Added dev prefix to sessions and cookies to prevent issues with main site.

includes/classes/UserTools.class.php

@@ -13,14 +13,14 @@ class UserTools {
     //username and password match a row in the database.
     //If it is successful, set the session variables
     //and store the user object within.
-    public function login($username, $password, $remember_me)
+    public function login($username, $password, $remember_me, $CONF)
     {
         $result = $this->db->select("users", "username=? AND password=?", array($username, $password));
         if($result)
         {
             $user = new User($result);
-            $_SESSION["user"] = serialize($user);
-            $_SESSION["logged_in"] = 1;
+            $_SESSION[$CONF['session_prefix']."user"] = serialize($user);
+            $_SESSION[$CONF['session_prefix']."logged_in"] = 1;
             if ($remember_me)
             {
               $identifier = hashPassword($username, $this->conf);
@@ -32,7 +32,7 @@ class UserTools {
                 "timeout" => date("Y-m-d H:i:s",time() + 60 * 60 * 24 * 7)
               );
               $this->db->insert($data, "sessions");
-              setcookie('auth', "$identifier:$token", time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']);
+              setcookie($CONF['session_prefix'].'auth', "$identifier:$token", time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']);
             }
             return true;
         }else{
@@ -52,17 +52,17 @@ class UserTools {
     }
     
     //Log the user out. Destroy the session variables.
-    public function logout()
+    public function logout($CONF)
     {
         if (isset($_COOKIE['auth']))
         {
-          $user = unserialize($_SESSION['user']);
+          $user = unserialize($_SESSION[$CONF['session_prefix'].'user']);
           list($identifier, $token) = explode(':', $_COOKIE['auth']);
           $this->db->delete("sessions", "user_id=?", array($user->id));
-          setcookie('auth', false, time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']);
+          setcookie($CONF['session_prefix'].'auth', false, time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']);
         }
-        unset($_SESSION['user']);
-        unset($_SESSION['logged_in']);
+        unset($_SESSION[$CONF['session_prefix'].'user']);
+        unset($_SESSION[$CONF['session_prefix'].'logged_in']);
         session_destroy();
     }
  

includes/config.php.default

@@ -348,6 +348,12 @@ $CONF['errors'] = array(
   'NoAuth' => array('code' => 44, 'message' => 'Not Authorized')
 );
 
+$CONF['session_prefix'] = '';
+if ($CONF['dev_env'])
+{
+  $CONF['session_prefix'] = 'dev_';
+}
+
 /*
 Class initilization
 */
@@ -370,24 +376,24 @@ ini_set('session.cookie_domain', '.'.$CONF['host']);
 session_start();
 
 //Set session if cookie present and valid
-if (isset($_COOKIE['auth']))
+if (isset($_COOKIE[$CONF['session_prefix'].'auth']))
 {
   list($identifier, $token) = explode(':', $_COOKIE['auth']);
   $result = $db->select("sessions", "identifier=? AND token=?", array($identifier, $token));
   if(isset($result['user_id']))
   {
-      $_SESSION['user'] = serialize($userTools->get($result['user_id']));
-      $_SESSION['logged_in'] = 1;
+      $_SESSION[$CONF['session_prefix'].'user'] = serialize($userTools->get($result['user_id']));
+      $_SESSION[$CONF['session_prefix'].'logged_in'] = 1;
   }
 }
 
 //refresh session variables if logged in
-if (isset($_SESSION['logged_in']))
+if (isset($_SESSION[$CONF['session_prefix'].'logged_in']))
 {
-    $user = unserialize($_SESSION['user']);
-    $_SESSION['user'] = serialize($userTools->get($user->id));
-    if ($_SESSION['logged_in'] == 1)
+    if ($_SESSION[$CONF['session_prefix'].'logged_in'] == 1)
     {
+      $user = unserialize($_SESSION[$CONF['session_prefix'].'user']);
+      $_SESSION[$CONF['session_prefix'].'user'] = serialize($userTools->get($user->id));
       $logged_in = true;
     }
     else

includes/process_login.php

@@ -17,9 +17,14 @@ if(isset($_POST))
     {
       $remember = true;
     }
-    if ($userTools->login($username, hashPassword($password, $CONF), $remember))
+    if ($userTools->login($username, hashPassword($password, $CONF), $remember, $CONF))
     {
-      $user = unserialize($_SESSION['user']);
+      $user_var = 'user';
+      if ($CONF['dev_env'])
+      {
+        $user_var = 'user_dev';
+      }
+      $user = unserialize($_SESSION[$user_var]);
       $user->save($db);
       //successful login, redirect them to a page
       echo "true";

includes/process_logout.php

@@ -4,7 +4,7 @@ require_once('config.php');
 //check to see that the form has been submitted
 if(isset($_POST))
 {
-  $userTools->logout();
+  $userTools->logout($CONF);
   echo "true";
 }
 else