[phpMP-CVS] CVS: phpMP/includes auth.php,1.5,1.6
Status: Pre-Alpha
Brought to you by:
heimidal
Menu
▾
▴
[phpMP-CVS] CVS: phpMP/includes auth.php,1.5,1.6
|
From: Brian R. <hei...@us...> - 2002-04-08 22:29:17
|
Update of /cvsroot/phpmp/phpMP/includes
In directory usw-pr-cvs1:/tmp/cvs-serv22711/includes
Modified Files:
auth.php
Log Message:
Updated Auth() functinos and handlers.
Index: auth.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/auth.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** auth.php 5 Apr 2002 23:15:29 -0000 1.5
--- auth.php 8 Apr 2002 22:29:14 -0000 1.6
***************
*** 39,42 ****
--- 39,50 ----
var $isgod;
var $priveleges;
+ var $cookietime;
+
+ function KillOldSessions() {
+ global $MPCONF, $DBA;
+ $cur_time = time() - $MPCONF['SES']['session_length'];
+ $DBA->query('DELETE FROM ' . $MPCONF['DB']['table_prefix'] . 'sessions WHERE expiretime < ' . $cur_time);
+
+ }
function FetchUserVars($sess_user) {
***************
*** 51,63 ****
}
function AuthUser() {
! global $MPCONF, $DBA, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SESSION_VARS;
! session_start();
! if($HTTP_SESSION_VARS['sess_user'] != "") {
! $sess_user = $HTTP_SESSION_VARS['sess_user'];
! return $this->FetchUserVars($sess_user);
} elseif($HTTP_COOKIE_VARS[$MPCONF['SES']['extcookie']]) {
--- 59,108 ----
}
+ function getSessKey($length=24, $pool="") {
+ if($pool == ""){
+ $pool = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ $pool .= "abcdefghijklmnopqrstuvwxyz";
+ $pool .= "0123456789";
+ }
+ mt_srand ((double) microtime() * 1000000);
+ $unique_id = "";
+ for ($index = 0; $index < $length; $index++) {
+ $unique_id .= substr($pool, (mt_rand()%(strlen($pool))), 1);
+ }
+ return $unique_id;
+ }
+
function AuthUser() {
! global $MPCONF, $DBA, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
! $this->KillOldSessions();
! $cookiename = $MPCONF['SES']['normcookie'];
! $this->cookietime = time();
! if(($HTTP_POST_VARS['username'] != "") && ($HTTP_POST_VARS['password'] != "")) {
! $enc_password = md5($HTTP_POST_VARS['password']);
+ $result = $DBA->query('SELECT username FROM ' . $MPCONF['DB']['table_prefix'] . "users WHERE username='{$HTTP_POST_VARS['username']}' AND password='$enc_password'");
+ if(@mysql_num_rows($result) == 1) {
+ $data = @mysql_fetch_array($result);
+ $sess_user = $data['username'];
+ $sesskey = $this->getSessKey();
+ $DBA->query('INSERT INTO ' . $MPCONF['DB']['table_prefix'] . "sessions (sesskey, expiretime, username) VALUES('$sesskey', '" . $this->cookietime . "', '" . $sess_user. "')");
+
+ setcookie($cookiename, $sess_user, $this->cookietime, $MPCONF['GEN']['uri']);
+ return $this->FetchUserVars($sess_user);
+
+ } else {
+ header("Location: " . $MPCONF['GEN']['uri'] . "/error.php?ecode=auth");
+ }
+ } elseif($HTTP_COOKIE_VARS[$cookiename]) {
+ $sess_user = $HTTP_COOKIE_VARS[$cookiename];
+ $result = $DBA->query('SELECT sesskey FROM ' . $MPCONF['DB']['table_prefix'] . 'sessions WHERE username = "' . $sess_user . '"');
+ if(@mysql_num_rows($result) == 1) {
+ return $this->FetchUserVars($sess_user);
+ setcookie($cookiename, $sess_user, $this->cookietime, $MPCONF['GEN']['uri']);
+ } else {
+ return $this->FetchUserVars('Anonymous');
+ }
