState==4 && xmlhttp.status==200)
- {
- document.getElementById("myDiv").innerHTML=xmlhttp.responseText;
- }
- }
- xmlhttp.open("GET","user_cred.php",true);
- xmlhttp.send();
- }
- </script>
- </head>
- <body>
- <h2>Using the XMLHttpRequest object</h2>
- <div id="myDiv"></div>
- <button type="button" onclick="loadXMLDoc()">Change Content</button>
- </body>
- </html>
- <form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
- <ul>
- <li class="listitem">
- <div class="row">
- <label>Username:</label>
- <input class="textbox" type="text" name="username" value="" maxlength="80"/>
- </div>
- <div class="row">
- <label>Password:</label>
- <input class="textbox" type="password" name="password" value="" maxlength="80"/>
- </div>
- </li>
- <li class="listitem">
- <div class="row">
- <input class="form-button" type="submit" name="signin" value="Signin"/>
- <a class="loginoptions indentmore" href="signup.php">Signup</a>
- <a class="loginoptions" href="resetpassword.php">Forgot your password?</a>
- </div>
- </li>
- </ul>
- </form>
- include_once("includes.php");
- class TSigninController extends TAbstractController {
- public function run($allowedRoles = null)
- {
- $this->allowedRoles = $allowedRoles;
- $this->execute();
- }
- protected function execute()
- {
- $this->auth_result = parent::validateSession(null);
- if ($this->auth_result->auth_code == AUTH_OKAY)
- {
- $this->goToAfterSignInPage($this->auth_result->roles);
- }
- else if (!$this->getUserAction())
- {
- $this->loadview("signin");
- }
- else
- {
- $this->signin();
- }
- }
- protected function signin()
- {
- $input = $this->getUserInput();
- $model = $this->loadmodel("Users");
- $account = $model->getUser($input["username"], $input["password"]);
- if ($account == null || sizeof($account) == 0)
- {
- $data = array("error" => "Could not sign you in");
- $this->loadview("signin", $data);
- return;
- }
- if ($account["disabled"] == 1 || $account["admin_disabled"] == 1)
- {
- $data = array("error" => ($account["admin_disabled"] == 0) ? "This account is disabled." : "This account is been locked by the admin. Please contact the site admin!");
- $this->loadview("signin", $data);
- return;
- }
- $this->createNewSession($account);
- $this->goToAfterSignInPage($account["roles"]);
- }
- protected function createNewSession($account) {
- $model = $this->loadmodel("Sessions");
- $sessionid = crypt($account["username"] . date('now'));
- $_SESSION['SESSIONID'] = $sessionid;
- $model->createNewSession($sessionid, $account["id"]);
- }
- public function goToAfterSignInPage($roles)
- {
- foreach($roles as $role)
- {
- if ($this->utils->stringsEqual($role["name"], "admin", false))
- {
- $this->redirect(SITE_URL . "/admin/dashboard.php");
- return;
- }
- }
- $this->redirect(SITE_URL . "/user/userprofile.php");
- }
- protected function getUserAction()
- {
- if ($this->post("signin"))
- return "signin";
- else
- return null;
- }
- protected function getUserInput()
- {
- return array(
- "username" => $this->post("username"),
- "password" => $this->post("password")
- );
- }
- }
- $controller = new TSigninController();
- $controller->run();
- SELECT
- s.userid,
- s.id,
- s.started_on,
- (
- DATE_ADD(
- s.started_on,
- INTERVAL $this->sessionlength SECOND
- ) < NOW()
- ) expired
- FROM sessions s
- WHERE s.id = '$sessionid'
- protected function createNewSession($account) {
- $model = $this->loadmodel("Sessions");
- $sessionid = crypt($account["username"] . date('now'));
- $_SESSION['SESSIONID'] = $sessionid;
- $model->createNewSession($sessionid, $account["id"]);
- }
Add Comment
Please, Sign In to add comment