PageRenderTime 26ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/phprd/users/users.php

http://yt-cache.googlecode.com/
PHP | 214 lines | 191 code | 18 blank | 5 comment | 50 complexity | 38e1739404fb262dd598747ae8976847 MD5 | raw file
Possible License(s): MIT 
    

  1. <?php

    2. 

  2. 

    3. 

  3. /**

    4. 

  4.  * @author dr4g0n

    5. 

  5.  * @copyright 2008

    6. 

  6.  */

    7. 

  7. 

    8. 

  8. require_once "phprd/error-log/error.php";

    9. 

  9. 

    10. 

  10. class user_sessions {

    11. 

  11. 	

    12. 

  12. 	private $storage="UNDEFINED";	// file or mysql implemented

    13. 

  13. 	private $db_handle=NULL;

    14. 

  14. 	private $db_table=NULL;

    15. 

  15.     private $error=NULL;

    16. 

  16. 	

    17. 

  17. 	public function __construct($storage_engine="mysql",$mysql_server="localhost",$mysql_username="root",$mysql_password="",$mysql_db="phprd",$mysql_table="users") {

    18. 

  18.         $this->error=ErrorHandler::singleton();

    19. 

  19.         if (empty($storage_engine) || empty($mysql_server) || empty($mysql_username) || empty($mysql_db) || empty($mysql_table))

    20. 

  20.             $this->error->add_error_die("Not enough parameters for connection to DB");

    21. 

  21.         switch ($storage_engine) {

    22. 

  22. 			case "mysql":

    23. 

  23. 				$this->db_handle=new mysql;

    24. 

  24. 				$r=$this->db_handle->connect($mysql_server,$mysql_username,$mysql_password,$mysql_db);

    25. 

  25.                 if (!$r) {

    26. 

  26. 					$this->error->add_error_die("Server <strong>{$mysql_server}</strong> connect failure");

    27. 

  27. 				} else {

    28. 

  28. 				$query='CREATE TABLE IF NOT EXISTS `users`(`id` serial, `username` varchar(32) default "" not null, `password` varchar(32) default "" not null, `email` varchar(64) default "" not null, `group` varchar(32) default "" not null)';

    29. 

  29. 				$r=$this->db_handle->sql($query);

    30. 

  30. 				$this->storage=$storage_engine;

    31. 

  31. 				$this->db_table=$mysql_table;

    32. 

  32.                 }

    33. 

  33. 			break;

    34. 

  34. 			case "file":

    35. 

  35. 				$this->storage=$storage_engine;

    36. 

  36. 			break;

    37. 

  37. 			default:

    38. 

  38. 			break;

    39. 

  39. 			}

    40. 

  40. 	}

    41. 

  41. 	

    42. 

  42. 	public function login_http($realm="Restricted") {

    43. 

  43. 		if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {

    44. 

  44.     	$username = mysql_escape_string(trim($_SERVER['PHP_AUTH_USER']));

    45. 

  45.     	$password = mysql_escape_string(trim($_SERVER['PHP_AUTH_PW']));

    46. 

  46.     	$r=$this->login_user($username,$password);

    47. 

  47.     	if (!$r) {

    48. 

  48. 			header("WWW-Authenticate: Basic realm=\"$realm\"");

    49. 

  49.     		header("HTTP/1.0 401 Unauthorized");

    50. 

  50.     		die();

    51. 

  51. 			} else return true;

    52. 

  52. 		} else {

    53. 

  53. 			header("WWW-Authenticate: Basic realm=\"$realm\"");

    54. 

  54.     		header("HTTP/1.0 401 Unauthorized");

    55. 

  55.     		die();

    56. 

  56. 		}

    57. 

  57. 	}

    58. 

  58. 	

    59. 

  59. 	public function login_user($username,$password,$userdb="users.db") {

    60. 

  60. 			switch ($this->storage) {

    61. 

  61. 			case "file":

    62. 

  62. 				$r=$this->login_file($username,$password,$userdb);

    63. 

  63. 				if ($r)	{

    64. 

  64. 					if (empty($_SESSION['online']))

    65. 

  65. 						$_SESSION['online']=time();

    66. 

  66. 					return true;

    67. 

  67. 				} else return false;

    68. 

  68. 			break;

    69. 

  69. 			case "mysql":

    70. 

  70. 				$r=$this->login_mysql($username,$password);

    71. 

  71. 				if ($r)	{

    72. 

  72. 					if (empty($_SESSION['online']))

    73. 

  73. 						$_SESSION['online']=time();

    74. 

  74. 					return true;

    75. 

  75. 				} else return false;

    76. 

  76. 				break;

    77. 

  77. 			default:

    78. 

  78. 			return false;

    79. 

  79. 		}

    80. 

  80. 	}

    81. 

  81. 	

    82. 

  82. 	private function login_mysql ($s_username,$s_password) {

    83. 

  83. 		if (empty($s_username) || empty($s_password)) return false;

    84. 

  84. 		$finduser=array("username"=>$s_username,"password"=>md5($s_password));

    85. 

  85. 		$res=$this->db_handle->get_row($this->db_table,$finduser);

    86. 

  86. 		if (!$res)

    87. 

  87. 			return false;

    88. 

  88. 		$_SESSION['s_username']=$s_username;

    89. 

  89. 		$_SESSION['s_password']=$s_password;

    90. 

  90. 		return true;

    91. 

  91. 	}

    92. 

  92. 	

    93. 

  93. 	private function login_file($username,$password,$userdb) {

    94. 

  94.         // file can be user password or seralized array of username and password

    95. 

  95. 		if (empty($username) || empty($password) || empty($userdb))

    96. 

  96. 			$this->error->add_error_die("One of the vars are empty!");

    97. 

  97. 		if (!file_exists($userdb)) {

    98. 

  98.             $this->error->add_error_die("Login file does not exist!");			

    99. 

  99.             }

    100. 

  100. 		$fh=fopen($userdb,"r");			//open db in read-only mode

    101. 

  101. 		while (!feof($fh))

    102. 

  102. 			$users.=fread($fh,999999);	//read all accounts-warning, very big userdb can eat alot of mem

    103. 

  103.             if (strlen($users)<1)

    104. 

  104.                 $this->error->add_error_die("Users file empty!");

    105. 

  105. 		fclose($fh);

    106. 

  106. 		$users=explode("\r\n",$users);	//parse all users

    107. 

  107. 		foreach ($users as $user) {

    108. 

  108. 			if (!empty($user)) {

    109. 

  109. 				$user_array=unserialize($user);

    110. 

  110.                 if (empty($user_array)) {

    111. 

  111.                     $user_a=explode(" ",$user);	//parse all users

    112. 

  112.                     $user_array["username"]=$user_a[0];

    113. 

  113.                     $user_array["password"]=$user_a[1];

    114. 

  114.                 }

    115. 

  115. 				if ($username==$user_array["username"] && (md5($password)==$user_array["password"]) || $password==$user_array["password"]) return true;

    116. 

  116. 			}

    117. 

  117. 		}

    118. 

  118. 		return false;

    119. 

  119. 	}

    120. 

  120. 

    121. 

  121. 	public function create_user($username,$password,$email,$group) {

    122. 

  122. 			switch ($this->storage) {

    123. 

  123. 			case "file":

    124. 

  124. 				return $this->create_user_file($username,$password,$email,$group);

    125. 

  125. 			break;

    126. 

  126. 			case "mysql":

    127. 

  127. 				if (!$this->db_handle)

    128. 

  128. 					$this->error->add_error_die("No DB handle!");

    129. 

  129. 				$username=mysql_real_escape_string($username);

    130. 

  130. 				$password=md5($password);

    131. 

  131. 				$find=array("username"=>$username);

    132. 

  132. 				$row=$this->db_handle->get_row("users",$find);

    133. 

  133. 				if (!empty($row))

    134. 

  134. 					return false;	// user with same username already exists!

    135. 

  135. 				$row=array("username"=>$username,"password"=>$password,"email"=>$email,"group"=>$group);

    136. 

  136. 				$this->db_handle->insert_row("users",$row);

    137. 

  137. 				if ($this->db_handle->rows_affected<1)

    138. 

  138. 					return false;

    139. 

  139. 				else

    140. 

  140. 					return true;

    141. 

  141. 				break;

    142. 

  142. 			default:

    143. 

  143. 			return false;

    144. 

  144. 		}

    145. 

  145. 	}

    146. 

  146. 

    147. 

  147. 	private function create_user_file($username,$password,$email,$group) {

    148. 

  148. 		$fh=fopen($userdb,"a");

    149. 

  149. 		$user=array("username"=>$username,"password"=>md5($password),"email"=>$email,"group"=>$group);

    150. 

  150. 		fseek($fh,0,SEEK_END);

    151. 

  151. 		$users=fwrite($fh,serialize($user)."\r\n");

    152. 

  152. 		fclose($fh);

    153. 

  153. 		return true;

    154. 

  154. 	}

    155. 

  155. 

    156. 

  156. 	public function check_session($db,$table,$passwordmethod='md5') {

    157. 

  157. 		switch ($this->storage) {

    158. 

  158. 			case "file":

    159. 

  159. 				return $this->check_session_file($db,$table,$passwordmethod='md5');

    160. 

  160. 			break;

    161. 

  161. 			case "mysql":

    162. 

  162. 				return $this->check_session_mysql($db,$table,$passwordmethod='md5');

    163. 

  163. 			break;

    164. 

  164. 			default:

    165. 

  165. 				$this->error->add_error_die("Uindentified login method!");

    166. 

  166. 		}

    167. 

  167. 		}

    168. 

  168. 

    169. 

  169. 	private function check_session_mysql (mysql &$db,$table="users",$passwordmethod='md5') {

    170. 

  170. 		if (!$db) $this->error->add_error_die("No DB set!");

    171. 

  171. 		session_start();

    172. 

  172. 		$s_username=$_SESSION['s_username'];

    173. 

  173. 		$s_password=$_SESSION['s_password'];

    174. 

  174. 		if (empty($s_username) || empty($s_password)) return false;

    175. 

  175. 		if (empty($_SESSION['online'])) $_SESSION['online']=time();

    176. 

  176. 		switch ($passwordmethod) {

    177. 

  177. 			case "md5":

    178. 

  178. 			$finduser=array("username"=>$s_username,"password"=>md5($s_password));

    179. 

  179. 			break;

    180. 

  180. 			case "sha1":

    181. 

  181. 			$finduser=array("username"=>$s_username,"password"=>sha1($s_password));

    182. 

  182. 			break;

    183. 

  183. 			default:	//plaintext

    184. 

  184. 			$finduser=array("username"=>$s_username,"password"=>$s_password);

    185. 

  185. 		}

    186. 

  186. 		$res=$db->get_row($table,$finduser);

    187. 

  187. 		if (!$res) return false;

    188. 

  188. 		return true;

    189. 

  189. 	}

    190. 

  190. 

    191. 

  191. 	private function check_session_file($db,$table="users",$passwordmethod='md5') {

    192. 

  192. 		if (!empty($db)) $this->error->add_error_die("No DB set!");

    193. 

  193. 		session_start();

    194. 

  194. 		$s_username=$_SESSION['s_username'];

    195. 

  195. 		$s_password=$_SESSION['s_password'];

    196. 

  196. 		if (empty($s_username) || empty($s_password)) return false;

    197. 

  197. 		if (empty($_SESSION['online'])) $_SESSION['online']=time();

    198. 

  198. 		return $this->login_file($s_username,$s_password,$db);

    199. 

  199. 	}

    200. 

  200. 

    201. 

  201. 	public function logout () {

    202. 

  202. 		$_SESSION['s_username']="";

    203. 

  203. 		$_SESSION['s_password']="";

    204. 

  204. 	}

    205. 

  205. 	

    206. 

  206. 	public function get_userinfo () {

    207. 

  207. 		$online=(int) $_SESSION['online'];

    208. 

  208. 		$return_array=array("online_time"=>time()-$online);

    209. 

  209. 		return $return_array;

    210. 

  210. 	}

    211. 

  211. 	

    212. 

  212. }

    213. 

  213. 

    214. 

  214. ?>
    215.