user($login)) !== false){ if($this->password_ok($user, $password)){ if(!$this->set_session($user)) $user = false; } else{ $this->clear_session(); $user = array(); } } return $user; } function logout(){ return $this->clear_session(); } function user_ok($user){ return strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0 && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; } function password_ok($user, $password){ if(!$user) return false; return strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0 && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; } # ---------------------------------------------------------------------------------------- # session # function load_session(){ @session_start(); if(!isset($_SESSION["id"])) $this->clear_session(); $user = array(); if(isset($_SESSION["user"])){ $user = $this->user($_SESSION["user"]); } elseif(isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){ if($user = $this->user($_COOKIE["user"])){ $user["password"] = $_COOKIE["pass"]; $this->set_session($user); } } if($user){ if(!$this->user_ok($user)){ $this->clear_session(); $user = array(); } } else $user = array(); $this->user = $user; return $user; } function set_session($user){ $_SESSION["user"] = $user["login"]; $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]); $env = $this->env(); return setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web")) && setcookie("pass", $user["password"], time() + (60 * 60 * 24 * 7), $env->path("web")); } function clear_session(){ unset($_SESSION["user"]); unset($_SESSION["pass"]); $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["id"] = md5(rand()); $env = $this->env(); return setcookie("user", "", 0, $env->path("web")) && setcookie("pass", "", 0, $env->path("web")); } function get_session_user(){ return $this->user; } } ?>