X-Git-Url: http://git.dj3c1t.com/?a=blobdiff_plain;f=mw%2Fapp%2Fdata%2Fmodules%2Fshare%2Fmw_data_users_sessions.php;h=7203e995e620327d6840d255904cba1b515a39b6;hb=HEAD;hp=a82c9a02ac0ec568b3c61fbef70a43322383ded1;hpb=0df77b6e0e0eee4060e73ca0d6955bf232aa23cc;p=mtweb

diff --git a/mw/app/data/modules/share/mw_data_users_sessions.php b/mw/app/data/modules/share/mw_data_users_sessions.php
index a82c9a0..7203e99 100644
--- a/mw/app/data/modules/share/mw_data_users_sessions.php
+++ b/mw/app/data/modules/share/mw_data_users_sessions.php
@@ -2,10 +2,14 @@
 
   class mw_data_users_sessions extends mw_data{
 
-    var $user;
+    public $user;
 
-    function login($login, $password){
-      if(($user = $this->user($login)) !== false){
+    public function login($login, $password, $reference_user = null){
+      if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
+        if(isset($reference_user) && $login != $reference_user["login"]){
+          $this->clear_session();
+          return array();
+        }
         if($this->password_ok($user, $password)){
           if(!$this->set_session($user)) $user = false;
         }
@@ -17,11 +21,11 @@
       return $user;
     }
 
-    function logout(){
+    public function logout(){
       return $this->clear_session();
     }
 
-    function user_ok($user){
+    public function user_ok($user){
       return
           (isset($_SESSION[$this->app_session_key()]["id"]))
       &&  (isset($_SESSION[$this->app_session_key()]["pass"]))
@@ -30,30 +34,32 @@
       &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
     }
 
-    function password_ok($user, $password){
+    public function password_ok($user, $password){
       if(!$user) return false;
-      return
+      $OK =
           (isset($_SESSION[$this->app_session_key()]["id"]))
       &&  (isset($_SESSION[$this->app_session_key()]["ip"]))
       &&  (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
-      &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
+      &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
+      ;
+      return $OK;
     }
 
     # ----------------------------------------------------------------------------------------
     #                                                                                  session
     #
 
-    function app_session_key(){
+    public function app_session_key(){
       $env = $this->env();
       return "mw_".str_replace("/", "_", $env->path("web"));
     }
 
-    function load_session(){
+    public function load_session($reference_user = null){
       @session_start();
       if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
       $user = array();
       if(isset($_SESSION[$this->app_session_key()]["user"])){
-        $user = $this->user($_SESSION[$this->app_session_key()]["user"]);
+        $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
       }
       elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
         if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
@@ -72,32 +78,34 @@
       return $user;
     }
 
-    function set_session($user){
+    public function set_session($user){
       if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session();
       $_SESSION[$this->app_session_key()]["user"] = $user["login"];
       $_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
       $env = $this->env();
       return
-          setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
-      &&  setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
+          @setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
+      &&  @setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
     }
 
-    function clear_session(){
+    public function clear_session(){
       unset($_SESSION[$this->app_session_key()]);
       $_SESSION[$this->app_session_key()] = array(
         "ip" => $_SERVER["REMOTE_ADDR"],
         "id" => md5(rand())
       );
-      $env = $this->env();
       return
-          setcookie($this->app_session_key()."_user", "", 0, "/")
-      &&  setcookie($this->app_session_key()."_pass", "", 0, "/");
+          @setcookie($this->app_session_key()."_user", "", 0, "/")
+      &&  @setcookie($this->app_session_key()."_pass", "", 0, "/");
+    }
+
+    public function set_session_user($user){
+      $this->set_session($user);
+      $this->user =& $user;
     }
 
-    function get_session_user(){
+    public function get_session_user(){
       return $this->user;
     }
 
   }
-
-?>
\ No newline at end of file