Open Sencillo  2014.008
 All Data Structures Files Functions Variables Pages
session.php
Go to the documentation of this file.
1 <?php
2 /*~ session.php
3 .---------------------------------------------------------------------------.
4 | Software: Sencillo Session |
5 | Version: 2014.002 |
6 | Contact: [email protected] |
7 | ------------------------------------------------------------------------- |
8 | Author: Bc. Peter Horváth (original founder) |
9 | Copyright (c) 2014, Bc. Peter Horváth. All Rights Reserved. |
10 | ------------------------------------------------------------------------- |
11 | License: Distributed under the General Public License (GPL) |
12 | http://www.gnu.org/copyleft/gpl.html |
13 | This program is distributed in the hope that it will be useful - WITHOUT |
14 | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
15 | FITNESS FOR A PARTICULAR PURPOSE. |
16 '---------------------------------------------------------------------------'
17 ~*/
27 class sessionManager
28 {
29  private $i;
30  private $smarray;
31 
35  public function __construct()
36  {
37  session_start();
38  }
39 
45  public function sm_get($name)
46  {
47  if(is_array($name))
48  {
49  $this->i = 0;
50  $this->smarray = array();
51  while(sizeof($name)>$this->i)
52  {
53  $this->smarray[$this->i] = $_SESSION[$name[$this->i++]];
54  }
55  return $this->smarray;
56  }
57  else
58  {
59  return $_SESSION[$name];
60  }
61  }
62 
66  public function sm_destroy()
67  {
68  session_destroy();
69  }
70 }
71 
82 class loginManager extends sessionManager
83 {
84  private $current_time;
85  private $sql;
86 
90  public function __construct()
91  {
92  $this->current_time = array('year'=>date('Y'),
93  'month'=>date('m'),
94  'day'=>date('d'),
95  'hour'=>date('H'),
96  'minute'=>date('i'),
97  'second'=>date('s'),
98  'session'=>date('YmdHis'));
99  }
100 
104  public function lm_install()
105  {
106  $this->sql='
107  CREATE TABLE IF NOT EXISTS `login` (
108  `id` bigint(20) NOT NULL AUTO_INCREMENT,
109  `userid` bigint(20) NOT NULL,
110  `sessionid` longtext NOT NULL,
111  `expiration` int(11) NOT NULL,
112  `perm` int(11) NOT NULL,
113  PRIMARY KEY (`id`)
114  ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=0;
115  ';
116  $mysql->openTable('login');
117  $mysql->write($this->sql);
118  $this->sql='
119  CREATE TABLE IF NOT EXISTS `users` (
120  `userid` bigint(20) NOT NULL AUTO_INCREMENT,
121  `name` longtext NOT NULL,
122  `pass` longtext NOT NULL,
123  `perm` int(4) NOT NULL,
124  PRIMARY KEY (`userid`)
125  ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=0;
126  ';
127  $mysql->openTable('users');
128  $mysql->write($this->sql);
129  }
130 
137  public function lm_addUser($name,$pass,$perm=1000)
138  {
139  $mysql->openTable('users');
140  $mysql->insert("'name',md5('$pass'),$perm");
141  }
142 }
143 
144 $email=$_POST['email'];
145 $pass=md5($_POST['pass']);
146 $cookie1=null;
147 $cookie2=null;
148 $error=null;
149 $LoginExp=3600;
150 $perm=null;
151 if(isset($_POST['email']))
152 {
153  $_SESSION['sessionid'] = session_id();
154  $readsql="SELECT `userid`,`email`,`pass` FROM users WHERE email='$email'";
155  $con = mysql_connect($DBHost, $DBUser, $DBPass);
156  mysql_select_db($DBName, $con);
157 
158  $result = mysql_query($readsql);
159  $row = mysql_fetch_array($result);
160 
161  $LoginExp=time()+$LoginExp;
162  if($_POST['boxremember']==1)
163  {
164  $LoginExp=time()+3600*24*365*4;
