var $user;
- function login($login, $password){
- if(($user = $this->user($login)) !== false){
+ function login($login, $password, $reference_user = null){
+ if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
+ if(isset($reference_user) && $login != $reference_user["login"]){
+ $this->clear_session();
+ return array();
+ }
if($this->password_ok($user, $password)){
if(!$this->set_session($user)) $user = false;
}
function password_ok($user, $password){
if(!$user) return false;
- return
+ $OK =
(isset($_SESSION[$this->app_session_key()]["id"]))
&& (isset($_SESSION[$this->app_session_key()]["ip"]))
&& (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
- && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
+ && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
+ ;
+ return $OK;
}
# ----------------------------------------------------------------------------------------
return "mw_".str_replace("/", "_", $env->path("web"));
}
- function load_session(){
+ function load_session($reference_user = null){
@session_start();
if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
$user = array();
if(isset($_SESSION[$this->app_session_key()]["user"])){
- $user = $this->user($_SESSION[$this->app_session_key()]["user"]);
+ $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
}
elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
$_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
$env = $this->env();
return
- setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
- && setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
+ @setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
+ && @setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
}
function clear_session(){
"ip" => $_SERVER["REMOTE_ADDR"],
"id" => md5(rand())
);
- $env = $this->env();
return
- setcookie($this->app_session_key()."_user", "", 0, "/")
- && setcookie($this->app_session_key()."_pass", "", 0, "/");
+ @setcookie($this->app_session_key()."_user", "", 0, "/")
+ && @setcookie($this->app_session_key()."_pass", "", 0, "/");
+ }
+
+ function set_session_user($user){
+ $this->set_session($user);
+ $this->user =& $user;
}
function get_session_user(){