time = time(); $this->startSession(); } /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession(){ global $database; //The database connection if(session_id() == '') { session_start(); //Tell PHP to start the session } /* Determine if user is logged in */ $this->logged_in = $this->checkLogin(); if($this->logged_in){ /* Update users last active timestamp */ $database->addActiveUser($this->userName, $this->time); } /* Set referrer page */ if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['REQUEST_URI']; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ global $database; //The database connection /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ $this->userName = $_SESSION['userName'] = $_COOKIE['cookname']; $this->userHash = $_SESSION['userHash'] = $_COOKIE['cookid']; $_SESSION['isLoggedInCD'] = true; } /* Username and userHash have been set and not guest */ if(isset($_SESSION['userName']) && isset($_SESSION['userHash']) ){ /* Confirm that userName and userHash are valid */ if($database->confirmUserID($_SESSION['userName'], $_SESSION['userHash']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['userName']); unset($_SESSION['userHash']); return false; } /* User is logged in, set class variables */ $this->userinfo = $database->getUserInfo($_SESSION['userName']); $this->userName = $this->userinfo['userName']; $this->userFullname = $this->userinfo['userFullname']; $this->userID = $this->userinfo['userID']; $this->userHash = $this->userinfo['userHash']; $this->userLevel = $this->userinfo['userLevel']; return true; } /* User not logged in */ else{ return false; } } /** * login - The user has submitted his userName and userPass * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for userName if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered"); } /* Password error checking */ $field = "pass"; //Use field name for userPass if(!$subpass){ $form->setError($field, "* Password not entered"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that userName is in database and userPass is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, hash('sha256' ,$subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form->setError($field, "* Username not found"); } else if($result == 2){ $field = "pass"; $form->setError($field, "* Invalid password"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Username and userPass correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->userName = $_SESSION['userName'] = $this->userinfo['userName']; $this->userID = $_SESSION['userID'] = $this->userinfo['userID']; $this->userHash = $_SESSION['userHash'] = $this->generateRandID(); $this->userLevel = $this->userinfo['userLevel']; $_SESSION['isLoggedInCD'] = true; /* Insert userHash into database and update active users table */ $database->updateUserField($this->userName, "userHash", $this->userHash); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his userName, * and one to hold his random value userHash. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ //if($subremember){ setcookie("cookname", $this->userName, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->userHash, time()+COOKIE_EXPIRE, COOKIE_PATH); //} /* Login completed successfully */ return true; } /** * logout - Gets called when the user wants to be logged out of the * website. It deletes any cookies that were stored on the users * computer as a result of him wanting to be remembered, and also * unsets session variables and demotes his user level to guest. */ function logout(){ global $database; //The database connection /** * Delete cookies - the time must be in the past, * so just negate what you added when creating the * cookie. */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH); } /* Unset PHP session variables */ unset($_SESSION['userName']); unset($_SESSION['userHash']); unset($_SESSION['isLoggedInCD']); /* Reflect fact that user has logged out */ $this->logged_in = false; } /** * isAdmin - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAdmin(){ return ($this->userLevel >= ADMIN_LEVEL || $this->userName == ADMIN_NAME); } /** * generateRandID - Generates a string made up of randomized * letters (lower and upper case) and digits and returns * the md5 hash of it to be used as a userHash. */ function generateRandID(){ return md5($this->generateRandStr(16)); } /** * generateRandStr - Generates a string made up of randomized * letters (lower and upper case) and digits, the length * is a specified parameter. */ function generateRandStr($length){ $randstr = ""; for($i=0; $i<$length; $i++){ $randnum = mt_rand(0,61); if($randnum < 10){ $randstr .= chr($randnum+48); }else if($randnum < 36){ $randstr .= chr($randnum+55); }else{ $randstr .= chr($randnum+61); } } return $randstr; } }; /** * Initialize session object - This must be initialized before * the form object because the form uses session variables, * which cannot be accessed unless the session has started. */ $session = new Session; /* Initialize form object */ $form = new Form; ?>