Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- login::init();
- /**
- * Class for handling user login sessions.
- * @static
- */
- class login
- {
- /**
- * Is the user logged in?
- * @var boolean
- */
- public static $logged_in = null;
- /**
- * Session expire types.
- * @var int
- */
- const EXPIRE_TYPE_ALWAYS = 1;
- const EXPIRE_TYPE_BROWSER = 2;
- /**
- * Session info.
- * @var array
- */
- public static $info = null;
- /**
- * User object for the online user.
- * @var user
- */
- public static $user = false;
- /**
- * Initializer
- * @return void
- */
- public static function init()
- {
- if (!is_null(self::$logged_in))
- return;
- self::$logged_in = false;
- self::check_status();
- }
- /**
- * Check if there is a session and if it's active.
- * @return void
- */
- private static function check_status()
- {
- $time = time();
- if (defined('SCRIPT_AJAX'))
- {
- if (!session_id())
- {
- if (!isset($_COOKIE[session_name()], $_COOKIE['id'], $_COOKIE['h']))
- return;
- sess_start();
- }
- if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in'])
- return;
- if ($_SESSION['ses_info']['ses_expire_time'] <= $time)
- {
- self::logout();
- return;
- }
- self::$logged_in = $_SESSION['logged_in'];
- self::$info = $_SESSION['ses_info'];
- self::load_user(self::$info['ses_u_id']);
- }
- else
- {
- if (isset($_COOKIE['id'], $_COOKIE['h']) && substr_count($_COOKIE['id'], ':') == 1 && strlen($_COOKIE['h']) == 32)
- {
- list($ses_id, $u_id) = explode(':', $_COOKIE['id']);
- $hash = $_COOKIE['h'];
- $ses_id = intval($ses_id);
- $u_id = intval($u_id);
- $result = base::$b->db->query(
- "SELECT ses_id, ses_u_id, ses_hash, ses_expire_type, ses_expire_time, ses_browsers, ses_phpsessid, ses_last_ip, ses_last_time, ses_mod_auth
- FROM login_sessions
- WHERE ses_id = {$ses_id} AND ses_u_id = {$u_id} AND ses_active = 1 AND ses_expire_time > ".$time);
- if ($row = $result->fetch_assoc())
- {
- if ($hash != $row['ses_hash'])
- $row = false;
- }
- $result->free();
- if ($row)
- {
- self::$info = $row;
- sess_start(self::$info['ses_phpsessid']);
- $extra = '';
- if (remote_ip() != self::$info['ses_last_ip'] && self::$info['ses_last_ip'] != '')
- {
- $ip_list = explode(';', base::$b->db->query_fetch_row("SELECT ses_ip_list FROM login_sessions WHERE ses_id = {$ses_id}")[0]);
- $ok = false;
- if (in_array(remote_ip(), $ip_list))
- {
- $ok = true;
- }
- elseif ($hash == $row['ses_hash'])
- {
- $ok = true;
- $ip_list[] = remote_ip();
- $extra .= ", ses_ip_list = ".base::$b->db->quote(implode(';', $ip_list));
- }
- if (!$ok)
- {
- self::logout();
- #redirect::handle('');
- # TODO ^
- }
- $extra .= ", ses_last_ip = ".base::$b->db->quote(remote_ip());
- }
- $expire = $time + (self::$info['ses_expire_type'] == self::EXPIRE_TYPE_ALWAYS ? 31536000 : 86400);
- self::$info['ses_expire_time'] = $expire;
- $browsers = self::$info['ses_browsers'] == '' ? [] : explode("\n", self::$info['ses_browsers']);
- if (!in_array($_SERVER['HTTP_USER_AGENT'], $browsers))
- {
- $browsers[] = $_SERVER['HTTP_USER_AGENT'];
- $extra .= ", ses_browsers = ".base::$b->db->quote(implode("\n", $browsers));
- }
- if (self::$info['ses_last_time'] != $time || $extra != '')
- base::$b->db->query("UPDATE login_sessions SET ses_expire_time = {$expire}, ses_last_time = {$time}{$extra} WHERE ses_id = {$ses_id}");
- self::load_user($u_id);
- self::$logged_in = $_SESSION['logged_in'] = true;
- $_SESSION['ses_info'] = &self::$info;
- if (self::$user->data['last_online'] != $time)
- {
- self::$user->data['last_online'] = $time;
- base::$b->db->query("UPDATE users SET last_online = {$time} WHERE id = ".self::$user->id);
- }
- }
- else
- {
- self::logout();
- }
- }
- else
- {
- sess_start();
- }
- }
- }
- /**
- * Load user object.
