File: 1.17.7a/server/base/session.inc.php (View as HTML)

  1: <?php // session.inc.php -- NATS Session Manager
  2: /* -------------------------------------------------------------
  3: This file is part of FreeNATS
  4: 
  5: FreeNATS is (C) Copyright 2008 PurplePixie Systems
  6: 
  7: FreeNATS is free software: you can redistribute it and/or modify
  8: it under the terms of the GNU General Public License as published by
  9: the Free Software Foundation, either version 3 of the License, or
 10: (at your option) any later version.
 11: 
 12: FreeNATS is distributed in the hope that it will be useful,
 13: but WITHOUT ANY WARRANTY; without even the implied warranty of
 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15: GNU General Public License for more details.
 16: 
 17: You should have received a copy of the GNU General Public License
 18: along with FreeNATS.  If not, see www.gnu.org/licenses
 19: 
 20: For more information see www.purplepixie.org/freenats
 21: -------------------------------------------------------------- */
 22: 
 23: class TNATS_Session
 24: {
 25: var $auth=false;
 26: var $username="";
 27: var $userlevel="";
 28: var $sessionid=0;
 29: var $sessionkey="";
 30: var $ipaddress="";
 31: 
 32: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789";
 33: var $slen=120;
 34: 
 35: function Create(&$db,$uname,$pword)
 36: 	{
 37: 	$q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND ";
 38: 	$q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1";
 39: 	$r=$db->Query($q);
 40: 	if ($row=$db->Fetch_Array($r))
 41: 		{ // success
 42: 		$db->Free($r);
 43: 		return $this->Register($db,$uname);
 44: 		}
 45: 	return false;
 46: 	}
 47: 	
 48: function Register(&$db,$uname)
 49: 	{
 50: 	$q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\"";
 51: 	$r=$db->Query($q);
 52: 	if (!$row=$db->Fetch_Array($r)) return false; // invalid user
 53: 	$db->Free($r);
 54: 	mt_srand(microtime()*100000);
 55: 	for ($a=0; $a<$this->slen; $a++)
 56: 		{
 57: 		$this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)];
 58: 		}
 59: 	$q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) ";
 60: 	$q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\",";
 61: 	$q.=time().",".time().",".$row['userlevel'].")";
 62: 	$db->Query($q);
 63: 	if ($db->Affected_Rows()<=0) die("Failed to create session record");
 64: 	$this->username=$uname;
 65: 	$this->userlevel=$row['userlevel'];
 66: 	$this->sessionid=$db->Insert_Id();
 67: 	$this->ipaddress=$_SERVER['REMOTE_ADDR'];
 68: 	$this->auth=true;
 69: 	setcookie("fn_sid",$this->sessionid);
 70: 	setcookie("fn_skey",$this->sessionkey);
 71: 	return $this->sessionid;	
 72: 	}
 73: 
 74: function Check(&$db,$timeskip=false) // timeskip (1.02.1) avoids checking for or setting time (for live monitor)
 75: 	{
 76: 	if (!isset($_COOKIE['fn_sid'])) return false;
 77: 	if (!isset($_COOKIE['fn_skey'])) return false;
 78: 	
 79: 	$q="SELECT username,userlevel FROM fnsession WHERE ";
 80: 	$q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND ";
 81: 	$q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\"";
 82: 	if (!$timeskip) $q.="AND updatex>".(time()-(30*60));
 83: 	$q.=" LIMIT 0,1";
 84: 	$r=$db->Query($q);
 85: 	if (!$row=$db->Fetch_Array($r)) return false;
 86: 	
 87: 	$this->sessionid=$_COOKIE['fn_sid'];
 88: 	$this->sessionkey=$_COOKIE['fn_skey'];
 89: 	$this->username=$row['username'];
 90: 	$this->userlevel=$row['userlevel'];
 91: 	$this->ipaddress=$_SERVER['REMOTE_ADDR'];
 92: 	$this->auth=true;
 93: 	
 94: 	if (!$timeskip)
 95: 		{
 96: 		$q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid);
 97: 		$db->Query($q);
 98: 		}
 99: 	
100: 	return true;
101: 	}
102: 	
103: function Destroy($db)
104: 	{
105: 	$q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\"";
106: 	$db->Query($q);
107: 	setcookie("fn_sid","");
108: 	setcookie("fn_skey","");
109: 	return true;
110: 	}
111: 	
112: }