File: 0.00.0a/base/session.inc.php (View as Code)

1: 2: 3: class TNATS_Session 4: { 5: var $auth=false; 6: var $username=""; 7: var $userlevel=""; 8: var $sessionid=0; 9: var $sessionkey=""; 10: var $ipaddress=""; 11: 12: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789"; 13: var $slen=120; 14: 15: function Create($db,$uname,$pword) 16: { 17: $q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND "; 18: $q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1"; 19: $r=$db->Query($q); 20: if ($row=$db->Fetch_Array($r)) 21: { // success 22: mt_srand(microtime()*100000); 23: for ($a=0; $a<$this->slen; $a++) 24: { 25: $this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)]; 26: } 27: $q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) "; 28: $q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\","; 29: $q.=time().",".time().",".$row['userlevel'].")"; 30: $db->Query($q); 31: if ($db->Affected_Rows()<=0) die("Failed to create session record"); 32: $this->username=$uname; 33: $this->userlevel=$row['userlevel']; 34: $this->sessionid=$db->Insert_Id(); 35: $this->ipaddress=$_SERVER['REMOTE_ADDR']; 36: $this->auth=true; 37: setcookie("fn_sid",$this->sessionid); 38: setcookie("fn_skey",$this->sessionkey); 39: return $this->sessionid; 40: } 41: return false; 42: } 43: 44: function Check($db) 45: { 46: if (!isset($_COOKIE['fn_sid'])) return false; 47: if (!isset($_COOKIE['fn_skey'])) return false; 48: 49: $q="SELECT username,userlevel FROM fnsession WHERE "; 50: $q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND "; 51: $q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\" AND updatex>".(time()-(30*60))." LIMIT 0,1"; 52: $r=$db->Query($q); 53: if (!$row=$db->Fetch_Array($r)) return false; 54: 55: $this->sessionid=$_COOKIE['fn_sid']; 56: $this->sessionkey=$_COOKIE['fn_skey']; 57: $this->username=$row['username']; 58: $this->userlevel=$row['userlevel']; 59: $this->ipaddress=$_SERVER['REMOTE_ADDR']; 60: $this->auth=true; 61: 62: $q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid); 63: $db->Query($q); 64: 65: return true; 66: } 67: 68: function Destroy($db) 69: { 70: $q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\""; 71: $db->Query($q); 72: setcookie("fn_sid",""); 73: setcookie("fn_skey",""); 74: return true; 75: } 76: 77: }