3 class mw_data_users_sessions extends mw_data{
7 function login($login, $password){
8 if(($user = $this->user($login)) !== false){
9 if($this->password_ok($user, $password)){
10 if(!$this->set_session($user)) $user = false;
13 $this->clear_session();
21 return $this->clear_session();
24 function user_ok($user){
26 (isset($_SESSION[$this->app_session_key()]["id"]))
27 && (isset($_SESSION[$this->app_session_key()]["pass"]))
28 && (isset($_SESSION[$this->app_session_key()]["ip"]))
29 && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $_SESSION[$this->app_session_key()]["pass"]) == 0)
30 && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
33 function password_ok($user, $password){
34 if(!$user) return false;
36 (isset($_SESSION[$this->app_session_key()]["id"]))
37 && (isset($_SESSION[$this->app_session_key()]["ip"]))
38 && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
39 && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
42 # ----------------------------------------------------------------------------------------
46 function app_session_key(){
48 return "mw_".str_replace("/", "_", $env->path("web"));
51 function load_session(){
53 if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
55 if(isset($_SESSION[$this->app_session_key()]["user"])){
56 $user = $this->user($_SESSION[$this->app_session_key()]["user"]);
58 elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
59 if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
60 $user["password"] = $_COOKIE[$this->app_session_key()."_pass"];
61 $this->set_session($user);
65 if(!$this->user_ok($user)){
66 $this->clear_session();
75 function set_session($user){
76 if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session();
77 $_SESSION[$this->app_session_key()]["user"] = $user["login"];
78 $_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
81 setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
82 && setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
85 function clear_session(){
86 unset($_SESSION[$this->app_session_key()]);
87 $_SESSION[$this->app_session_key()] = array(
88 "ip" => $_SERVER["REMOTE_ADDR"],
93 setcookie($this->app_session_key()."_user", "", 0, "/")
94 && setcookie($this->app_session_key()."_pass", "", 0, "/");
97 function get_session_user(){