3 class mw_data_users_sessions extends mw_data{
7 public function login($login, $password, $reference_user = null){
8 if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
9 if(isset($reference_user) && $login != $reference_user["login"]){
10 $this->clear_session();
13 if($this->password_ok($user, $password)){
14 if(!$this->set_session($user)) $user = false;
17 $this->clear_session();
24 public function logout(){
25 return $this->clear_session();
28 public function user_ok($user){
30 (isset($_SESSION[$this->app_session_key()]["id"]))
31 && (isset($_SESSION[$this->app_session_key()]["pass"]))
32 && (isset($_SESSION[$this->app_session_key()]["ip"]))
33 && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $_SESSION[$this->app_session_key()]["pass"]) == 0)
34 && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
37 public function password_ok($user, $password){
38 if(!$user) return false;
40 (isset($_SESSION[$this->app_session_key()]["id"]))
41 && (isset($_SESSION[$this->app_session_key()]["ip"]))
42 && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
43 && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
48 # ----------------------------------------------------------------------------------------
52 public function app_session_key(){
54 return "mw_".str_replace("/", "_", $env->path("web"));
57 public function load_session($reference_user = null){
59 if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
61 if(isset($_SESSION[$this->app_session_key()]["user"])){
62 $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
64 elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
65 if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
66 $user["password"] = $_COOKIE[$this->app_session_key()."_pass"];
67 $this->set_session($user);
71 if(!$this->user_ok($user)){
72 $this->clear_session();
81 public function set_session($user){
82 if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session();
83 $_SESSION[$this->app_session_key()]["user"] = $user["login"];
84 $_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
87 @setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
88 && @setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
91 public function clear_session(){
92 unset($_SESSION[$this->app_session_key()]);
93 $_SESSION[$this->app_session_key()] = array(
94 "ip" => $_SERVER["REMOTE_ADDR"],
98 @setcookie($this->app_session_key()."_user", "", 0, "/")
99 && @setcookie($this->app_session_key()."_pass", "", 0, "/");
102 public function set_session_user($user){
103 $this->set_session($user);
104 $this->user =& $user;
107 public function get_session_user(){