File: 1.00.6a/server/base/session.inc.php (View as HTML)

  1: <?php // session.inc.php -- NATS Session Manager
  2: /* -------------------------------------------------------------
  3: This file is part of FreeNATS
  4: 
  5: FreeNATS is (C) Copyright 2008 PurplePixie Systems
  6: 
  7: FreeNATS is free software: you can redistribute it and/or modify
  8: it under the terms of the GNU General Public License as published by
  9: the Free Software Foundation, either version 3 of the License, or
 10: (at your option) any later version.
 11: 
 12: FreeNATS is distributed in the hope that it will be useful,
 13: but WITHOUT ANY WARRANTY; without even the implied warranty of
 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15: GNU General Public License for more details.
 16: 
 17: You should have received a copy of the GNU General Public License
 18: along with Foobar.  If not, see www.gnu.org/licenses
 19: 
 20: For more information see www.purplepixie.org/freenats
 21: -------------------------------------------------------------- */
 22: 
 23: class TNATS_Session
 24: {
 25: var $auth=false;
 26: var $username="";
 27: var $userlevel="";
 28: var $sessionid=0;
 29: var $sessionkey="";
 30: var $ipaddress="";
 31: 
 32: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789";
 33: var $slen=120;
 34: 
 35: function Create($db,$uname,$pword)
 36: 	{
 37: 	$q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND ";
 38: 	$q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1";
 39: 	$r=$db->Query($q);
 40: 	if ($row=$db->Fetch_Array($r))
 41: 		{ // success
 42: 		mt_srand(microtime()*100000);
 43: 		for ($a=0; $a<$this->slen; $a++)
 44: 			{
 45: 			$this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)];
 46: 			}
 47: 		$q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) ";
 48: 		$q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\",";
 49: 		$q.=time().",".time().",".$row['userlevel'].")";
 50: 		$db->Query($q);
 51: 		if ($db->Affected_Rows()<=0) die("Failed to create session record");
 52: 		$this->username=$uname;
 53: 		$this->userlevel=$row['userlevel'];
 54: 		$this->sessionid=$db->Insert_Id();
 55: 		$this->ipaddress=$_SERVER['REMOTE_ADDR'];
 56: 		$this->auth=true;
 57: 		setcookie("fn_sid",$this->sessionid);
 58: 		setcookie("fn_skey",$this->sessionkey);
 59: 		return $this->sessionid;
 60: 		}
 61: 	return false;
 62: 	}
 63: 	
 64: function Check($db)
 65: 	{
 66: 	if (!isset($_COOKIE['fn_sid'])) return false;
 67: 	if (!isset($_COOKIE['fn_skey'])) return false;
 68: 	
 69: 	$q="SELECT username,userlevel FROM fnsession WHERE ";
 70: 	$q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND ";
 71: 	$q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\" AND updatex>".(time()-(30*60))." LIMIT 0,1";
 72: 	$r=$db->Query($q);
 73: 	if (!$row=$db->Fetch_Array($r)) return false;
 74: 	
 75: 	$this->sessionid=$_COOKIE['fn_sid'];
 76: 	$this->sessionkey=$_COOKIE['fn_skey'];
 77: 	$this->username=$row['username'];
 78: 	$this->userlevel=$row['userlevel'];
 79: 	$this->ipaddress=$_SERVER['REMOTE_ADDR'];
 80: 	$this->auth=true;
 81: 	
 82: 	$q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid);
 83: 	$db->Query($q);
 84: 	
 85: 	return true;
 86: 	}
 87: 	
 88: function Destroy($db)
 89: 	{
 90: 	$q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\"";
 91: 	$db->Query($q);
 92: 	setcookie("fn_sid","");
 93: 	setcookie("fn_skey","");
 94: 	return true;
 95: 	}
 96: 	
 97: }