} elseif($HTTP_COOKIE_VARS[$MPCONF['SES']['extcookie']]) {
***************
*** 69,74 ****
if(@mysql_num_rows($result) == 1) {
$sess_user = $username;
! $session_register($sess_user);
return $this->FetchUserVars($sess_user);
--- 114,121 ----
if(@mysql_num_rows($result) == 1) {
$sess_user = $username;
! $sesskey = $this->getSessKey();
! @mysql_query("INSERT INTO " . $MPCONF['DB']['table_prefix'] . "sessions (sesskey, expiretime, username) VALUES('$sesskey', '" . $this->cookietime . "', '$sess_user')");
+ setcookie($cookiename, $sess_user, $this->cookietime, $MPCONF['GEN']['uri']);
return $this->FetchUserVars($sess_user);
***************
*** 76,96 ****
header("Location: " . $MPCONF['GEN']['abs_path'] . "/error.php?ecode=auth");
}
-
- } elseif(($HTTP_POST_VARS['username'] != "") && ($HTTP_POST_VARS['password'] != "")) {
- $enc_password = md5($HTTP_POST_VARS['password']);
-
- $result = $DBA->query('SELECT username FROM ' . $MPCONF['DB']['table_prefix'] . "users WHERE username='{$HTTP_POST_VARS['username']}' AND password='$enc_password'");
- if(@mysql_num_rows($result) == 1) {
- $sess_user = $HTTP_POST_VARS['username'];
- session_register($sess_user);
-
- return $this->FetchUserVars($sess_user);
- } else {
- header("Location: " . $MPCONF['GEN']['uri'] . "/error.php?ecode=auth");
- }
} else {
$sess_user = "Anonymous";
- session_register($sess_user);
-
return $this->FetchUserVars('Anonymous');
}
--- 123,128 ----
***************
*** 131,214 ****
}
-
- /****************************************************************************/
- /* Session Handler Routines */
- /* Note: This should be outside the class */
-
- // This is used to change the default settings
- //ini_set ('session.save_handler','user');
-
- /*
- function sess_open($save_path, $session_name) {
- global $SESS_LIFE;
-
- $SESS_LIFE = get_cfg_var("session.gc_maxlifetime");
-
- return true;
-
- }
-
- function sess_close() {
-
- return true;
-
- }
-
- function sess_read($key) {
- global $SESS_LIFE, $MPCONF, $DBA;
-
- $qry = "SELECT value FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE sesskey = '$key' AND expiry > " . time();
- $qid = $DBA->query("$qry");
-
- $result = @mysql_fetch_array($qid);
-
- if ($result["value"]) {
- return $result["value"];
- } else {
- return false;
- }
- }
-
- function sess_write($key, $val) {
- global $SESS_LIFE, $MPCONF, $DBA;
-
- $expiry = time() + $SESS_LIFE;
- $value = addslashes($val);
-
- $qry = "REPLACE INTO " . $MPCONF['DB']['table_prefix'] . "sessions VALUES ('$key', $expiry, '$value')";
- $qid = $DBA->query("$qry");
-
- return $qid;
-
- }
-
- function sess_destroy($key) {
- global $DBA, $MPCONF;
- $qry = "DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE sesskey = '$key'";
- $qid = $DBA->query("$qry");
-
- return $qid;
- }
-
- function sess_gc($maxlifetime) {
- global $DBA, $MPCONF;
-
- $qry = "DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE expiry < " . time();
- $qid = $DBA->query("$qry");
-
- return $qid;
- }
-
- //session_set_save_handler(
- 'sess_open',
- 'sess_close',
- 'sess_read',
- 'sess_write',
- 'sess_destroy',
- 'sess_gc'
- );
- */
-
- /****************************************************************************/
?>
--- 163,166 ----
|
