mecanisme d'upgrade

[mtweb] / mw / app / data / modules / share / mw_data_users_sessions.php

<?php

  class mw_data_users_sessions extends mw_data{

    var $user;

    function login($login, $password, $reference_user = null){
      if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
        if(isset($reference_user) && $login != $reference_user["login"]){
          $this->clear_session();
          return array();
        }
        if($this->password_ok($user, $password)){
          if(!$this->set_session($user)) $user = false;
        }
        else{
          $this->clear_session();
          $user = array();
        }
      }
      return $user;
    }

    function logout(){
      return $this->clear_session();
    }

    function user_ok($user){
      return
          (isset($_SESSION[$this->app_session_key()]["id"]))
      &&  (isset($_SESSION[$this->app_session_key()]["pass"]))
      &&  (isset($_SESSION[$this->app_session_key()]["ip"]))
      &&  (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $_SESSION[$this->app_session_key()]["pass"]) == 0)
      &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
    }

    function password_ok($user, $password){
      if(!$user) return false;
      $OK =
          (isset($_SESSION[$this->app_session_key()]["id"]))
      &&  (isset($_SESSION[$this->app_session_key()]["ip"]))
      &&  (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
      &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
      ;
      return $OK;
    }

    # ----------------------------------------------------------------------------------------
    #                                                                                  session
    #

    function app_session_key(){
      $env = $this->env();
      return "mw_".str_replace("/", "_", $env->path("web"));
    }

    function load_session($reference_user = null){
      @session_start();
      if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
      $user = array();
      if(isset($_SESSION[$this->app_session_key()]["user"])){
        $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
      }
      elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
        if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
          $user["password"] = $_COOKIE[$this->app_session_key()."_pass"];
          $this->set_session($user);
        }
      }
      if($user){
        if(!$this->user_ok($user)){
          $this->clear_session();
          $user = array();
        }
      }
      else $user = array();
      $this->user = $user;
      return $user;
    }

    function set_session($user){
      if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session();
      $_SESSION[$this->app_session_key()]["user"] = $user["login"];
      $_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
      $env = $this->env();
      return
          @setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
      &&  @setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
    }

    function clear_session(){
      unset($_SESSION[$this->app_session_key()]);
      $_SESSION[$this->app_session_key()] = array(
        "ip" => $_SERVER["REMOTE_ADDR"],
        "id" => md5(rand())
      );
      return
          @setcookie($this->app_session_key()."_user", "", 0, "/")
      &&  @setcookie($this->app_session_key()."_pass", "", 0, "/");
    }

    function set_session_user($user){
      $this->set_session($user);
      $this->user =& $user;
    }

    function get_session_user(){
      return $this->user;
    }

  }

?>