Viewing File server/base/session.inc.php of 1.17.7a
|
1: <?php // session.inc.php -- NATS Session Manager 2: /* ------------------------------------------------------------- 3: This file is part of FreeNATS 4: 5: FreeNATS is (C) Copyright 2008 PurplePixie Systems 6: 7: FreeNATS is free software: you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation, either version 3 of the License, or 10: (at your option) any later version. 11: 12: FreeNATS is distributed in the hope that it will be useful, 13: but WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15: GNU General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with FreeNATS. If not, see www.gnu.org/licenses 19: 20: For more information see www.purplepixie.org/freenats 21: -------------------------------------------------------------- */ 22: 23: class TNATS_Session 24: { 25: var $auth=false; 26: var $username=""; 27: var $userlevel=""; 28: var $sessionid=0; 29: var $sessionkey=""; 30: var $ipaddress=""; 31: 32: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789"; 33: var $slen=120; 34: 35: function Create(&$db,$uname,$pword) 36: { 37: $q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND "; 38: $q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1"; 39: $r=$db->Query($q); 40: if ($row=$db->Fetch_Array($r)) 41: { // success 42: $db->Free($r); 43: return $this->Register($db,$uname); 44: } 45: return false; 46: } 47: 48: function Register(&$db,$uname) 49: { 50: $q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\""; 51: $r=$db->Query($q); 52: if (!$row=$db->Fetch_Array($r)) return false; // invalid user 53: $db->Free($r); 54: mt_srand(microtime()*100000); 55: for ($a=0; $a<$this->slen; $a++) 56: { 57: $this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)]; 58: } 59: $q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) "; 60: $q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\","; 61: $q.=time().",".time().",".$row['userlevel'].")"; 62: $db->Query($q); 63: if ($db->Affected_Rows()<=0) die("Failed to create session record"); 64: $this->username=$uname; 65: $this->userlevel=$row['userlevel']; 66: $this->sessionid=$db->Insert_Id(); 67: $this->ipaddress=$_SERVER['REMOTE_ADDR']; 68: $this->auth=true; 69: setcookie("fn_sid",$this->sessionid); 70: setcookie("fn_skey",$this->sessionkey); 71: return $this->sessionid; 72: } 73: 74: function Check(&$db,$timeskip=false) // timeskip (1.02.1) avoids checking for or setting time (for live monitor) 75: { 76: if (!isset($_COOKIE['fn_sid'])) return false; 77: if (!isset($_COOKIE['fn_skey'])) return false; 78: 79: $q="SELECT username,userlevel FROM fnsession WHERE "; 80: $q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND "; 81: $q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\""; 82: if (!$timeskip) $q.="AND updatex>".(time()-(30*60)); 83: $q.=" LIMIT 0,1"; 84: $r=$db->Query($q); 85: if (!$row=$db->Fetch_Array($r)) return false; 86: 87: $this->sessionid=$_COOKIE['fn_sid']; 88: $this->sessionkey=$_COOKIE['fn_skey']; 89: $this->username=$row['username']; 90: $this->userlevel=$row['userlevel']; 91: $this->ipaddress=$_SERVER['REMOTE_ADDR']; 92: $this->auth=true; 93: 94: if (!$timeskip) 95: { 96: $q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid); 97: $db->Query($q); 98: } 99: 100: return true; 101: } 102: 103: function Destroy($db) 104: { 105: $q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\""; 106: $db->Query($q); 107: setcookie("fn_sid",""); 108: setcookie("fn_skey",""); 109: return true; 110: } 111: 112: }