var $user;
- function login($login, $password){
- if(($user = $this->user($login)) !== false){
+ function login($login, $password, $reference_user = null){
+ if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
+ if(isset($reference_user) && $login != $reference_user["login"]){
+ $this->clear_session();
+ return array();
+ }
if($this->password_ok($user, $password)){
if(!$this->set_session($user)) $user = false;
}
function password_ok($user, $password){
if(!$user) return false;
- return
+ $OK =
(isset($_SESSION[$this->app_session_key()]["id"]))
&& (isset($_SESSION[$this->app_session_key()]["ip"]))
&& (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
- && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
+ && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
+ ;
+ return $OK;
}
# ----------------------------------------------------------------------------------------
return "mw_".str_replace("/", "_", $env->path("web"));
}
- function load_session(){
+ function load_session($reference_user = null){
@session_start();
if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
$user = array();
if(isset($_SESSION[$this->app_session_key()]["user"])){
- $user = $this->user($_SESSION[$this->app_session_key()]["user"]);
+ $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
}
elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){