File:
0.02.52a/server/base/session.inc.php (
View as Code)
1: 2: /* -------------------------------------------------------------
3: This file is part of FreeNATS
4:
5: FreeNATS is (C) Copyright 2008 PurplePixie Systems
6:
7: FreeNATS is free software: you can redistribute it and/or modify
8: it under the terms of the GNU General Public License as published by
9: the Free Software Foundation, either version 3 of the License, or
10: (at your option) any later version.
11:
12: FreeNATS is distributed in the hope that it will be useful,
13: but WITHOUT ANY WARRANTY; without even the implied warranty of
14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15: GNU General Public License for more details.
16:
17: You should have received a copy of the GNU General Public License
18: along with Foobar. If not, see www.gnu.org/licenses
19:
20: For more information see www.purplepixie.org/freenats
21: -------------------------------------------------------------- */
22:
23: class TNATS_Session
24: {
25: var $auth=false;
26: var $username="";
27: var $userlevel="";
28: var $sessionid=0;
29: var $sessionkey="";
30: var $ipaddress="";
31:
32: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789";
33: var $slen=120;
34:
35: function Create($db,$uname,$pword)
36: {
37: $q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND ";
38: $q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1";
39: $r=$db->Query($q);
40: if ($row=$db->Fetch_Array($r))
41: { // success
42: mt_srand(microtime()*100000);
43: for ($a=0; $a<$this->slen; $a++)
44: {
45: $this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)];
46: }
47: $q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) ";
48: $q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\",";
49: $q.=time().",".time().",".$row['userlevel'].")";
50: $db->Query($q);
51: if ($db->Affected_Rows()<=0) die("Failed to create session record");
52: $this->username=$uname;
53: $this->userlevel=$row['userlevel'];
54: $this->sessionid=$db->Insert_Id();
55: $this->ipaddress=$_SERVER['REMOTE_ADDR'];
56: $this->auth=true;
57: setcookie("fn_sid",$this->sessionid);
58: setcookie("fn_skey",$this->sessionkey);
59: return $this->sessionid;
60: }
61: return false;
62: }
63:
64: function Check($db)
65: {
66: if (!isset($_COOKIE['fn_sid'])) return false;
67: if (!isset($_COOKIE['fn_skey'])) return false;
68:
69: $q="SELECT username,userlevel FROM fnsession WHERE ";
70: $q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND ";
71: $q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\" AND updatex>".(time()-(30*60))." LIMIT 0,1";
72: $r=$db->Query($q);
73: if (!$row=$db->Fetch_Array($r)) return false;
74:
75: $this->sessionid=$_COOKIE['fn_sid'];
76: $this->sessionkey=$_COOKIE['fn_skey'];
77: $this->username=$row['username'];
78: $this->userlevel=$row['userlevel'];
79: $this->ipaddress=$_SERVER['REMOTE_ADDR'];
80: $this->auth=true;
81:
82: $q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid);
83: $db->Query($q);
84:
85: return true;
86: }
87:
88: function Destroy($db)
89: {
90: $q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\"";
91: $db->Query($q);
92: setcookie("fn_sid","");
93: setcookie("fn_skey","");
94: return true;
95: }
96:
97: }