class mw_data_users_sessions extends mw_data{
- var $user;
+ public $user;
- function login($login, $password){
- if(($user = $this->user($login)) !== false){
+ public function login($login, $password, $reference_user = null){
+ if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
+ if(isset($reference_user) && $login != $reference_user["login"]){
+ $this->clear_session();
+ return array();
+ }
if($this->password_ok($user, $password)){
if(!$this->set_session($user)) $user = false;
}
return $user;
}
- function logout(){
+ public function logout(){
return $this->clear_session();
}
- function user_ok($user){
+ public function user_ok($user){
return
(isset($_SESSION[$this->app_session_key()]["id"]))
&& (isset($_SESSION[$this->app_session_key()]["pass"]))
&& ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
}
- function password_ok($user, $password){
+ public function password_ok($user, $password){
if(!$user) return false;
- return
+ $OK =
(isset($_SESSION[$this->app_session_key()]["id"]))
&& (isset($_SESSION[$this->app_session_key()]["ip"]))
&& (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
- && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
+ && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
+ ;
+ return $OK;
}
# ----------------------------------------------------------------------------------------
# session
#
- function app_session_key(){
+ public function app_session_key(){
$env = $this->env();
return "mw_".str_replace("/", "_", $env->path("web"));
}
- function load_session(){
+ public function load_session($reference_user = null){
@session_start();
if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
$user = array();
if(isset($_SESSION[$this->app_session_key()]["user"])){
- $user = $this->user($_SESSION[$this->app_session_key()]["user"]);
+ $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
}
elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
return $user;
}
- function set_session($user){
+ public function set_session($user){
if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session();
$_SESSION[$this->app_session_key()]["user"] = $user["login"];
$_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
$env = $this->env();
return
- setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
- && setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
+ @setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
+ && @setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
}
- function clear_session(){
+ public function clear_session(){
unset($_SESSION[$this->app_session_key()]);
$_SESSION[$this->app_session_key()] = array(
"ip" => $_SERVER["REMOTE_ADDR"],
"id" => md5(rand())
);
- $env = $this->env();
return
- setcookie($this->app_session_key()."_user", "", 0, "/")
- && setcookie($this->app_session_key()."_pass", "", 0, "/");
+ @setcookie($this->app_session_key()."_user", "", 0, "/")
+ && @setcookie($this->app_session_key()."_pass", "", 0, "/");
+ }
+
+ public function set_session_user($user){
+ $this->set_session($user);
+ $this->user =& $user;
}
- function get_session_user(){
+ public function get_session_user(){
return $this->user;
}
}
-
-?>
\ No newline at end of file