File: 0.02.14a/server/base/session.inc.php (View as HTML)

  1: <?php // session.inc.php -- NATS Session Manager
  2: 
  3: class TNATS_Session
  4: {
  5: var $auth=false;
  6: var $username="";
  7: var $userlevel="";
  8: var $sessionid=0;
  9: var $sessionkey="";
 10: var $ipaddress="";
 11: 
 12: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789";
 13: var $slen=120;
 14: 
 15: function Create($db,$uname,$pword)
 16: 	{
 17: 	$q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND ";
 18: 	$q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1";
 19: 	$r=$db->Query($q);
 20: 	if ($row=$db->Fetch_Array($r))
 21: 		{ // success
 22: 		mt_srand(microtime()*100000);
 23: 		for ($a=0; $a<$this->slen; $a++)
 24: 			{
 25: 			$this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)];
 26: 			}
 27: 		$q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) ";
 28: 		$q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\",";
 29: 		$q.=time().",".time().",".$row['userlevel'].")";
 30: 		$db->Query($q);
 31: 		if ($db->Affected_Rows()<=0) die("Failed to create session record");
 32: 		$this->username=$uname;
 33: 		$this->userlevel=$row['userlevel'];
 34: 		$this->sessionid=$db->Insert_Id();
 35: 		$this->ipaddress=$_SERVER['REMOTE_ADDR'];
 36: 		$this->auth=true;
 37: 		setcookie("fn_sid",$this->sessionid);
 38: 		setcookie("fn_skey",$this->sessionkey);
 39: 		return $this->sessionid;
 40: 		}
 41: 	return false;
 42: 	}
 43: 	
 44: function Check($db)
 45: 	{
 46: 	if (!isset($_COOKIE['fn_sid'])) return false;
 47: 	if (!isset($_COOKIE['fn_skey'])) return false;
 48: 	
 49: 	$q="SELECT username,userlevel FROM fnsession WHERE ";
 50: 	$q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND ";
 51: 	$q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\" AND updatex>".(time()-(30*60))." LIMIT 0,1";
 52: 	$r=$db->Query($q);
 53: 	if (!$row=$db->Fetch_Array($r)) return false;
 54: 	
 55: 	$this->sessionid=$_COOKIE['fn_sid'];
 56: 	$this->sessionkey=$_COOKIE['fn_skey'];
 57: 	$this->username=$row['username'];
 58: 	$this->userlevel=$row['userlevel'];
 59: 	$this->ipaddress=$_SERVER['REMOTE_ADDR'];
 60: 	$this->auth=true;
 61: 	
 62: 	$q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid);
 63: 	$db->Query($q);
 64: 	
 65: 	return true;
 66: 	}
 67: 	
 68: function Destroy($db)
 69: 	{
 70: 	$q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\"";
 71: 	$db->Query($q);
 72: 	setcookie("fn_sid","");
 73: 	setcookie("fn_skey","");
 74: 	return true;
 75: 	}
 76: 	
 77: }