Thread: [phpMP-CVS] CVS: phpMP/includes sessions.php,NONE,1.1 auth.php,1.12,1.13 core.php,1.17,1.18
Status: Pre-Alpha
Brought to you by:
heimidal
Menu
▾
▴
phpmp-commits
|
From: Brian R. <hei...@us...> - 2002-07-27 05:36:02
|
Update of /cvsroot/phpmp/phpMP/includes
In directory usw-pr-cvs1:/tmp/cvs-serv25420/includes
Modified Files:
auth.php core.php
Added Files:
sessions.php
Log Message:
Attempt at adding PHP session support in the Auth system. Not exactly working, but at least we'll be able to view the code from the CVS web repo.
Removed the 'designed by trevorj' notice on the template, since he's the lead designer and gets enough recognition already. :-P
--- NEW FILE: sessions.php ---
<?
/******************************************************************************
*******************************************************************************
phpMP - The World's Greatest Modular Portal
***********************************************
Are you MPowered?
Copyright (C) 2002 phpMP Development Group
All rights reserved.
Lead Programmer: Brian Rose
Lead Designer: Trevor Joynson
Filename: /includes/sessions.php
Usage & Function: Contains Session Handlers
Create Date: July 26, 2002
$Id: sessions.php,v 1.1 2002/07/27 05:35:59 heimidal Exp $
*******************************************************************************
*******************************************************************************
This software is provided under the GPL software license. A copy of the
license should have been included with this software, located in the Docs
folder. Feel free to redistribute and/or modify it according to the
regulations stated in the license.
*******************************************************************************
*******************************************************************************
Notes on this document:
Database abstraction classes have been partially taken from jimmacr's phpusion
project. Some source code has been modified, but most functions do exactly
the same thing he intended them for. Most likely, this code will be mostly
rewritten by project release.
*******************************************************************************
******************************************************************************/
ini_set ( "session.save_handler", "user");
function mysql_session_open ($save_path, $session_name) {
return true;
}
function mysql_session_close() {
return true;
}
function mysql_session_read ($sesskey) {
global $MPCONF, $DBA;
$SessionID = addslashes($sesskey);
$session_data = $DBA->query("SELECT * FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE sesskey = '$sesskey'") or die(db_error_message());
if ($DBA->num_rows($session_data) == 1) {
return $DBA->result($session_data, 0);
} else {
return false;
}
}
function mysql_session_write ($sesskey, $val) {
global $MPCONF, $DBA;
$sesskey = addslashes($sesskey);
$val = addslashes($val);
$sess_exists = $DBA->result($DBA->query("SELECT COUNT(*) FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE sesskey = '$sesskey'"), 0);
if ($sess_exists == 0) {
$retval = $DBA->query("INSERT INTO " . $MPCONF['DB']['table_prefix'] . "sessions (sesskey, expiretime, data) VALUES ('$sesskey', '" . time() . "', '$val')");
} else {
$retval = $DBA->query("UPDATE " . $MPCONF['DB']['table_prefix'] . "sessions SET data = '$val', expiretime = '" . time() . "' WHERE sesskey = '$sesskey'");
if ($DBA->affected_rows() < 0) {
error_log("unable to update session data for session $sesskey");
}
}
return $retval;
}
function mysql_session_destroy ($sesskey) {
global $MPCONF, $DBA;
$sesskey = addslashes($sesskey);
$retval = $DBA->query("DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE sesskey = '$sesskey'");
return $retval;
}
function mysql_session_gc ($maxlifetime = 300) {
global $MPCONF, $DBA;
$retval = mysql_query("DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE expiretime < " . time());
return $retval;
}
session_set_save_handler (
'mysql_session_open',
'mysql_session_close',
'mysql_session_read',
'mysql_session_write',
'mysql_session_destroy',
'mysql_session_gc'
);
?>
Index: auth.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/auth.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -r1.12 -r1.13
*** auth.php 25 May 2002 17:49:28 -0000 1.12
--- auth.php 27 Jul 2002 05:35:59 -0000 1.13
***************
*** 1,4 ****
<?
-
/******************************************************************************
*******************************************************************************
--- 1,3 ----
***************
*** 15,20 ****
Filename: /includes/auth.php
! Usage & Function: Contains Auth Class & session decs
! Create Date: March 31, 2002
$Id$
--- 14,19 ----
Filename: /includes/auth.php
! Usage & Function: Contains Auth Class
! Create Date: March 29, 2002
$Id$
***************
*** 29,137 ****
*******************************************************************************
******************************************************************************/
- // Auth class contains all authentication functions
class Auth {
!
var $mpcookie;
! var $UserVars;
! var $isadmin;
! var $isgod;
! var $priveleges;
! var $cookietime;
!
! function KillOldSessions() {
! global $MPCONF, $DBA;
! $cur_time = time() - $MPCONF['SES']['session_length'];
! $DBA->query('DELETE FROM ' . $MPCONF['DB']['table_prefix'] . 'sessions WHERE expiretime < ' . $cur_time);
!
