CX: Viewing File server/base/session.inc.php of 1.00.6a

File: 1.00.6a/server/base/session.inc.php (View as Code)

1: 2: /* ------------------------------------------------------------- 3: This file is part of FreeNATS 4: 5: FreeNATS is (C) Copyright 2008 PurplePixie Systems 6: 7: FreeNATS is free software: you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation, either version 3 of the License, or 10: (at your option) any later version. 11: 12: FreeNATS is distributed in the hope that it will be useful, 13: but WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15: GNU General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with Foobar. If not, see www.gnu.org/licenses 19: 20: For more information see www.purplepixie.org/freenats 21: -------------------------------------------------------------- */ 22: 23: class TNATS_Session 24: { 25: var $auth=false; 26: var $username=""; 27: var $userlevel=""; 28: var $sessionid=0; 29: var $sessionkey=""; 30: var $ipaddress=""; 31: 32: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789"; 33: var $slen=120; 34: 35: function Create($db,$uname,$pword) 36: { 37: $q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND "; 38: $q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1"; 39: $r=$db->Query($q); 40: if ($row=$db->Fetch_Array($r)) 41: { // success 42: mt_srand(microtime()*100000); 43: for ($a=0; $a<$this->slen; $a++) 44: { 45: $this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)]; 46: } 47: $q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) "; 48: $q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\","; 49: $q.=time().",".time().",".$row['userlevel'].")"; 50: $db->Query($q); 51: if ($db->Affected_Rows()<=0) die("Failed to create session record"); 52: $this->username=$uname; 53: $this->userlevel=$row['userlevel']; 54: $this->sessionid=$db->Insert_Id(); 55: $this->ipaddress=$_SERVER['REMOTE_ADDR']; 56: $this->auth=true; 57: setcookie("fn_sid",$this->sessionid); 58: setcookie("fn_skey",$this->sessionkey); 59: return $this->sessionid; 60: } 61: return false; 62: } 63: 64: function Check($db) 65: { 66: if (!isset($_COOKIE['fn_sid'])) return false; 67: if (!isset($_COOKIE['fn_skey'])) return false; 68: 69: $q="SELECT username,userlevel FROM fnsession WHERE "; 70: $q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND "; 71: $q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\" AND updatex>".(time()-(30*60))." LIMIT 0,1"; 72: $r=$db->Query($q); 73: if (!$row=$db->Fetch_Array($r)) return false; 74: 75: $this->sessionid=$_COOKIE['fn_sid']; 76: $this->sessionkey=$_COOKIE['fn_skey']; 77: $this->username=$row['username']; 78: $this->userlevel=$row['userlevel']; 79: $this->ipaddress=$_SERVER['REMOTE_ADDR']; 80: $this->auth=true; 81: 82: $q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid); 83: $db->Query($q); 84: 85: return true; 86: } 87: 88: function Destroy($db) 89: { 90: $q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\""; 91: $db->Query($q); 92: setcookie("fn_sid",""); 93: setcookie("fn_skey",""); 94: return true; 95: } 96: 97: }