git.dj3c1t.com Git - mtweb/blob - mw/app/data/modules/share/mw_data_users_sessions.php

   1 <?php
   2
   3   class mw_data_users_sessions extends mw_data{
   4
   5     var $user;
   6
   7     function login($login, $password){
   8       if(($user = $this->user($login)) !== false){
   9         if($this->password_ok($user, $password)){
  10           if(!$this->set_session($user)) $user = false;
  11         }
  12         else{
  13           $this->clear_session();
  14           $user = array();
  15         }
  16       }
  17       return $user;
  18     }
  19
  20     function logout(){
  21       return $this->clear_session();
  22     }
  23
  24     function user_ok($user){
  25       return
  26       strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0
  27       && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
  28     }
  29
  30     function password_ok($user, $password){
  31       if(!$user) return false;
  32       return
  33            strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0
  34         && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
  35     }
  36
  37     # ----------------------------------------------------------------------------------------
  38     #                                                                                  session
  39     #
  40
  41     function load_session(){
  42       @session_start();
  43       if(!isset($_SESSION["id"])) $this->clear_session();
  44       $user = array();
  45       if(isset($_SESSION["user"])){
  46         $user = $this->user($_SESSION["user"]);
  47       }
  48       elseif(isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
  49         if($user = $this->user($_COOKIE["user"])){
  50           $user["password"] = $_COOKIE["pass"];
  51           $this->set_session($user);
  52         }
  53       }
  54       if($user){
  55         if(!$this->user_ok($user)){
  56           $this->clear_session();
  57           $user = array();
  58         }
  59       }
  60       else $user = array();
  61       $this->user = $user;
  62       return $user;
  63     }
  64
  65     function set_session($user){
  66       $_SESSION["user"] = $user["login"];
  67       $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]);
  68       $env = $this->env();
  69       return
  70           setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web"))
  71       &&  setcookie("pass", $user["password"], time() + (60 * 60 * 24 * 7), $env->path("web"));
  72     }
  73
  74     function clear_session(){
  75       unset($_SESSION["user"]);
  76       unset($_SESSION["pass"]);
  77       $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
  78       $_SESSION["id"] = md5(rand());
  79       $env = $this->env();
  80       return
  81           setcookie("user", "", 0, $env->path("web"))
  82       &&  setcookie("pass", "", 0, $env->path("web"));
  83     }
  84
  85     function get_session_user(){
  86       return $this->user;
  87     }
  88
  89   }
  90
  91 ?>