API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 31st, 2016
141
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.81 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. login::init();
  4.  
  5. /**
  6. * Class for handling user login sessions.
  7. * @static
  8. */
  9. class login
  10. {
  11. /**
  12. * Is the user logged in?
  13. * @var boolean
  14. */
  15. public static $logged_in = null;
  16.  
  17. /**
  18. * Session expire types.
  19. * @var int
  20. */
  21. const EXPIRE_TYPE_ALWAYS = 1;
  22. const EXPIRE_TYPE_BROWSER = 2;
  23.  
  24. /**
  25. * Session info.
  26. * @var array
  27. */
  28. public static $info = null;
  29.  
  30. /**
  31. * User object for the online user.
  32. * @var user
  33. */
  34. public static $user = false;
  35.  
  36. /**
  37. * Initializer
  38. * @return void
  39. */
  40. public static function init()
  41. {
  42. if (!is_null(self::$logged_in))
  43. return;
  44.  
  45. self::$logged_in = false;
  46. self::check_status();
  47. }
  48.  
  49. /**
  50. * Check if there is a session and if it's active.
  51. * @return void
  52. */
  53. private static function check_status()
  54. {
  55. $time = time();
  56.  
  57. if (defined('SCRIPT_AJAX'))
  58. {
  59. if (!session_id())
  60. {
  61. if (!isset($_COOKIE[session_name()], $_COOKIE['id'], $_COOKIE['h']))
  62. return;
  63.  
  64. sess_start();
  65. }
  66.  
  67. if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in'])
  68. return;
  69.  
  70. if ($_SESSION['ses_info']['ses_expire_time'] <= $time)
  71. {
  72. self::logout();
  73. return;
  74. }
  75.  
  76. self::$logged_in = $_SESSION['logged_in'];
  77. self::$info = $_SESSION['ses_info'];
  78.  
  79. self::load_user(self::$info['ses_u_id']);
  80. }
  81. else
  82. {
  83. if (isset($_COOKIE['id'], $_COOKIE['h']) && substr_count($_COOKIE['id'], ':') == 1 && strlen($_COOKIE['h']) == 32)
  84. {
  85. list($ses_id, $u_id) = explode(':', $_COOKIE['id']);
  86. $hash = $_COOKIE['h'];
  87.  
  88. $ses_id = intval($ses_id);
  89. $u_id = intval($u_id);
  90.  
  91. $result = base::$b->db->query(
  92. "SELECT ses_id, ses_u_id, ses_hash, ses_expire_type, ses_expire_time, ses_browsers, ses_phpsessid, ses_last_ip, ses_last_time, ses_mod_auth
  93. FROM login_sessions
  94. WHERE ses_id = {$ses_id} AND ses_u_id = {$u_id} AND ses_active = 1 AND ses_expire_time > ".$time);
  95.  
  96. if ($row = $result->fetch_assoc())
  97. {
  98. if ($hash != $row['ses_hash'])
  99. $row = false;
  100. }
  101.  
  102. $result->free();
  103.  
  104. if ($row)
  105. {
  106. self::$info = $row;
  107. sess_start(self::$info['ses_phpsessid']);
  108.  
  109. $extra = '';
  110.  
  111. if (remote_ip() != self::$info['ses_last_ip'] && self::$info['ses_last_ip'] != '')
  112. {
  113. $ip_list = explode(';', base::$b->db->query_fetch_row("SELECT ses_ip_list FROM login_sessions WHERE ses_id = {$ses_id}")[0]);
  114.  
  115. $ok = false;
  116. if (in_array(remote_ip(), $ip_list))
  117. {
  118. $ok = true;
  119. }
  120. elseif ($hash == $row['ses_hash'])
  121. {
  122. $ok = true;
  123.  
  124. $ip_list[] = remote_ip();
  125. $extra .= ", ses_ip_list = ".base::$b->db->quote(implode(';', $ip_list));
  126. }
  127.  
  128. if (!$ok)
  129. {
  130. self::logout();
  131. #redirect::handle('');
  132. # TODO ^
  133. }
  134.  
  135. $extra .= ", ses_last_ip = ".base::$b->db->quote(remote_ip());
  136. }
  137.  
  138. $expire = $time + (self::$info['ses_expire_type'] == self::EXPIRE_TYPE_ALWAYS ? 31536000 : 86400);
  139. self::$info['ses_expire_time'] = $expire;
  140.  
  141. $browsers = self::$info['ses_browsers'] == '' ? [] : explode("\n", self::$info['ses_browsers']);
  142. if (!in_array($_SERVER['HTTP_USER_AGENT'], $browsers))
  143. {
  144. $browsers[] = $_SERVER['HTTP_USER_AGENT'];
  145. $extra .= ", ses_browsers = ".base::$b->db->quote(implode("\n", $browsers));
  146. }
  147.  
  148. if (self::$info['ses_last_time'] != $time || $extra != '')
  149. base::$b->db->query("UPDATE login_sessions SET ses_expire_time = {$expire}, ses_last_time = {$time}{$extra} WHERE ses_id = {$ses_id}");
  150.  
  151. self::load_user($u_id);
  152.  
  153. self::$logged_in = $_SESSION['logged_in'] = true;
  154. $_SESSION['ses_info'] = &self::$info;
  155.  
  156. if (self::$user->data['last_online'] != $time)
  157. {
  158. self::$user->data['last_online'] = $time;
  159. base::$b->db->query("UPDATE users SET last_online = {$time} WHERE id = ".self::$user->id);
  160. }
  161. }
  162. else
  163. {
  164. self::logout();
  165. }
  166. }
  167. else
  168. {
  169. sess_start();
  170. }
  171. }
  172. }
  173.  
