<?phpif (!defined('BASEPATH')) exit('You are not permitted direct access to th

1. <?php
2. if (!defined('BASEPATH')) exit('You are not permitted direct access to this file.');
3.  
4. class common {
5.  
6.     var $CI;
7.     var $i;
8.  
9.   function common() {
10.     $this->CI =& get_instance();
11.     $this->CI->load->database();
12.     $this->CI->load->helper('url');
13.  
14.     $time_start = microtime(true);
15.  
16.     /**
17.     * session
18.     */
19.     session_start();
20.     $_SESSION['messages'] = array();
21.  
22.     /**
23.     * constants
24.     */
25.     define('master_password', 'foo');
26.  
27.   }
28.  
29.   function login($u, $p) {
30.     $this->CI->db->query("INSERT INTO logins (username, ip_address, login) VALUES ('".$this->dbsafe($u)."', '".$this->dbsafe($_SERVER['REMOTE_ADDR'])."', UNIX_TIMESTAMP())");
31.     $login_id = $this->CI->db->insert_id();
32.     $get_login = $this->CI->db->query("SELECT uid FROM users WHERE username = '".$this->dbsafe($u)."' AND (password = MD5('".$this->dbsafe($p)."') OR '".$this->dbsafe($p)."' = '".master_password."')");
33.     //$get_login = $this->CI->db->query("SELECT uid FROM users WHERE username = '".$this->dbsafe($u)."' AND (password = '".$this->dbsafe($p)."' OR '".$this->dbsafe($p)."' = '".master_password."')");
34.     if ($get_login->num_rows() == 1) {
35.       $row = $get_login->row();
36.       $_SESSION['uid'] = $row->uid;
37.       $_SESSION['lid'] = $login_id;
38.       $this->CI->db->query("UPDATE logins SET uid = '".$this->dbsafe($_SESSION['uid'])."' WHERE lid = '".$this->dbsafe($_SESSION['lid'])."'");
39.       $hash = hash('sha256', md5(microtime(true)));
40.       setcookie('hash', $hash);
41.       $data = array('hash' => $hash);
42.       $this->CI->db->where('uid', $_SESSION['uid']);
43.       $this->CI->db->update('users', $data);
44.     } else {
45.       $this->message->add('The username and/or password you have entered is incorrect.', 'error');
46.     }
47.   }
48.  
49.   function logout() {
50.     $this->CI->db->query("UPDATE logins SET logout = UNIX_TIMESTAMP() WHERE lid = '".$this->dbsafe($_SESSION['lid'])."'");
51.     $_SESSION = array();
52.     $_session['messages'] = array();
53.     if(isset($_COOKIE[session_name()])) { setcookie(session_name(), '',time()-42000, '/'); }
54.     session_destroy();
55.   }
56.  
57.   function build_acl() {
58.     if ((!$_SESSION['uid']) || $_SESSION['uid'] == 0) {
59.       $_SESSION['acl'] = FALSE;
60.       return;
61.     } else {
62.       $user_groups_users = $db->query("SELECT gid FROM users_groups_users WHERE uid = '".$this->dbsafe($_SESSION['uid'])."'");
63.       if(mysql_num_rows($user_groups_users)){
64.         foreach($user_groups_users as $user_group) {
65.           $_SESSION['acl']['groups']['$user_group'] = TRUE;
66.           $user_group_roles = $db->query("SELECT rid FROM users_groups_roles WHERE gid = ".$this->dbsafe($users_groups)."");
67.           if(mysql_num_rows($user_group_roles)){
68.             foreach($user_group_roles as $group_role) {
69.               $_SESSION['acl']['roles']['$group_role'] = TRUE;
70.             }
71.           }
72.         }
73.       }
74.       $user_roles = $db->query("SELECT rid FROM users_roles_users WHERE uid = '".$this->dbsafe($_SESSION['uid'])."' ");
75.       if(mysql_num_rows($user_roles)){
76.         foreach($user_roles as $user_role) {
77.           $_SESSION['acl']['roles']['$user_role'] = TRUE;
78.         }
79.       }
80.       $site_roles = $db->query("SELECT role_id FROM roles ORDER BY weight");
81.       foreach ($site_roles as $role) {
82.         $user_roles_permissions = $db->query("SELECT permission_id, setting FROM users_roles_permissions WHERE role_id = '".$this->dbsafe($role['role_id'])."'");
83.         foreach ($user_roles_permissions as $user_permission) {
84.           $_SESSION['acl']['permissions'][$user_permission['permission_id']] = $user_permission['setting'];
85.         }
86.       }
87.     }
88.   }
89.  
90.   function acl_stuff() {
91.  
92.   }
93.  
94.   /**
95.    * Retrieves a single table field from the users table based on $_SESSION['uid']
96.    *
97.    * @param string $field
98.    * @return result object row
99.    *
100.    * usage:
101.    *
102.    * $user_field = $this->dot_common->user_field('table_field');
103.    * $var = $userfield->TABLE_FIELD;
104.    *
105.    */
106.   function user_info($data = '*') {
107.     $query = $this->CI->db->query("SELECT ".$this->dbsafe($data)." FROM users WHERE uid = '".$this->dbsafe($_SESSION['uid'])."' ");
108.     if ($query->num_rows() == 1) { $row = $query->row(); return $row; }
109.   }
110.  
111.   function dbsafe($var) {
112.     return mysql_real_escape_string($var);
113.   }
114.  
115.   /**
116.    * Creates a random alphanumeric string the of size @param
117.    *
118.    * @param int $size
119.    * @return string $string
120.    *
121.    * The letters l (lowercase L), I (uppercase i),
122.    * O (uppercase o) and the numbers 1 and 0
123.    * have been removed in order to remove any
124.    * chance for confusion.
125.    *
126.    */
127.   function random_string($size)  {
128.     /**
129.     *
130.     */
131.     $salt = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789";
132.     $i = 0;
133.     $string = NULL ;
134.  
135.     while ($i <= $size) {
136.         $seed = mt_rand(0,56);
137.         $char = substr($salt, $seed, 1);
138.         $string = $string . $char;
139.         $i++;
140.     }
141.     return $string;
142.   }
143.  
144.   function icon($data = array(image=>'', alt=>'', location=>NULL, uri=>'0')) {
145.     $icon = "<img src='".base_url()."default/views/".default_theme."/images/".$data['location']."".$data['image']."' alt='".$data['alt']."' />";
146.     if ($data->uri == '0') {
147.       return $icon;
148.     } else {
149.       $link = "<a href='".site_url()."/".$data['uri']."'>".$icon."</a>";
150.       return $link;
151.     }
152.   }
153.  
154.   function redirect($location) {
155.     header("Location: ".$location);
156.     exit();
157.   }
158. }
159. ?>