From 31f8c77e0faea5b6ac7c9d37830a77be575676d4 Mon Sep 17 00:00:00 2001 From: ben Date: Sat, 15 Mar 2008 14:30:41 +0000 Subject: Session functionality, hello again! git-svn-id: https://code.elgg.org/elgg/trunk@233 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/sessions.php | 157 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 engine/lib/sessions.php (limited to 'engine/lib/sessions.php') diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php new file mode 100644 index 000000000..62cf7e398 --- /dev/null +++ b/engine/lib/sessions.php @@ -0,0 +1,157 @@ + 0) + return true; + return false; + + } + + /** + * Log in + * + * @param string $username + * @param string $password + * @param true|false $persistent + * @return true|false + */ + function login($username, $password, $persistent = false) { + + global $CONFIG; + $dbpassword = md5($password); + + if ($user = get_user_by_username($username)) { + if ($user->password == $dbpassword) { + + $_SESSION['user'] = $user; + $_SESSION['guid'] = $user->getGUID(); + $_SESSION['id'] = $_SESSION['guid']; + $_SESSION['username'] = $user->username; + $_SESSION['name'] = $user->name; + + $code = (md5($user->name . $user->username . time() . rand())); + // update_data("update {$CONFIG->dbprefix}users set code = '".md5($code)."' where id = {$user->id}"); + $user->code = md5($code); + $user->save(); + + //$code = md5($code); // This is a deliberate re-MD5-ing + + $_SESSION['code'] = $code; + //if (!empty($persistent)) { + + setcookie("elggperm", $code, (time()+(86400 * 30)),"/"); + + //} + // set_login_fields($user->id); + + + } + + return true; + } else { + return false; + } + + } + + /** + * Log the current user out + * + * @return true|false + */ + function logout() { + global $CONFIG; + + if (isset($_SESSION['user'])) { + $_SESSION['user']->code = ""; + $_SESSION['user']->save(); + } + unset($_SESSION['username']); + unset($_SESSION['name']); + unset($_SESSION['code']); + unset($_SESSION['guid']); + unset($_SESSION['id']); + unset($_SESSION['user']); + + setcookie("elggperm", "", (time()-(86400 * 30)),"/"); + + return true; + } + + /** + * Initialises the system session and potentially logs the user in + * + * This function looks for: + * + * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to -1 + * 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in + * + * @uses $_SESSION + * @param unknown_type $event + * @param unknown_type $object_type + * @param unknown_type $object + */ + function session_init($event, $object_type, $object) { + session_name('Elgg'); + session_start(); + + if (empty($_SESSION['guid'])) { + if (isset($_COOKIE['elggperm'])) { + + $code = $_COOKIE['elggperm']; + $code = md5($code); + if ($user = get_user_by_code($code)) { + $_SESSION['user'] = $user; + $_SESSION['id'] = $user->getGUID(); + $_SESSION['guid'] = $_SESSION['id']; + $_SESSION['code'] = $_COOKIE['elggperm']; + } else { + $_SESSION['id'] = -1; + } + } else { + $_SESSION['id'] = -1; + } + } else { + if (!empty($_SESSION['code'])) { + $code = md5($_SESSION['code']); + if ($user = get_user_by_code($code)) { + $_SESSION['user'] = $user; + } else { + } + } else { + $_SESSION['id'] = -1; + } + } + if ($_SESSION['id'] > 0) { + // set_last_action($_SESSION['id']); + } + } + + register_event_handler("init","system","session_init"); + + //register actions ************************************************************* + + register_action("login",true); + register_action("logout"); + + +?> \ No newline at end of file -- cgit v1.2.3