X-Git-Url: http://git.dj3c1t.com/?a=blobdiff_plain;f=mw%2Fapp%2Fdata%2Fmodules%2Fshare%2Fmw_data_users_sessions.php;h=a82c9a02ac0ec568b3c61fbef70a43322383ded1;hb=refs%2Ftags%2Fmtweb.0.9.2;hp=daabe2bbc20c82734b477cbd7c09398a52011011;hpb=e1b64e4088232b9d7b4acb2dc24279bb38fcafba;p=mtweb diff --git a/mw/app/data/modules/share/mw_data_users_sessions.php b/mw/app/data/modules/share/mw_data_users_sessions.php index daabe2b..a82c9a0 100644 --- a/mw/app/data/modules/share/mw_data_users_sessions.php +++ b/mw/app/data/modules/share/mw_data_users_sessions.php @@ -23,31 +23,41 @@ function user_ok($user){ return - strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0 - && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; + (isset($_SESSION[$this->app_session_key()]["id"])) + && (isset($_SESSION[$this->app_session_key()]["pass"])) + && (isset($_SESSION[$this->app_session_key()]["ip"])) + && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $_SESSION[$this->app_session_key()]["pass"]) == 0) + && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]); } function password_ok($user, $password){ if(!$user) return false; return - strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0 - && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"]; + (isset($_SESSION[$this->app_session_key()]["id"])) + && (isset($_SESSION[$this->app_session_key()]["ip"])) + && (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0) + && ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]); } # ---------------------------------------------------------------------------------------- # session # + function app_session_key(){ + $env = $this->env(); + return "mw_".str_replace("/", "_", $env->path("web")); + } + function load_session(){ @session_start(); - if(!isset($_SESSION["id"])) $this->clear_session(); + if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session(); $user = array(); - if(isset($_SESSION["user"])){ - $user = $this->user($_SESSION["user"]); + if(isset($_SESSION[$this->app_session_key()]["user"])){ + $user = $this->user($_SESSION[$this->app_session_key()]["user"]); } - elseif(isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){ - if($user = $this->user($_COOKIE["user"])){ - $user["password"] = $_COOKIE["pass"]; + elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){ + if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){ + $user["password"] = $_COOKIE[$this->app_session_key()."_pass"]; $this->set_session($user); } } @@ -63,23 +73,25 @@ } function set_session($user){ - $_SESSION["user"] = $user["login"]; - $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]); + if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session(); + $_SESSION[$this->app_session_key()]["user"] = $user["login"]; + $_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]); $env = $this->env(); return - setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web")) - && setcookie("pass", $user["password"], time() + (60 * 60 * 24 * 7), $env->path("web")); + setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/") + && setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/"); } function clear_session(){ - unset($_SESSION["user"]); - unset($_SESSION["pass"]); - $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"]; - $_SESSION["id"] = md5(rand()); + unset($_SESSION[$this->app_session_key()]); + $_SESSION[$this->app_session_key()] = array( + "ip" => $_SERVER["REMOTE_ADDR"], + "id" => md5(rand()) + ); $env = $this->env(); return - setcookie("user", "", 0, $env->path("web")) - && setcookie("pass", "", 0, $env->path("web")); + setcookie($this->app_session_key()."_user", "", 0, "/") + && setcookie($this->app_session_key()."_pass", "", 0, "/"); } function get_session_user(){