1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
<?
#
# vim:set ts=4:
# vim:set shiftwidth=4;
#
class User
{
var $ref;
var $session = false;
var $auth_timeout = false;
var $db;
/**
* create a new User object
*
* creates a new user by looking into the <code>session</code>
*
* @param object Database Object
* @param object Session Object
* @param integer Login timout in seconds
*/
function User(&$database, &$session, $auth_timeout) {
assert($session);
assert($database);
assert($auth_timeout);
$this->session = &$session;
$this->auth_timeout = $auth_timeout;
$this->db = &$database;
$last_seen = $this->session->data['user']['last_seen'];
$ref = $this->session->data['user']['ref'];
$authenticated = false;
if ( $last_seen &&
( $last_seen + $this->auth_timeout >= time()) &&
( $time_seen <= time() ) &&
$this->session->data['user']['authenticated'] &&
$this->check_ref_session($ref) )
$authenticated = true;
else {
$ref = false;
$authenticated = false;
$last_seen = false;
}
$this->session->data['user']['authenticated'] = $authenticated;
$this->session->data['user']['last_seen'] = $authenticated ? time() : false;
$this->session->data['user']['ref'] = $ref;
}
/**
* Check if given Ref is a valid user ref
*
* checks if the ref and current session are from the same user.
*
* @param integer user ref
* @returns boolean true if success
*/
function check_ref_session($ref) {
assert($this->session);
assert($this->session->ref);
assert($this->db);
assert($ref);
$row=$this->db->query_row('SELECT ref FROM account WHERE session_ref=? AND ref=?', array($this->session->ref, $ref));
if ( $row === false )
return false;
else
return true;
}
/**
* Do the login of a user
*
* Check if username and password are a valid pair, and update session_ref
* in database, set timestamp.
*
* @param string supplied username from user
* @param string supplied password from user
* @returns boolean true if success
*/
function do_login($username, $password)
{
assert($this->session);
assert($this->session->ref);
assert($this->db);
# assert($username);
# assert($password);
if ( ! $username )
return false;
if ( ! $password )
return false;
$row=$this->db->query_row('SELECT ref FROM account WHERE username=? AND password=?', array($username,$password));
if ( $row === false )
return false;
$update = $this->db->update('account', $row['ref'], array(session_ref=>$this->session->ref));
if ( ! $update )
return false;
$this->session->data['user']['authenticated'] = true;
$this->session->data['user']['last_seen'] = time();
$this->session->data['user']['ref'] = $row['ref'];
$this->session->data['user']['username'] = $username;
# FIXME: old session is destroyed
return true;
}
/**
* Logout the User
*
* logout the user, do not check if has logged in.
*
* @returns boolean true on success, false otherwhise
*/
function do_logout()
{
assert($this->session);
assert($this->session->ref);
$this->session->data['user']['authenticated'] = false;
$this->session->data['user']['last_seen'] = false;
$this->session->data['user']['ref'] = false;
$this->session->data['user']['username'] = false;
return true;
}
/**
* Check for login status
*
* Checks if user has logged in correctly.
*
* @returns boolean true on authenticated, false otherwhise
*/
function check_login()
{
assert($this->session);
if (! $this->session->get_id())
return false;
assert($this->session->ref);
return $this->session->data['user']['authenticated'];
}
}
?>
|