-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathuser.php
151 lines (130 loc) · 4.8 KB
/
user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
<?php
require __DIR__ . '/vendor/autoload.php';
class User
{
var $user_id = 0;
var $provider_id = PROVIDER_NULL;
var $session_id = false;
var $ip = false;
var $form_token = '';
function __construct()
{
if (isset($_SERVER['REMOTE_ADDR']))
{
// Multiple IPs could be given, take the first
$ip_parts = explode(',', $_SERVER['REMOTE_ADDR']);
$this->ip = inet_ntop(inet_pton($ip_parts[0]));
}
}
function start_session()
{
global $db;
// See if it's an existing session
if (isset($_COOKIE['session_id']))
{
$uuid = $_COOKIE['session_id'];
if (uuid_is_valid($uuid))
{
$sql = 'SELECT user_id, provider_id, form_token FROM ' . SESSION_TABLE . ' WHERE session_id = :id AND session_ip = :ip';
$sth = $db->prepare($sql);
$sth->execute(array(':id' => $uuid, ':ip' => $this->ip));
$result = $sth->fetch(PDO::FETCH_ASSOC);
if ($result !== false)
{
$this->user_id = (int) $result['user_id'];
$this->provider_id = (int) $result['provider_id'];
$this->session_id = $uuid;
$this->form_token = $result['form_token'];
return;
}
}
}
// Create a new session
//$this->session_create();
}
function session_create($user_id = false, $provider_id = false)
{
global $db;
$this->session_id = uuid_create(UUID_TYPE_RANDOM);
$this->form_token = uuid_create(UUID_TYPE_RANDOM);
// If we've been given a user ID, we also need a provider ID
if ($user_id !== false && $user_id != GUEST_USER && $provider_id !== false)
{
$this->user_id = (int) $user_id;
$this->provider_id = $provider_id;
// Delete any old sessions from when they were a guest
if (isset($_COOKIE['session_id']) && uuid_is_valid($_COOKIE['session_id']))
{
$sql = 'DELETE FROM ' . SESSION_TABLE . ' WHERE session_id = :session_id AND user_id = :user_id';
$del = $db->prepare($sql);
$del->execute(array(':session_id' => $_COOKIE['session_id'], ':user_id' => GUEST_USER));
}
}
else
{
$this->user_id = GUEST_USER;
$this->provider_id = PROVIDER_NULL;
}
$sql = 'INSERT INTO ' . SESSION_TABLE . ' (user_id, provider_id, session_id, session_ip, session_created, form_token) VALUES (
:user_id, :provider_id, :session_id, :session_ip, :time, :form_token)';
$uph = $db->prepare($sql);
$uph->execute(array(
':user_id' => $this->user_id,
':provider_id' => $this->provider_id,
':session_id' => $this->session_id,
':session_ip' => $this->ip,
':form_token' => $this->form_token,
':time' => time(),
));
$this->set_cookie('session_id', $this->session_id);
}
function session_kill()
{
global $db;
$sql = 'DELETE FROM ' . SESSION_TABLE . ' WHERE session_id = :session_id AND user_id = :user_id';
$del = $db->prepare($sql);
$del->execute(array(':session_id' => $this->session_id, ':user_id' => $this->user_id));
$this->set_cookie('session_id', $this->session_id, true);
}
function set_cookie($name, $value, $unset = false)
{
$secure = (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? true : false;
$options = [
'expires' => !$unset ? strtotime('+14 days') : 1,
'path' => '/',
'secure' => $secure,
'httponly' => true,
];
setcookie($name, $value, $options);
}
function add_provider($provider_id, $provider_user_id)
{
global $db;
if ($this->user_id == GUEST_USER)
{
echo 'Guests cannot be linked to a provider';
return false;
}
$sql = 'INSERT INTO ' . LINKS_TABLE . ' (user_id, provider_id, external_user_id) VALUES (' .
':user_id, :provider_id, :provider_userid)';
$sth = $db->prepare($sql);
$result = $sth->execute(array(
':user_id' => $this->user_id,
':provider_id' => $provider_id,
':provider_userid' => $provider_user_id,
));
if (!$result)
{
print_r($sth->errorInfo());
return false;
}
return true;
}
function set_provider($provider_id)
{
if ($this->user_id != GUEST_USER)
{
$this->provider_id = $provider_id;
}
}
}