  174. /**
  175. * Load user object.
  176. * @param int $u_id
  177. * @return void
  178. */
  179. private static function load_user($u_id)
  180. {
  181. if (!user::get($u_id, true))
  182. self::logout();
  183. }
  184.  
  185. /**
  186. * End session and log out.
  187. * @param optional boolean $all_sessions
  188. * @return boolean or int
  189. */
  190. public static function logout($all_sessions = false)
  191. {
  192. sess_start();
  193. unset($_SESSION['logged_in']);
  194. unset($_SESSION['ses_info']);
  195. session_regenerate_id(true);
  196.  
  197. if (isset($_COOKIE['id']))
  198. cookie::delete('id');
  199.  
  200. if (isset($_COOKIE['h']))
  201. cookie::delete('h');
  202.  
  203. if (isset(self::$info['ses_u_id']))
  204. {
  205. base::$b->db->query("UPDATE login_sessions SET ses_active = 0, ses_logout_time = ".time()." WHERE ses_u_id = ".self::$info['ses_u_id']." AND ".
  206. ($all_sessions
  207. ? "ses_active = 1"
  208. : ("ses_id = ".self::$info['ses_id']." AND ses_active = 1")));
  209.  
  210. return $all_sessions ? base::$b->db->affected_rows : true;
  211. }
  212.  
  213. return false;
  214. }
  215.  
  216. /**
  217. * Log out a specific user by ID.
  218. * @param int $u_id
  219. * @return boolean
  220. */
  221. public static function logout_u_id($u_id)
  222. {
  223. base::$b->db->query("UPDATE login_sessions SET ses_active = 0, ses_logout_time = ".time()." WHERE ses_u_id = ".intval($u_id)." AND ses_active = 1");
  224. return base::$b->db->affected_rows != 0;
  225. }
  226.  
  227. /**
  228. * Log out a specific session by ID.
  229. * @param int $ses_id
  230. * @param optional boolean $check_owner
  231. * @return boolean
  232. */
  233. public static function logout_ses_id($ses_id, $check_owner = false)
  234. {
  235. base::$b->db->query("UPDATE login_sessions SET ses_active = 0, ses_logout_time = ".time()." WHERE ses_id = ".intval($ses_id)." AND ses_active = 1".($check_owner ? " AND ses_u_id = ".self::$user->id : ""));
  236. return base::$b->db->affected_rows == 1;
  237. }
  238.  
  239. /**
  240. * Handle login request.
  241. * @param string $username
  242. * @param string $passwd
  243. * @param optional int $expire_type
  244. * @return boolean
  245. */
  246. public static function do_login($username, $passwd, $expire_type = self::EXPIRE_TYPE_ALWAYS)
  247. {
  248. $user = base::$b->db->query_fetch_assoc("SELECT id, password FROM users WHERE username = ".base::$b->db->quote($username)." LIMIT 1");
  249. if (!$user)
  250. return false;
  251.  
  252. if (!password::verify($passwd, $user['password']))
  253. return false;
  254.  
  255. return self::do_login_handle($user['id'], $expire_type);
  256. }
  257.  
  258. /**
  259. * Do the login. (after verifying credentials)
  260. * @param int $u_id
  261. * @param optional int $expire_type
  262. * @return boolean
  263. */
  264. public static function do_login_handle($u_id, $expire_type = self::EXPIRE_TYPE_ALWAYS)
  265. {
  266. $u_id = intval($u_id);
  267. $ses_hash = md5(microtime().mt_rand().$u_id);
  268.  
  269. $expire = time() + ($expire_type == self::EXPIRE_TYPE_ALWAYS ? 31536000 : 86400);
  270.  
  271. base::$b->db->query(
  272. "INSERT INTO login_sessions
  273. SET ses_u_id = {$u_id},
  274. ses_hash = ".base::$b->db->quote($ses_hash).",
  275. ses_expire_type = {$expire_type},
  276. ses_expire_time = {$expire},
  277. ses_created_time = ".time().",
  278. ses_ip_list = ".base::$b->db->quote(remote_ip()).",
  279. ses_browsers = ".base::$b->db->quote($_SERVER['HTTP_USER_AGENT']).",
  280. ses_phpsessid = ".base::$b->db->quote(session_id()).",
  281. ses_last_ip = ".base::$b->db->quote(remote_ip()).",
  282. ses_last_time = ".time());
  283.  
  284. $ses_id = base::$b->db->insert_id;
  285.  
  286. $cookie_expire = $expire_type = self::EXPIRE_TYPE_ALWAYS ? 31536000 : 0;
  287. cookie::set('id', $ses_id.':'.$u_id, $cookie_expire);
  288. cookie::set('h', $ses_hash, $cookie_expire);
  289.  
  290. self::$logged_in = true;
  291. self::$info =
  292. [
  293. 'ses_id' => $ses_id,
  294. 'ses_u_id' => $u_id,
  295. 'ses_hash' => $ses_hash,
  296. 'ses_expire_type' => $expire_type,
  297. 'ses_expire_time' => $expire,
  298. 'ses_browsers' => $_SERVER['HTTP_USER_AGENT'],
  299. 'ses_phpsessid' => session_id(),
  300. 'ses_last_ip' => remote_ip(),
  301. 'ses_last_time' => time()
  302. ];
  303.  
  304. self::load_user($u_id);
  305. return true;
  306. }
  307. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!