@@ -13,14 +13,14 @@ class UserTools { | |||
//username and password match a row in the database. | |||
//If it is successful, set the session variables | |||
//and store the user object within. | |||
public function login($username, $password, $remember_me) | |||
public function login($username, $password, $remember_me, $CONF) | |||
{ | |||
$result = $this->db->select("users", "username=? AND password=?", array($username, $password)); | |||
if($result) | |||
{ | |||
$user = new User($result); | |||
$_SESSION["user"] = serialize($user); | |||
$_SESSION["logged_in"] = 1; | |||
$_SESSION[$CONF['session_prefix']."user"] = serialize($user); | |||
$_SESSION[$CONF['session_prefix']."logged_in"] = 1; | |||
if ($remember_me) | |||
{ | |||
$identifier = hashPassword($username, $this->conf); | |||
@@ -32,7 +32,7 @@ class UserTools { | |||
"timeout" => date("Y-m-d H:i:s",time() + 60 * 60 * 24 * 7) | |||
); | |||
$this->db->insert($data, "sessions"); | |||
setcookie('auth', "$identifier:$token", time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']); | |||
setcookie($CONF['session_prefix'].'auth', "$identifier:$token", time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']); | |||
} | |||
return true; | |||
}else{ | |||
@@ -52,17 +52,17 @@ class UserTools { | |||
} | |||
//Log the user out. Destroy the session variables. | |||
public function logout() | |||
public function logout($CONF) | |||
{ | |||
if (isset($_COOKIE['auth'])) | |||
{ | |||
$user = unserialize($_SESSION['user']); | |||
$user = unserialize($_SESSION[$CONF['session_prefix'].'user']); | |||
list($identifier, $token) = explode(':', $_COOKIE['auth']); | |||
$this->db->delete("sessions", "user_id=?", array($user->id)); | |||
setcookie('auth', false, time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']); | |||
setcookie($CONF['session_prefix'].'auth', false, time() + 60 * 60 * 24 * 7, '/', '.'.$this->conf['host']); | |||
} | |||
unset($_SESSION['user']); | |||
unset($_SESSION['logged_in']); | |||
unset($_SESSION[$CONF['session_prefix'].'user']); | |||
unset($_SESSION[$CONF['session_prefix'].'logged_in']); | |||
session_destroy(); | |||
} | |||
@@ -348,6 +348,12 @@ $CONF['errors'] = array( | |||
'NoAuth' => array('code' => 44, 'message' => 'Not Authorized') | |||
); | |||
$CONF['session_prefix'] = ''; | |||
if ($CONF['dev_env']) | |||
{ | |||
$CONF['session_prefix'] = 'dev_'; | |||
} | |||
/* | |||
Class initilization | |||
*/ | |||
@@ -370,24 +376,24 @@ ini_set('session.cookie_domain', '.'.$CONF['host']); | |||
session_start(); | |||
//Set session if cookie present and valid | |||
if (isset($_COOKIE['auth'])) | |||
if (isset($_COOKIE[$CONF['session_prefix'].'auth'])) | |||
{ | |||
list($identifier, $token) = explode(':', $_COOKIE['auth']); | |||
$result = $db->select("sessions", "identifier=? AND token=?", array($identifier, $token)); | |||
if(isset($result['user_id'])) | |||
{ | |||
$_SESSION['user'] = serialize($userTools->get($result['user_id'])); | |||
$_SESSION['logged_in'] = 1; | |||
$_SESSION[$CONF['session_prefix'].'user'] = serialize($userTools->get($result['user_id'])); | |||
$_SESSION[$CONF['session_prefix'].'logged_in'] = 1; | |||
} | |||
} | |||
//refresh session variables if logged in | |||
if (isset($_SESSION['logged_in'])) | |||
if (isset($_SESSION[$CONF['session_prefix'].'logged_in'])) | |||
{ | |||
$user = unserialize($_SESSION['user']); | |||
$_SESSION['user'] = serialize($userTools->get($user->id)); | |||
if ($_SESSION['logged_in'] == 1) | |||
if ($_SESSION[$CONF['session_prefix'].'logged_in'] == 1) | |||
{ | |||
$user = unserialize($_SESSION[$CONF['session_prefix'].'user']); | |||
$_SESSION[$CONF['session_prefix'].'user'] = serialize($userTools->get($user->id)); | |||
$logged_in = true; | |||
} | |||
else |
@@ -17,9 +17,14 @@ if(isset($_POST)) | |||
{ | |||
$remember = true; | |||
} | |||
if ($userTools->login($username, hashPassword($password, $CONF), $remember)) | |||
if ($userTools->login($username, hashPassword($password, $CONF), $remember, $CONF)) | |||
{ | |||
$user = unserialize($_SESSION['user']); | |||
$user_var = 'user'; | |||
if ($CONF['dev_env']) | |||
{ | |||
$user_var = 'user_dev'; | |||
} | |||
$user = unserialize($_SESSION[$user_var]); | |||
$user->save($db); | |||
//successful login, redirect them to a page | |||
echo "true"; |
@@ -4,7 +4,7 @@ require_once('config.php'); | |||
//check to see that the form has been submitted | |||
if(isset($_POST)) | |||
{ | |||
$userTools->logout(); | |||
$userTools->logout($CONF); | |||
echo "true"; | |||
} | |||
else |