File:
0.00.0a/base/session.inc.php (
View as Code)
1: 2:
3: class TNATS_Session
4: {
5: var $auth=false;
6: var $username="";
7: var $userlevel="";
8: var $sessionid=0;
9: var $sessionkey="";
10: var $ipaddress="";
11:
12: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789";
13: var $slen=120;
14:
15: function Create($db,$uname,$pword)
16: {
17: $q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND ";
18: $q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1";
19: $r=$db->Query($q);
20: if ($row=$db->Fetch_Array($r))
21: { // success
22: mt_srand(microtime()*100000);
23: for ($a=0; $a<$this->slen; $a++)
24: {
25: $this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)];
26: }
27: $q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) ";
28: $q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\",";
29: $q.=time().",".time().",".$row['userlevel'].")";
30: $db->Query($q);
31: if ($db->Affected_Rows()<=0) die("Failed to create session record");
32: $this->username=$uname;
33: $this->userlevel=$row['userlevel'];
34: $this->sessionid=$db->Insert_Id();
35: $this->ipaddress=$_SERVER['REMOTE_ADDR'];
36: $this->auth=true;
37: setcookie("fn_sid",$this->sessionid);
38: setcookie("fn_skey",$this->sessionkey);
39: return $this->sessionid;
40: }
41: return false;
42: }
43:
44: function Check($db)
45: {
46: if (!isset($_COOKIE['fn_sid'])) return false;
47: if (!isset($_COOKIE['fn_skey'])) return false;
48:
49: $q="SELECT username,userlevel FROM fnsession WHERE ";
50: $q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND ";
51: $q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\" AND updatex>".(time()-(30*60))." LIMIT 0,1";
52: $r=$db->Query($q);
53: if (!$row=$db->Fetch_Array($r)) return false;
54:
55: $this->sessionid=$_COOKIE['fn_sid'];
56: $this->sessionkey=$_COOKIE['fn_skey'];
57: $this->username=$row['username'];
58: $this->userlevel=$row['userlevel'];
59: $this->ipaddress=$_SERVER['REMOTE_ADDR'];
60: $this->auth=true;
61:
62: $q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid);
63: $db->Query($q);
64:
65: return true;
66: }
67:
68: function Destroy($db)
69: {
70: $q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\"";
71: $db->Query($q);
72: setcookie("fn_sid","");
73: setcookie("fn_skey","");
74: return true;
75: }
76:
77: }