This repository was archived by the owner on Feb 1, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsession.inc.php
87 lines (77 loc) · 2.02 KB
/
session.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<?php
class CSession
{
var $UserID=-1;
var $UserName='';
function GetUserID()
{ return $this->UserID; }
function GetUserName()
{ return $this->UserName; }
function Start()
{
if(defined('SESSION_NAME') AND SESSION_NAME!='')
{
session_name(SESSION_NAME);
}
session_set_cookie_params(SESSION_DURATION);
session_start();
}
function Stop()
{
session_write_close();
}
function CheckLogin(&$Server,&$SQL,$User='',$PW='')
{
if(isset($_SESSION['sid']))
{
$Res=$SQL->Query('SELECT userid,username FROM '.SQL_PREFIX.'_session '.
'WHERE sess_id=\''.$DB->Escape($_SESSION['sid']).'\' AND '.
'TIMESTAMPDIFF(SECOND,last_access,CURRENT_TIMESTAMP)<\''.SESSION_DURATION.'\'');
if(!$Res OR $SQL->NumRows($Res)>1)
{ return $DB->Error(); }
$Row=$SQL->Fetch($Res);
$this->UserID=$Row['userid'];
$this->UserName=$Row['username'];
$SQL->Free($Res);
$SQL->Query('UPDATE '.SQL_PREFIX.'_session SET last_access=CURRENT_TIMESTAMP '.
'WHERE sess_id=\''.$_SESSION['sid'].'\'');
}
elseif(!empty($User))
{
$User=str_replace('%','\\%',$User);
$Res=$SQL->Query('SELECT ID,username FROM '.SQL_PREFIX.'_user '.
'WHERE name LIKE '.$DB->Escape($User).' AND '.
'pw=SHA1('.$DB->Escape($PW).')');
if(!$Res OR $SQL->NumRows($Res)>1)
{ return $DB->Error(); }
if($SQL->NumRows($Res)<1)
{ return false; }
$Row=$SQL->Fetch($Res);
$this->UserID=$Row['ID'];
$this->UserName=$Row['username'];
$SQL->Free($Res);
$SQL->Query('DELETE FROM '.SQL_PREFIX.'_session WHERE '.
'userid=\''.$Row['ID'].'\'');
$Res=$SQL->Error();
if($Res['code']!=0)
{ return $Res; }
$SessID=MakeSessID($PW);
$SQL->Query('INSERT INTO '.SQL_PREFIX.'_session (sess_id,userid,username) VALUES ('.
'\''.$SessID.'\',\''.$Row['ID'].'\',\''.$Row['username'].'\')');
$Res=$SQL->Error();
if($Res['code']!=0)
{ return $Res; }
$_SESSION['sid']=$SessID;
}
else
{
return false;
}
return true;
}
function MakeSessID($PW)
{
return sha1($PW.microtime());
}
};
?>