3 class mw_data_users_sessions extends mw_data{
7 function login($login, $password){
8 if(($user = $this->user($login)) !== false){
9 if($this->password_ok($user, $password)){
10 if(!$this->set_session($user)) $user = false;
13 $this->clear_session();
21 return $this->clear_session();
24 function user_ok($user){
26 strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0
27 && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
30 function password_ok($user, $password){
31 if(!$user) return false;
33 strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0
34 && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
37 # ----------------------------------------------------------------------------------------
41 function load_session(){
43 if(!isset($_SESSION["id"])) $this->clear_session();
45 if(isset($_SESSION["user"])){
46 $user = $this->user($_SESSION["user"]);
48 elseif(isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
49 if($user = $this->user($_COOKIE["user"])){
50 $user["password"] = $_COOKIE["pass"];
51 $this->set_session($user);
55 if(!$this->user_ok($user)){
56 $this->clear_session();
65 function set_session($user){
66 $_SESSION["user"] = $user["login"];
67 $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]);
70 setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web"))
71 && setcookie("pass", $user["password"], time() + (60 * 60 * 24 * 7), $env->path("web"));
74 function clear_session(){
75 unset($_SESSION["user"]);
76 unset($_SESSION["pass"]);
77 $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
78 $_SESSION["id"] = md5(rand());
81 setcookie("user", "", 0, $env->path("web"))
82 && setcookie("pass", "", 0, $env->path("web"));
85 function get_session_user(){