<?php# Loginfunction session_defaults(){ $_SESSION['logged'] = false;

1. <?php
2. # Login
3.  
4. function session_defaults()
5. {
6.     $_SESSION['logged'] = false;
7.     $_SESSION['uid'] = 0;
8.     $_SESSION['account'] = "";
9.     $_SESSION['cookie'] = 0;
10.     $_SESSION['remember'] = false;
11.    
12.     if(!isset($_SESSION['uid']))
13.     {
14.         session_defaults();
15.     }
16. }
17.  
18. class User
19. {
20.     var $db = null; // PEAR::DB pointer
21.     var $failed = false; // failed login attempt
22.     var $date; // current date GMT
23.     var $id = 0; // the current user's id
24.    
25.     function User(&$db)
26.     {
27.         $this->db = $db;
28.         $this->date = $GLOBALS['date'];
29.         if($_SESSION['logged'])
30.         {
31.             $this->_checkSession();
32.         }
33.         elseif(isset($_COOKIE['mtwebLogin']))
34.         {
35.             $this->_checkRemembered($_COOKIE['mtwebLogin']);
36.         }
37.     }
38. }
39.  
40. $date = gmdate("d-m-Y");
41. $db = db_connect();
42. $user = new User($db);
43.  
44. function _checkLogin($account, $password, $remember)
45. {
46.     $account = $this->db->quote($account);
47.     $password = $this->db->quote(md5($password));
48.     $sql = "SELECT * FROM controlpannel_users WHERE " .
49.     "account = $account AND " .
50.     "password = $password";
51.    
52.     $result = $this->db->getRow($sql);
53.     if(is_object($result))
54.     {
55.         $this->_setSession($result, $remember);
56.         return true;
57.     }
58.     else
59.     {
60.         $this->failed = true;
61.         $this->_logout();
62.         return false;
63.     }
64. }
65.  
66. function _setSession(&$values, $remember, $init = true)
67. {
68.     $this->id = $values->id;
69.     $_SESSION['uid'] = $this->id;
70.     $_SESSION['account'] = htmlspecialchars($values->account);
71.     $_SESSION['cookie'] = $values->cookie;
72.     $_SESSION['logged'] = true;
73.    
74.     if($remember)
75.     {
76.         $this->updateCookie($values->cookie, true);
77.     }
78.     if($init)
79.     {
80.         $session = $this->db->quote(session_id());
81.         $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
82.         $sql = "UPDATE controlpannel SET session = $session, ip = $ip WHERE " .
83.         "id = $this->id";
84.         $this->db->query($sql);
85.     }
86. }
87.  
88. function updateCookie($cookie, $save)
89. {
90.     $_SESSION['cookie'] = $cookie;
91.     if($save)
92.     {
93.         $cookie = serialize(array($_SESSION['account'], $cookie));
94.         set_cookie('mtwebLogin', $cookie, time() + 31104000, '/directory/');
95.     }
96. }
97.  
98. function _checkRemembered($cookie)
99. {
100.     list($account, $cookie) = @unserialize($cookie);
101.     if(!$account or !$cookie)
102.         return;
103.     $account = $this->db->quote($account);
104.     $cookie = $this->db->quote($cookie);
105.     $sql = "SELECT * FROM controlpannel WHERE " .
106.     "(account = $account) AND (cookie = $cookie)";
107.     $result = $this->db->getRow($sql);
108.     if(is_object($result))
109.     {
110.         $this->_setSession($result, true);
111.     }
112. }
113.  
114. function _checkSession()
115. {
116.     $account = $this->db->quote($_SESSION['account']);
117.     $cookie = $this->db->quote($_SESSION['cookie']);
118.     $session = $this->db->quote(session_id());
119.     $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
120.     $sql = "SELECT * FROM member WHERE " .
121.     "(account = $account) AND (cookie = $cookie) AND " .
122.     "(session = $session) AND (ip = $ip)";
123.     $result = $this->db->getRow($sql);
124.     if (is_object($result))
125.     {
126.         $this->_setSession($result, false, false);
127.     }
128.     else
129.     {
130.         $this->_logout();
131.     }
132. }
133. ?>