File:
1.03.1a/server/base/session.inc.php (
View as Code)
1: 2: /* -------------------------------------------------------------
3: This file is part of FreeNATS
4:
5: FreeNATS is (C) Copyright 2008 PurplePixie Systems
6:
7: FreeNATS is free software: you can redistribute it and/or modify
8: it under the terms of the GNU General Public License as published by
9: the Free Software Foundation, either version 3 of the License, or
10: (at your option) any later version.
11:
12: FreeNATS is distributed in the hope that it will be useful,
13: but WITHOUT ANY WARRANTY; without even the implied warranty of
14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15: GNU General Public License for more details.
16:
17: You should have received a copy of the GNU General Public License
18: along with FreeNATS. If not, see www.gnu.org/licenses
19:
20: For more information see www.purplepixie.org/freenats
21: -------------------------------------------------------------- */
22:
23: class TNATS_Session
24: {
25: var $auth=false;
26: var $username="";
27: var $userlevel="";
28: var $sessionid=0;
29: var $sessionkey="";
30: var $ipaddress="";
31:
32: var $schrs="abcdefghijklmnopqrstuvwxyz0123456789";
33: var $slen=120;
34:
35: function Create(&$db,$uname,$pword)
36: {
37: $q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\" AND ";
38: $q.="password=MD5(\"".ss($pword)."\") LIMIT 0,1";
39: $r=$db->Query($q);
40: if ($row=$db->Fetch_Array($r))
41: { // success
42: $db->Free($r);
43: return $this->Register($db,$uname);
44: }
45: return false;
46: }
47:
48: function Register(&$db,$uname)
49: {
50: $q="SELECT userlevel FROM fnuser WHERE username=\"".ss($uname)."\"";
51: $r=$db->Query($q);
52: if (!$row=$db->Fetch_Array($r)) return false; // invalid user
53: $db->Free($r);
54: mt_srand(microtime()*100000);
55: for ($a=0; $a<$this->slen; $a++)
56: {
57: $this->sessionkey.=$this->schrs[mt_rand(0,strlen($this->schrs)-1)];
58: }
59: $q="INSERT INTO fnsession(sessionkey,ipaddress,username,startx,updatex,userlevel) ";
60: $q.="VALUES(\"".$this->sessionkey."\",\"".ss($_SERVER['REMOTE_ADDR'])."\",\"".ss($uname)."\",";
61: $q.=time().",".time().",".$row['userlevel'].")";
62: $db->Query($q);
63: if ($db->Affected_Rows()<=0) die("Failed to create session record");
64: $this->username=$uname;
65: $this->userlevel=$row['userlevel'];
66: $this->sessionid=$db->Insert_Id();
67: $this->ipaddress=$_SERVER['REMOTE_ADDR'];
68: $this->auth=true;
69: setcookie("fn_sid",$this->sessionid);
70: setcookie("fn_skey",$this->sessionkey);
71: return $this->sessionid;
72: }
73:
74: function Check(&$db,$timeskip=false) // timeskip (1.02.1) avoids checking for or setting time (for live monitor)
75: {
76: if (!isset($_COOKIE['fn_sid'])) return false;
77: if (!isset($_COOKIE['fn_skey'])) return false;
78:
79: $q="SELECT username,userlevel FROM fnsession WHERE ";
80: $q.="sessionid=".ss($_COOKIE['fn_sid'])." AND sessionkey=\"".ss($_COOKIE['fn_skey'])."\" AND ";
81: $q.="ipaddress=\"".ss($_SERVER['REMOTE_ADDR'])."\"";
82: if (!$timeskip) $q.="AND updatex>".(time()-(30*60));
83: $q.=" LIMIT 0,1";
84: $r=$db->Query($q);
85: if (!$row=$db->Fetch_Array($r)) return false;
86:
87: $this->sessionid=$_COOKIE['fn_sid'];
88: $this->sessionkey=$_COOKIE['fn_skey'];
89: $this->username=$row['username'];
90: $this->userlevel=$row['userlevel'];
91: $this->ipaddress=$_SERVER['REMOTE_ADDR'];
92: $this->auth=true;
93:
94: if (!$timeskip)
95: {
96: $q="UPDATE fnsession SET updatex=".time()." WHERE sessionid=".ss($this->sessionid);
97: $db->Query($q);
98: }
99:
100: return true;
101: }
102:
103: function Destroy($db)
104: {
105: $q="DELETE FROM fnsession WHERE sessionid=".ss($this->sessionid)." AND sessionkey=\"".ss($this->sessionkey)."\"";
106: $db->Query($q);
107: setcookie("fn_sid","");
108: setcookie("fn_skey","");
109: return true;
110: }
111:
112: }