function user_ok($user){
return
- strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0
- && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
+ (isset($_SESSION[$this->app_session_key()]["id"]))
+ && (isset($_SESSION[$this->app_session_key()]["pass"]))
+ && (isset($_SESSION[$this->app_session_key()]["ip"]))
+ && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $_SESSION[$this->app_session_key()]["pass"]) == 0)
+ && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
}
function password_ok($user, $password){
if(!$user) return false;
return
- strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0
- && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
+ (isset($_SESSION[$this->app_session_key()]["id"]))
+ && (isset($_SESSION[$this->app_session_key()]["ip"]))
+ && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
+ && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
}
# ----------------------------------------------------------------------------------------
# session
#
+ function app_session_key(){
+ $env = $this->env();
+ return "mw_".str_replace("/", "_", $env->path("web"));
+ }
+
function load_session(){
@session_start();
- if(!isset($_SESSION["id"])) $this->clear_session();
+ if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
$user = array();
- if(isset($_SESSION["user"])){
- $user = $this->user($_SESSION["user"]);
+ if(isset($_SESSION[$this->app_session_key()]["user"])){
+ $user = $this->user($_SESSION[$this->app_session_key()]["user"]);
}
- elseif(isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
- if($user = $this->user($_COOKIE["user"])){
- $user["password"] = $_COOKIE["pass"];
+ elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
+ if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
+ $user["password"] = $_COOKIE[$this->app_session_key()."_pass"];
$this->set_session($user);
}
}
}
function set_session($user){
- $_SESSION["user"] = $user["login"];
- $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]);
+ if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session();
+ $_SESSION[$this->app_session_key()]["user"] = $user["login"];
+ $_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
$env = $this->env();
return
- setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web"))
- && setcookie("pass", $user["password"], time() + (60 * 60 * 24 * 7), $env->path("web"));
+ setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
+ && setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
}
function clear_session(){
- unset($_SESSION["user"]);
- unset($_SESSION["pass"]);
- $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
- $_SESSION["id"] = md5(rand());
+ unset($_SESSION[$this->app_session_key()]);
+ $_SESSION[$this->app_session_key()] = array(
+ "ip" => $_SERVER["REMOTE_ADDR"],
+ "id" => md5(rand())
+ );
$env = $this->env();
return
- setcookie("user", "", 0, $env->path("web"))
- && setcookie("pass", "", 0, $env->path("web"));
+ setcookie($this->app_session_key()."_user", "", 0, "/")
+ && setcookie($this->app_session_key()."_pass", "", 0, "/");
}
function get_session_user(){
projects / mtweb / blobdiff