! }
!
! function FetchUserVars($sess_user) {
! global $MPCONF, $DBA;
!
! $userinfo = $DBA->query('SELECT * FROM ' . $MPCONF['DB']['table_prefix'] . 'users WHERE username="' . $sess_user . '"');
!
! $this->UserVars = $DBA->fetch_array($userinfo);
!
! return $this->UserVars;
!
! }
!
! function getSessKey($length=24, $pool="") {
! if($pool == ""){
! $pool = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
! $pool .= "abcdefghijklmnopqrstuvwxyz";
! $pool .= "0123456789";
! }
! mt_srand ((double) microtime() * 1000000);
! $unique_id = "";
! for ($index = 0; $index < $length; $index++) {
! $unique_id .= substr($pool, (mt_rand()%(strlen($pool))), 1);
! }
! return $unique_id;
! }
!
function AuthUser() {
! global $MPCONF, $DBA, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
! $this->KillOldSessions();
! $cookiename = $MPCONF['SES']['normcookie'];
! $this->cookietime = time() + $MPCONF['SES']['cookietime'];
if(($HTTP_POST_VARS['username'] != "") && ($HTTP_POST_VARS['password'] != "")) {
$enc_password = md5($HTTP_POST_VARS['password']);
! $result = $DBA->query('SELECT username FROM ' . $MPCONF['DB']['table_prefix'] . "users WHERE username='{$HTTP_POST_VARS['username']}' AND password='$enc_password'");
$num_rows = $DBA->num_rows($result);
if($num_rows > 0) {
! $data = $DBA->fetch_array($result);
! $sess_user = $data['username'];
! $sesskey = $this->getSessKey();
! $DBA->query('INSERT INTO ' . $MPCONF['DB']['table_prefix'] . "sessions (sesskey, expiretime, username) VALUES('$sesskey', '" . $this->cookietime . "', '" . $sess_user. "')");
! setcookie($cookiename, $sess_user, $this->cookietime, $MPCONF['GEN']['uri']);
! return $this->FetchUserVars($sess_user);
} else {
header("Location: " . $MPCONF['GEN']['uri'] . "/error.php?ecode=auth");
}
! } elseif($HTTP_COOKIE_VARS[$cookiename]) {
! $sess_user = $HTTP_COOKIE_VARS[$cookiename];
! $result = $DBA->query('SELECT sesskey FROM ' . $MPCONF['DB']['table_prefix'] . 'sessions WHERE username = "' . $sess_user . '"');
! $num_rows = $DBA->num_rows($result);
! if($num_rows > 0) {
! $DBA->query('UPDATE ' . $MPCONF['DB']['table_prefix'] . 'sessions SET expiretime="' . $this->cookietime . '" WHERE username = "' . $sess_user . '"');
! return $this->FetchUserVars($sess_user);
! setcookie($cookiename, $sess_user, $this->cookietime, $MPCONF['GEN']['uri']);
! } else {
! return $this->FetchUserVars('Anonymous');
! }
! } elseif($HTTP_COOKIE_VARS[$MPCONF['SES']['extcookie']]) {
! $this->mpcookie = $HTTP_COOKIE_VARS[$MPCONF['SES']['extcookie']];
! $authstring = $this->mpcookie;
! $result = $DBA->query('SELECT username FROM ' . $MPCONF['DB']['table_prefix'] . 'users WHERE authstring="' . $authstring . '"');
! $num_rows = $DBA->num_rows($result);
! if($num_rows > 0) {
! $sess_user = $username;
! $sesskey = $this->getSessKey();
! $DBA->query("INSERT INTO " . $MPCONF['DB']['table_prefix'] . "sessions (sesskey, expiretime, username) VALUES('$sesskey', '" . $this->cookietime . "', '$sess_user')");
! setcookie($cookiename, $sess_user, $this->cookietime, $MPCONF['GEN']['uri']);
! return $this->FetchUserVars($sess_user);
! } else {
! header("Location: " . $MPCONF['GEN']['abs_path'] . "/error.php?ecode=auth");
! }
} else {
$sess_user = "Anonymous";
! return $this->FetchUserVars('Anonymous');
! }
!
! if($this->UserVars['isadmin'] == 1) {
! $this->AuthAdmin();
}
--- 28,108 ----
*******************************************************************************
+ *******************************************************************************
+
+ Notes on this document:
+ Database abstraction classes have been partially taken from jimmacr's phpusion
+ project. Some source code has been modified, but most functions do exactly
+ the same thing he intended them for. Most likely, this code will be mostly
+ rewritten by project release.