- * @param int $u_id
- * @return void
- */
- private static function load_user($u_id)
- {
- if (!user::get($u_id, true))
- self::logout();
- }
- /**
- * End session and log out.
- * @param optional boolean $all_sessions
- * @return boolean or int
- */
- public static function logout($all_sessions = false)
- {
- sess_start();
- unset($_SESSION['logged_in']);
- unset($_SESSION['ses_info']);
- session_regenerate_id(true);
- if (isset($_COOKIE['id']))
- cookie::delete('id');
- if (isset($_COOKIE['h']))
- cookie::delete('h');
- if (isset(self::$info['ses_u_id']))
- {
- base::$b->db->query("UPDATE login_sessions SET ses_active = 0, ses_logout_time = ".time()." WHERE ses_u_id = ".self::$info['ses_u_id']." AND ".
- ($all_sessions
- ? "ses_active = 1"
- : ("ses_id = ".self::$info['ses_id']." AND ses_active = 1")));
- return $all_sessions ? base::$b->db->affected_rows : true;
- }
- return false;
- }
- /**
- * Log out a specific user by ID.
- * @param int $u_id
- * @return boolean
- */
- public static function logout_u_id($u_id)
- {
- base::$b->db->query("UPDATE login_sessions SET ses_active = 0, ses_logout_time = ".time()." WHERE ses_u_id = ".intval($u_id)." AND ses_active = 1");
- return base::$b->db->affected_rows != 0;
- }
- /**
- * Log out a specific session by ID.
- * @param int $ses_id
- * @param optional boolean $check_owner
- * @return boolean
- */
- public static function logout_ses_id($ses_id, $check_owner = false)
- {
- base::$b->db->query("UPDATE login_sessions SET ses_active = 0, ses_logout_time = ".time()." WHERE ses_id = ".intval($ses_id)." AND ses_active = 1".($check_owner ? " AND ses_u_id = ".self::$user->id : ""));
- return base::$b->db->affected_rows == 1;
- }
- /**
- * Handle login request.
- * @param string $username
- * @param string $passwd
- * @param optional int $expire_type
- * @return boolean
- */
- public static function do_login($username, $passwd, $expire_type = self::EXPIRE_TYPE_ALWAYS)
- {
- $user = base::$b->db->query_fetch_assoc("SELECT id, password FROM users WHERE username = ".base::$b->db->quote($username)." LIMIT 1");
- if (!$user)
- return false;
- if (!password::verify($passwd, $user['password']))
- return false;
- return self::do_login_handle($user['id'], $expire_type);
- }
- /**
- * Do the login. (after verifying credentials)
- * @param int $u_id
- * @param optional int $expire_type
- * @return boolean
- */
- public static function do_login_handle($u_id, $expire_type = self::EXPIRE_TYPE_ALWAYS)
- {
- $u_id = intval($u_id);
- $ses_hash = md5(microtime().mt_rand().$u_id);
- $expire = time() + ($expire_type == self::EXPIRE_TYPE_ALWAYS ? 31536000 : 86400);
- base::$b->db->query(
- "INSERT INTO login_sessions
- SET ses_u_id = {$u_id},
- ses_hash = ".base::$b->db->quote($ses_hash).",
- ses_expire_type = {$expire_type},
- ses_expire_time = {$expire},
- ses_created_time = ".time().",
- ses_ip_list = ".base::$b->db->quote(remote_ip()).",
- ses_browsers = ".base::$b->db->quote($_SERVER['HTTP_USER_AGENT']).",
- ses_phpsessid = ".base::$b->db->quote(session_id()).",
- ses_last_ip = ".base::$b->db->quote(remote_ip()).",
- ses_last_time = ".time());
- $ses_id = base::$b->db->insert_id;
- $cookie_expire = $expire_type = self::EXPIRE_TYPE_ALWAYS ? 31536000 : 0;
- cookie::set('id', $ses_id.':'.$u_id, $cookie_expire);
- cookie::set('h', $ses_hash, $cookie_expire);
- self::$logged_in = true;
- self::$info =
- [
- 'ses_id' => $ses_id,
- 'ses_u_id' => $u_id,
- 'ses_hash' => $ses_hash,
- 'ses_expire_type' => $expire_type,
- 'ses_expire_time' => $expire,
- 'ses_browsers' => $_SERVER['HTTP_USER_AGENT'],
- 'ses_phpsessid' => session_id(),
- 'ses_last_ip' => remote_ip(),
- 'ses_last_time' => time()
- ];
- self::load_user($u_id);
- return true;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement