<?php/** * Description of class auth * Used for session based login *

1. <?php
2.  
3. /**
4. * Description of class auth
5. * Used for session based login
6. * Depends on user class roles
7. * @property string $strUserName Username from POST var
8. * @property string $strPassword Password from POST var
9. * @property bool $iRemember Bool to set remember me cookie
10. * @property bool $strRemoteAddr IP address
11. * @property int $iTimeOutSeconds Number of session keep alive seconds
12. * @property string $doLogout GET var with logout action
13. * @property int $iUserID Users ID
14. * @property object $user User Object
15. *
16. */
17. class auth
18. {
19. public $strUserName;
20. public $strPassword;
21. public $iRemember;
22. public $strRemoteAddr;
23. public $strErrMessage;
24. public $iTimeOutSeconds;
25. public $doLogout;
26. public $iUserID;
27. public $user;
28. public $loginWin;
29. public $iShowLoginForm;
30. public $errorMessage;
31.  
32. /* Error Constants */
33. const ERR_NOUSERFOUND = 1;
34. const ERR_NOSESSIONFOUND = 2;
35. const ERR_NOACCESS = 3;
36.  
37. /**
38. * Class Constructor
39. * Set defaults
40. * Sets strUserName, strPassword, iRemember & doLogout to watch POST & GET vars
41. * Call method athentificate
42. * @global type $db
43. */
44. public function __construct()
45. {
46. global $db;
47. $this->db = $db;
48. session_start();
49. $this->strUserName = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING);
50. $this->strPassword = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
51. $this->iRemember = filter_input(INPUT_POST, "remember", FILTER_SANITIZE_STRING);
52. $this->strRemoteAddr = filter_input(INPUT_SERVER, "REMOTE_ADDR", FILTER_VALIDATE_IP);
53. $this->doLogout = filter_input(INPUT_GET, "action", FILTER_SANITIZE_STRING);
54. $this->iTimeOutSeconds = 3600;
55. $this->iUserID = 0;
56. $this->iShowLoginForm = 1;
57. $this->loginWin = $_SERVER["DOCUMENT_ROOT"] . "/../public_html//login.php";
58. $this->user = new user();
59. $this->errorMessage = "";
60. }
61.  
62. /**
63. * Method Authentificate
64. * If GET["action"] = logout run method logout
65. * If set strUserName & strPassword run method initUser
66. * Else run method getSession
67. */
68. public function authentificate()
69. {
70. if ($this->doLogout === "logout") {
71. $this->logout();
72. }
73. if ($this->strUserName && $this->strPassword) {
74. $this->errorMessage = $this->initUser();
75. } else {
76. if (!$this->getSession()) {
77. if ($this->iShowLoginForm) {
78. echo $this->loginform();
79. }
80. }
81. }
82. }
83.  
84. /**
85. * Method Initialize User
86. * Selects user from username & password
87. * If true - insert session into usersession and call user object
88. * (User Obj sets roles)
89. */
90.  
91. private function initUser()
92. {
93. //md5
94. $params = array($this->strUserName, $this->strPassword);
95. $strSelectUser = "SELECT iUserID FROM user " .
96. "WHERE vcUserName = ? " .
97. "AND vcPassword = ? " .
98. "AND iSuspended = 0 " .
99. "AND iDeleted = 0";
100.  
101. if ($this->iUserID = $this->db->_fetch_value($strSelectUser, $params)) {
102. $params = array(
103. session_id(),
104. $this->iUserID,
105. $this->strRemoteAddr,
106. 1,
107. time(),
108. time()
109. );
110.  
111.  
112. $strInsertSession = "INSERT INTO usersession (" .
113. "vcSessionID," .
114. "iUserID," .
115. "iIpAddress, " .
116. "iIsLoggedIn, " .
117. "daLoginCreated, " .
118. "daLastAction) " .
119. "VALUES(?,?,?,?,?,?)";
120. $this->db->_query($strInsertSession, $params);
121. $this->user->getUser($this->iUserID);
122. header("Location: " . $_SERVER["PHP_SELF"]);
123. } else {
124. if ($this->iShowLoginForm) {
125. echo $this->loginform(self::ERR_NOUSERFOUND);
126. } else {
127. return $this->getError(self::ERR_NOUSERFOUND);
128. }
129. }
130. if ($this->iRemember) {
131. setcookie('vcUserName', $this->strUserName, time() + (86400 * 365), "/");
132. setcookie('vcPassword', $this->strPassword, time() + (86400 * 365), "/");
133. } else {
134. setcookie('vcUserName', '', time() - 3600, "/");
135. setcookie('vcPassword', '', time() - 3600, "/");
136. unset($_COOKIE["vcUserName"]);
137. unset($_COOKIE["vcPassword"]);
138. }
139. }
140.  
141. /**
142. * Method Get Session
143. * Checks if db usersession has a session id matching value
144. * If true check if session is outdates
145. * If true - insert session into usersession and call user object
146. * (User Obj sets roles)
147. * @return int $iUserID Returns the users ID
148. */
149. private
150. function getSession()
151. {
152. $params = array(session_id());
153. $strSelectSession = "SELECT iUserID, daLastAction FROM usersession " .
154. "WHERE vcSessionID = ? " .
155. "AND iIsLoggedIn = 1";
156.  
157. $row = $this->db->_fetch_array($strSelectSession, $params);
158.  
159. if (count($row) > 0) {
160. $row = call_user_func_array("array_merge", $row);
161. if ($row["daLastAction"] > time() - ($this->iTimeOutSeconds)) {
162. $this->iUserID = $row["iUserID"];
163. $this->user->getUser($this->iUserID);
164. $this->updateSession();
165. return $this->iUserID;
166. } else {
167. $this->logout();
168. }
169. }
170. }
171.  
172. /**
173. * Method Update Session
174. * Updates daLastAction in the current session
175. */
176. private
177. function updateSession()
178. {
179. $params = array(session_id());
180. $strUpdate = "UPDATE usersession " .
181. "SET daLastAction = UNIX_TIMESTAMP() " .
182. "WHERE vcSessionID = ?";
183. $this->db->_query($strUpdate, $params);
184. }
185.  
186. /**
187. * Method Logout
188. * Updates usersession iIsLoggedIn to false
189. * Destroys current session and resets session id
190. */
191. private function logout()
192. {
193. $params = array(session_id());
194. $strSessionUpdate = "UPDATE usersession SET iIsLoggedIn = 0 WHERE vcSessionID = ?";
195. $this->db->_query($strSessionUpdate, $params);
196. session_unset();
197. session_destroy();
198. session_start();
199. session_regenerate_id();
200. }
201.  
202. /**
203. * Method Login Form
204. * Calls output buffer for rendering login form
205. * Includes a clean php file with login form html and css
206. * Get error messages and replaces error codes if any errors
207. * @param int $errCode
208. * @return string Returns full html of login window
209. */
210. public function loginform($errCode = 0)
211. {
212. ob_start();
213. include_once $this->loginWin;
214. $strBuffer = ob_get_clean();
215. $strErrorMsg = self::getError($errCode);
216. $strContent = str_replace("@ERRORMSG@", $strErrorMsg, $strBuffer);
217. return $strContent;
218. }
219.  
220. /**
221. * Method Check Session
222. * Checks if db usersession has a session id matching value
223. * @return bool Returns true or false
224. */
225. public
226. function checkSession()
227. {
228. $params = array(session_id());
229. $strSelectSession = "SELECT iUserID, daLastAction FROM usersession " .
230. "WHERE vcSessionID = ? " .
231. "AND iIsLoggedIn = 1";
232. $row = $this->db->_fetch_array($strSelectSession, $params);
233. if (count($row) > 0) {
234. $row = call_user_func_array("array_merge", $row);
235. if ($row["daLastAction"] > time() - ($this->iTimeOutSeconds)) {
236. return TRUE;
237. } else {
238. return FALSE;
239. }
240. }
241. }
242.  
243. /**
244. * Method getError
245. * Switches error constants to a string message
246. * @param int $int
247. * @return string Returns a string with error message
248. */
249. private
250. function getError($int)
251. {
252. switch ($int) {
253. default:
254. $strErr = '';
255. break;
256. case self::ERR_NOUSERFOUND:
257. $strErr = "Brugernavn eller password er forkert!";
258. break;
259. case self::ERR_NOSESSIONFOUND:
260. $strErr = "Bad Session!";
261. break;
262. case self::ERR_NOACCESS:
263. $strErr = "Du har ikke rettigheder til at se dette indhold!";
264. break;
265. }
266. return $strErr;
267. }
268.  
269. }