diff options
Diffstat (limited to 'web/include/User.inc')
| -rw-r--r-- | web/include/User.inc | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/web/include/User.inc b/web/include/User.inc new file mode 100644 index 0000000..84d36b3 --- /dev/null +++ b/web/include/User.inc @@ -0,0 +1,150 @@ +<? +# +# vim:set ts=4: +# vim:set shiftwidth=4; +# + +class User +{ + var $ref; + var $session = false; + var $auth_timeout = false; + + var $db; + + /** + * create a new User object + * + * creates a new user by looking into the <code>session</code> + * + * @param object Database Object + * @param object Session Object + * @param integer Login timout in seconds + */ + function User(&$database, &$session, $auth_timeout) { + assert($session); + assert($database); + assert($auth_timeout); + $this->session = &$session; + $this->auth_timeout = $auth_timeout; + $this->db = &$database; + + $last_seen = $this->session->data['user']['last_seen']; + $ref = $this->session->data['user']['ref']; + $authenticated = false; + + if ( $last_seen && + ( $last_seen + $this->auth_timeout >= time()) && + ( $time_seen <= time() ) && + $this->session->data['user']['authenticated'] && + $this->check_ref_session($ref) ) + $authenticated = true; + else { + $ref = false; + $authenticated = false; + $last_seen = false; + } + + $this->session->data['user']['authenticated'] = $authenticated; + $this->session->data['user']['last_seen'] = $authenticated ? time() : false; + $this->session->data['user']['ref'] = $ref; + } + + /** + * Check if given Ref is a valid user ref + * + * checks if the ref and current session are from the same user. + * + * @param integer user ref + * @returns boolean true if success + */ + function check_ref_session($ref) { + assert($this->session); + assert($this->session->ref); + assert($this->db); + assert($ref); + + $row=$this->db->query_row('SELECT ref FROM account WHERE session_ref=? AND ref=?', array($this->session->ref, $ref)); + + if ( $row === false ) + return false; + else + return true; + } + + /** + * Do the login of a user + * + * Check if username and password are a valid pair, and update session_ref + * in database, set timestamp. + * + * @param string supplied username from user + * @param string supplied password from user + * @returns boolean true if success + */ + function do_login($username, $password) + { + assert($this->session); + assert($this->session->ref); + assert($this->db); +# assert($username); +# assert($password); + if ( ! $username ) + return false; + if ( ! $password ) + return false; + + $row=$this->db->query_row('SELECT ref FROM account WHERE username=? AND password=?', array($username,$password)); + + if ( $row === false ) + return false; + + $update = $this->db->update('account', $row['ref'], array(session_ref=>$this->session->ref)); + if ( ! $update ) + return false; + + $this->session->data['user']['authenticated'] = true; + $this->session->data['user']['last_seen'] = time(); + $this->session->data['user']['ref'] = $row['ref']; + $this->session->data['user']['username'] = $username; + + # FIXME: old session is destroyed + return true; + } + + /** + * Logout the User + * + * logout the user, do not check if has logged in. + * + * @returns boolean true on success, false otherwhise + */ + function do_logout() + { + assert($this->session); + assert($this->session->ref); + $this->session->data['user']['authenticated'] = false; + $this->session->data['user']['last_seen'] = false; + $this->session->data['user']['ref'] = false; + $this->session->data['user']['username'] = false; + return true; + } + + /** + * Check for login status + * + * Checks if user has logged in correctly. + * + * @returns boolean true on authenticated, false otherwhise + */ + function check_login() + { + assert($this->session); + if (! $this->session->get_id()) + return false; + assert($this->session->ref); + return $this->session->data['user']['authenticated']; + } +} + +?> |