class mw_data_users_sessions extends mw_data{
- var $user;
+ public $user;
- function login($login, $password){
- if(($user = $this->user($login)) !== false){
+ public function login($login, $password, $reference_user = null){
+ if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
+ if(isset($reference_user) && $login != $reference_user["login"]){
+ $this->clear_session();
+ return array();
+ }
if($this->password_ok($user, $password)){
if(!$this->set_session($user)) $user = false;
}
return $user;
}
- function logout(){
+ public function logout(){
return $this->clear_session();
}
- function user_ok($user){
+ public function user_ok($user){
return
- strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0
- && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
+ (isset($_SESSION[$this->app_session_key()]["id"]))
+ && (isset($_SESSION[$this->app_session_key()]["pass"]))
+ && (isset($_SESSION[$this->app_session_key()]["ip"]))
+ && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $_SESSION[$this->app_session_key()]["pass"]) == 0)
+ && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
}
- function password_ok($user, $password){
+ public function password_ok($user, $password){
if(!$user) return false;
- return
- strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0
- && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
+ $OK =
+ (isset($_SESSION[$this->app_session_key()]["id"]))
+ && (isset($_SESSION[$this->app_session_key()]["ip"]))
+ && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
+ && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
+ ;
+ return $OK;
}
# ----------------------------------------------------------------------------------------
# session
#
- function load_session(){
+ public function app_session_key(){
+ $env = $this->env();
+ return "mw_".str_replace("/", "_", $env->path("web"));
+ }
+
+ public function load_session($reference_user = null){
@session_start();
- if(!isset($_SESSION["id"])) $this->clear_session();
+ if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
$user = array();
- if(isset($_SESSION["user"])){
- $user = $this->user($_SESSION["user"]);
+ if(isset($_SESSION[$this->app_session_key()]["user"])){
+ $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
}
- elseif(isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
- if($user = $this->user($_COOKIE["user"])){
- $user["password"] = $_COOKIE["pass"];
+ elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
+ if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
+ $user["password"] = $_COOKIE[$this->app_session_key()."_pass"];
$this->set_session($user);
}
}
return $user;
}
- function set_session($user){
- $_SESSION["user"] = $user["login"];
- $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]);
+ public function set_session($user){
+ if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session();
+ $_SESSION[$this->app_session_key()]["user"] = $user["login"];
+ $_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
$env = $this->env();
return
- setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web"))
- && setcookie("pass", $user["password"], time() + (60 * 60 * 24 * 7), $env->path("web"));
+ @setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
+ && @setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
}
- function clear_session(){
- unset($_SESSION["user"]);
- unset($_SESSION["pass"]);
- $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
- $_SESSION["id"] = md5(rand());
- $env = $this->env();
+ public function clear_session(){
+ unset($_SESSION[$this->app_session_key()]);
+ $_SESSION[$this->app_session_key()] = array(
+ "ip" => $_SERVER["REMOTE_ADDR"],
+ "id" => md5(rand())
+ );
return
- setcookie("user", "", 0, $env->path("web"))
- && setcookie("pass", "", 0, $env->path("web"));
+ @setcookie($this->app_session_key()."_user", "", 0, "/")
+ && @setcookie($this->app_session_key()."_pass", "", 0, "/");
}
- function get_session_user(){
+ public function set_session_user($user){
+ $this->set_session($user);
+ $this->user =& $user;
+ }
+
+ public function get_session_user(){
return $this->user;
}
}
-
-?>
\ No newline at end of file
projects / mtweb / blobdiff