Browse Source
Added dev prefix to sessions and cookies to prevent issues with main site.
tags/v1.1^2
4 changed files with 30 additions and 19 deletions
+ 9
- 9
includes/classes/UserTools.class.php
View File
| @@ -13,14 +13,14 @@ class UserTools { | |||
| //username and password match a row in the database. | |||
| //If it is successful, set the session variables | |||
| //and store the user object within. | |||
| public function login($username, $password, $remember_me) | |||
| public function login($username, $password, $remember_me, $CONF) | |||
| { | |||
| $result = $this->db->select("users", "username=? AND password=?", array($username, $password)); | |||
| if($result) | |||
| { | |||
| $user = new User($result); | |||
| $_SESSION["user"] = serialize($user); | |||
| $_SESSION["logged_in"] = 1; | |||
| $_SESSION[$CONF['session_prefix']."user"] = serialize($user); | |||
| $_SESSION[$CONF['session_prefix']."logged_in"] = 1; | |||
| if ($remember_me) | |||
| { | |||
| $identifier = hashPassword($username, $this->conf); | |||
| @@ -32,7 +32,7 @@ class UserTools { | |||
| "timeout" => date("Y-m-d H:i:s",time() + 60 * 60 * 24 * 7) | |||
| ); | |||
| $this->db->insert($data, "sessions"); | |||
| setcookie('auth', "$identifier:$token", time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']); | |||
| setcookie($CONF['session_prefix'].'auth', "$identifier:$token", time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']); | |||
| } | |||
| return true; | |||
| }else{ | |||
| @@ -52,17 +52,17 @@ class UserTools { | |||
| } | |||
| //Log the user out. Destroy the session variables. | |||
| public function logout() | |||
| public function logout($CONF) | |||
| { | |||
| if (isset($_COOKIE['auth'])) | |||
| { | |||
| $user = unserialize($_SESSION['user']); | |||
| $user = unserialize($_SESSION[$CONF['session_prefix'].'user']); | |||
| list($identifier, $token) = explode(':', $_COOKIE['auth']); | |||
| $this->db->delete("sessions", "user_id=?", array($user->id)); | |||
| setcookie('auth', false, time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']); | |||
| setcookie($CONF['session_prefix'].'auth', false, time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']); | |||
| } | |||
| unset($_SESSION['user']); | |||
| unset($_SESSION['logged_in']); | |||
| unset($_SESSION[$CONF['session_prefix'].'user']); | |||
| unset($_SESSION[$CONF['session_prefix'].'logged_in']); | |||
| session_destroy(); | |||
| } | |||
+ 13
- 7
includes/config.php.default
View File
| @@ -348,6 +348,12 @@ $CONF['errors'] = array( | |||
| 'NoAuth' => array('code' => 44, 'message' => 'Not Authorized') | |||
| ); | |||
| $CONF['session_prefix'] = ''; | |||
| if ($CONF['dev_env']) | |||
| { | |||
| $CONF['session_prefix'] = 'dev_'; | |||
| } | |||
| /* | |||
| Class initilization | |||
| */ | |||
| @@ -370,24 +376,24 @@ ini_set('session.cookie_domain', '.'.$CONF['host']); | |||
| session_start(); | |||
| //Set session if cookie present and valid | |||
| if (isset($_COOKIE['auth'])) | |||
| if (isset($_COOKIE[$CONF['session_prefix'].'auth'])) | |||
| { | |||
| list($identifier, $token) = explode(':', $_COOKIE['auth']); | |||
| $result = $db->select("sessions", "identifier=? AND token=?", array($identifier, $token)); | |||
| if(isset($result['user_id'])) | |||
| { | |||
| $_SESSION['user'] = serialize($userTools->get($result['user_id'])); | |||
| $_SESSION['logged_in'] = 1; | |||
| $_SESSION[$CONF['session_prefix'].'user'] = serialize($userTools->get($result['user_id'])); | |||
| $_SESSION[$CONF['session_prefix'].'logged_in'] = 1; | |||
| } | |||
| } | |||
| //refresh session variables if logged in | |||
| if (isset($_SESSION['logged_in'])) | |||
| if (isset($_SESSION[$CONF['session_prefix'].'logged_in'])) | |||
| { | |||
| $user = unserialize($_SESSION['user']); | |||
| $_SESSION['user'] = serialize($userTools->get($user->id)); | |||
| if ($_SESSION['logged_in'] == 1) | |||
| if ($_SESSION[$CONF['session_prefix'].'logged_in'] == 1) | |||
| { | |||
| $user = unserialize($_SESSION[$CONF['session_prefix'].'user']); | |||
| $_SESSION[$CONF['session_prefix'].'user'] = serialize($userTools->get($user->id)); | |||
| $logged_in = true; | |||
| } | |||
| else | |||
+ 7
- 2
includes/process_login.php
View File
| @@ -17,9 +17,14 @@ if(isset($_POST)) | |||
| { | |||
| $remember = true; | |||
| } | |||
| if ($userTools->login($username, hashPassword($password, $CONF), $remember)) | |||
| if ($userTools->login($username, hashPassword($password, $CONF), $remember, $CONF)) | |||
| { | |||
| $user = unserialize($_SESSION['user']); | |||
| $user_var = 'user'; | |||
| if ($CONF['dev_env']) | |||
| { | |||
| $user_var = 'user_dev'; | |||
| } | |||
| $user = unserialize($_SESSION[$user_var]); | |||
| $user->save($db); | |||
| //successful login, redirect them to a page | |||
| echo "true"; | |||
+ 1
- 1
includes/process_logout.php
View File
| @@ -4,7 +4,7 @@ require_once('config.php'); | |||
| //check to see that the form has been submitted | |||
| if(isset($_POST)) | |||
| { | |||
| $userTools->logout(); | |||
| $userTools->logout($CONF); | |||
| echo "true"; | |||
| } | |||
| else | |||
Loading…