Browse Source

Added dev prefix to sessions and cookies to prevent issues with main site.

tags/v1.1^2
Teknikode 6 years ago
parent
commit
99df2e5d21

+ 9
- 9
includes/classes/UserTools.class.php View File

@@ -13,14 +13,14 @@ class UserTools {
//username and password match a row in the database.
//If it is successful, set the session variables
//and store the user object within.
public function login($username, $password, $remember_me)
public function login($username, $password, $remember_me, $CONF)
{
$result = $this->db->select("users", "username=? AND password=?", array($username, $password));
if($result)
{
$user = new User($result);
$_SESSION["user"] = serialize($user);
$_SESSION["logged_in"] = 1;
$_SESSION[$CONF['session_prefix']."user"] = serialize($user);
$_SESSION[$CONF['session_prefix']."logged_in"] = 1;
if ($remember_me)
{
$identifier = hashPassword($username, $this->conf);
@@ -32,7 +32,7 @@ class UserTools {
"timeout" => date("Y-m-d H:i:s",time() + 60 * 60 * 24 * 7)
);
$this->db->insert($data, "sessions");
setcookie('auth', "$identifier:$token", time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']);
setcookie($CONF['session_prefix'].'auth', "$identifier:$token", time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']);
}
return true;
}else{
@@ -52,17 +52,17 @@ class UserTools {
}
//Log the user out. Destroy the session variables.
public function logout()
public function logout($CONF)
{
if (isset($_COOKIE['auth']))
{
$user = unserialize($_SESSION['user']);
$user = unserialize($_SESSION[$CONF['session_prefix'].'user']);
list($identifier, $token) = explode(':', $_COOKIE['auth']);
$this->db->delete("sessions", "user_id=?", array($user->id));
setcookie('auth', false, time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']);
setcookie($CONF['session_prefix'].'auth', false, time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']);
}
unset($_SESSION['user']);
unset($_SESSION['logged_in']);
unset($_SESSION[$CONF['session_prefix'].'user']);
unset($_SESSION[$CONF['session_prefix'].'logged_in']);
session_destroy();
}

+ 13
- 7
includes/config.php.default View File

@@ -348,6 +348,12 @@ $CONF['errors'] = array(
'NoAuth' => array('code' => 44, 'message' => 'Not Authorized')
);
$CONF['session_prefix'] = '';
if ($CONF['dev_env'])
{
$CONF['session_prefix'] = 'dev_';
}
/*
Class initilization
*/
@@ -370,24 +376,24 @@ ini_set('session.cookie_domain', '.'.$CONF['host']);
session_start();
//Set session if cookie present and valid
if (isset($_COOKIE['auth']))
if (isset($_COOKIE[$CONF['session_prefix'].'auth']))
{
list($identifier, $token) = explode(':', $_COOKIE['auth']);
$result = $db->select("sessions", "identifier=? AND token=?", array($identifier, $token));
if(isset($result['user_id']))
{
$_SESSION['user'] = serialize($userTools->get($result['user_id']));
$_SESSION['logged_in'] = 1;
$_SESSION[$CONF['session_prefix'].'user'] = serialize($userTools->get($result['user_id']));
$_SESSION[$CONF['session_prefix'].'logged_in'] = 1;
}
}
//refresh session variables if logged in
if (isset($_SESSION['logged_in']))
if (isset($_SESSION[$CONF['session_prefix'].'logged_in']))
{
$user = unserialize($_SESSION['user']);
$_SESSION['user'] = serialize($userTools->get($user->id));
if ($_SESSION['logged_in'] == 1)
if ($_SESSION[$CONF['session_prefix'].'logged_in'] == 1)
{
$user = unserialize($_SESSION[$CONF['session_prefix'].'user']);
$_SESSION[$CONF['session_prefix'].'user'] = serialize($userTools->get($user->id));
$logged_in = true;
}
else

+ 7
- 2
includes/process_login.php View File

@@ -17,9 +17,14 @@ if(isset($_POST))
{
$remember = true;
}
if ($userTools->login($username, hashPassword($password, $CONF), $remember))
if ($userTools->login($username, hashPassword($password, $CONF), $remember, $CONF))
{
$user = unserialize($_SESSION['user']);
$user_var = 'user';
if ($CONF['dev_env'])
{
$user_var = 'user_dev';
}
$user = unserialize($_SESSION[$user_var]);
$user->save($db);
//successful login, redirect them to a page
echo "true";

+ 1
- 1
includes/process_logout.php View File

@@ -4,7 +4,7 @@ require_once('config.php');
//check to see that the form has been submitted
if(isset($_POST))
{
$userTools->logout();
$userTools->logout($CONF);
echo "true";
}
else

Loading…
Cancel
Save