+
+ *******************************************************************************
******************************************************************************/
class Auth {
!
var $mpcookie;
!
function AuthUser() {
! session_start();
! if (empty($_REQUEST['PHPSESSID'])) {
! SetCookie("PHPSESSID", session_id(), (time() + (315360000)), "", "", 0);
! }
! global $MPCONF, $DBA, $HTTP_POST_VARS;
!
if(($HTTP_POST_VARS['username'] != "") && ($HTTP_POST_VARS['password'] != "")) {
+
$enc_password = md5($HTTP_POST_VARS['password']);
! $result = $DBA->query('SELECT * FROM ' . $MPCONF['DB']['table_prefix'] . "users WHERE username='{$HTTP_POST_VARS['username']}' AND password='$enc_password'");
$num_rows = $DBA->num_rows($result);
if($num_rows > 0) {
! $user_array = $DBA->fetch_array($result);
! $_SESSION['user_array'] = $user_array;
!
! $MPCONF['USR'] = $user_array;
! $this->AuthAdmin();
} else {
header("Location: " . $MPCONF['GEN']['uri'] . "/error.php?ecode=auth");
}
! } elseif(isset($_SESSION['user_array'])) {
! $MPCONF['USR'] = $_SESSION['user_array'];
! $sess_user = $MPCONF['USR']['username'];
! $this->AuthAdmin();
! //} elseif($HTTP_COOKIE_VARS[$MPCONF['SES']['extcookie']]) {
!
! //$this->mpcookie = $HTTP_COOKIE_VARS[$MPCONF['SES']['extcookie']];
! //$authstring = $this->mpcookie;
!
! //$result = $DBA->query('SELECT username FROM ' . $MPCONF['DB']['table_prefix'] . 'users WHERE authstring="' . $authstring . '"');
!
! //$num_rows = $DBA->num_rows($result);
! //if($num_rows > 0) {
! //$sess_user = $username;
! //$sesskey = $this->getSessKey();
! //$userdata = $this->FetchUserVars($sess_user);
! //$DBA->query("INSERT INTO " . $MPCONF['DB']['table_prefix'] . "sessions (sesskey, expiretime, userid, username) VALUES('$sesskey', '" . $this->cookietime . "', " . $userdata['user_id'] . ", '$sess_user')");
! //setcookie($cookiename, $sess_user, $this->cookietime, $MPCONF['GEN']['uri']);
! //return $userdata;
!
! //} else {
! //header("Location: " . $MPCONF['GEN']['abs_path'] . "/error.php?ecode=auth");
! //}
} else {
$sess_user = "Anonymous";
! $result = $DBA->query('SELECT * FROM ' . $MPCONF['DB']['table_prefix'] . "users WHERE username='Anonymous'");
!
! $user_array = $DBA->fetch_array($result);
! $_SESSION['user_array'] = $user_array;
!
! $MPCONF['USR'] = $user_array;
}
***************
*** 139,149 ****
function AuthAdmin() {
! if ($this->UserVars["isadmin"] == 1) {
! $this->isadmin = 1;
! if ($this->UserVars["isgod"] == 1) {
! $this->isgod = 1;
}
--- 110,120 ----
function AuthAdmin() {
! if ($MPCONF['USR']['isadmin'] == 1) {
! $MPCONF['USR']['isadmin'] = 1;
! if ($MPCONF['USR']['isgod'] == 1) {
! $MPCONF['USR']['isadmin'] = 1;
}
***************
*** 154,158 ****
}
!
function UpdateUser() {
--- 125,133 ----
}
!
! function Register() {
!
! }
!
function UpdateUser() {
***************
*** 160,167 ****
function Logout() {
! }
!
}
--- 135,149 ----
function Logout() {
+
+ global $MPCONF, $DBA;
! session_unregister('user_array');
! $DBA->query('DELETE FROM ' . $MPCONF['DB']['table_prefix'] . 'sessions WHERE sesskey = "' . session_id() . '"');
! unset($MPCONF['USR']);
! $this->AuthUser();
!
! }
!
}
Index: core.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/core.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -r1.17 -r1.18
*** core.php 26 Jul 2002 09:06:58 -0000 1.17
--- core.php 27 Jul 2002 05:35:59 -0000 1.18
***************
*** 66,75 ****
// Main phpMP Class which loads all other files, config options, and modules.
class PHPMP{
!
// Loads all core classes, config files, and variables.
// Returns: none.
function Init($core_files="",$var_files="") {
! global $MPCONF;
if($core_files != "") {
--- 66,75 ----
// Main phpMP Class which loads all other files, config options, and modules.
class PHPMP{
!
// Loads all core classes, config files, and variables.
// Returns: none.
function Init($core_files="",$var_files="") {
! global $MPCONF, $HTTP_GET_VARS;
if($core_files != "") {
***************
*** 94,99 ****
$Functions->GetConfig();
! $Auth = new Auth(); //Auth not yet written.
! $MPCONF['USR'] = $Auth->AuthUser();
if($MPCONF['USR']['language'] != '') {
--- 94,105 ----
$Functions->GetConfig();
! include_once($MPCONF['GEN']['abs_path'] . '/includes/sessions.php');
!
! $Auth = new Auth();
! $Auth->AuthUser();
!
! if($HTTP_GET_VARS['logout'] == 'true') {
! $Auth->Logout();
! }
if($MPCONF['USR']['language'] != '') {
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X