165  $perm=1001;
166  }
167  else
168  {
169  $perm=1000;
170  }
171  if(($row["pass"]==$pass)&&($row["email"]==$email))
172  {
173  $userid=$row["userid"];
174  $error=0;
175  $cookie1=USER_GEO.":".$userid.":".$_SESSION['sessionid'];
176  $_SESSION['userid'] = $userid;
177  $cookie2=$userid;
178  $signature=md5($_SESSION['userid'].$_SESSION['sessionid']);
179 
180  $sql="DELETE FROM `login` WHERE `userid` = '$userid';";
181  sql_freecode_ng($DBUser,$DBName,$DBPass,$DBHost,$sql);
182 
183  $sql="INSERT INTO `login` (`id` ,`userid` ,`sessionid` ,`expiration` ,`perm`) VALUES (NULL,'$userid','$cookie1','$LoginExp','$perm');";
184  sql_freecode_ng($DBUser,$DBName,$DBPass,$DBHost,$sql);
185  $sql="INSERT INTO `console` (`id` ,`time` ,`title` ,`data`) VALUES (NULL , NOW(), 'LOGIN', 'user:$userid, ip:".USER_IP.", from:".USER_GEO_TWO.", browser:".USER_BROWSER.", perm:$perm, timeout:$LoginExp.');";
186  sql_freecode_ng($DBUser,$DBName,$DBPass,$DBHost,$sql);
187  }
188  else
189  {
190  $userid=$row["userid"];
191  if($row["pass"]!=$pass)
192  {
193  $error=2;
194  }
195  else
196  {
197  $error=1;
198  }
199  }
200  mysql_close($con);
201  unset($userid,$pass,$sql);
202 }
203 else
204 {
205  $userid=$_COOKIE['uid'];
206  $desissn=$_COOKIE['ulid'];
207  $readsql="SELECT * FROM login WHERE userid='$userid' AND sessionid='$desissn'";
208  $con = mysql_connect($DBHost, $DBUser, $DBPass);
209  mysql_select_db($DBName, $con);
210 
211  $result = mysql_query($readsql);
212  $userid = null;
213  $ssnData = null;
214  while($row = mysql_fetch_array($result))
215  {
216  $id=$row["id"];
217  $userid=$row["userid"];
218  $ssnData=$row["sessionid"];
219  $LoginExp=$row["expiration"];
220  $perm=$row["perm"];
221  }
222  $ssnData=explode(":","$ssnData");
223  $desissn=explode(":","$desissn");
224  $LoginCountry = $ssnData[0];
225  $oldSignature = $ssnData[2];
226  if(($LoginCountry==USER_GEO)&&($userid==$ssnData[1])&&(isset($oldSignature))&&($oldSignature==$desissn[2])&&(time()<$LoginExp))
227  {
228  if($perm==1000)
229  {
230  $LoginExp=time()+3600;
231  }
232  if($perm==1001)
233  {
234  $LoginExp=time()+3600*24*365*4;
235  }
236  $_SESSION['userid'] = $userid;
237  $_SESSION['sessionid'] = $oldSignature;
238  $sql="UPDATE `login` SET expiration='$LoginExp' WHERE id='$id';";
239  sql_freecode_ng($DBUser,$DBName,$DBPass,$DBHost,$sql);
240  $error=0;
241  $signature=md5($_SESSION['userid'].$_SESSION['sessionid'].$desissn[0].":".$desissn[1].":".$desissn[2]);
242  $cookie1=USER_GEO.":".$userid.":".$_SESSION['sessionid'];
243  $cookie2=$userid;
244  $sql="SELECT `userid`,`email` FROM users WHERE userid='$userid'";
245  $con2=mysql_connect($DBHost, $DBUser, $DBPass);
246  mysql_select_db($DBName, $con2);
247  $result=mysql_query($sql);
248  $row2=mysql_fetch_array($result);
249  $email=$row2["email"];
250  mysql_close($con2);
251  }
252  else
253  {
254  $error=3;
255  session_destroy();
256  $cookie1="AntiHack attention";
257  $cookie2="AntiHack attention";
258  $LoginExp=time()+3600;
259  $sql="INSERT INTO `console` (`id` ,`time` ,`title` ,`data`) VALUES (NULL , NOW(), 'ANTIHACK_ATTENTION', 'user:$userid, ip:".USER_IP.", from:".USER_GEO_TWO.", browser:".USER_BROWSER.", action: illegal cookies signature.');";
260  sql_freecode_ng($DBUser,$DBName,$DBPass,$DBHost,$sql);
261  }
262  mysql_close($con);
263 }
264 if($_GET['s']=="exit")
265 {
266  $sql="DELETE FROM `login` WHERE `userid` = '$userid';";
267  sql_freecode_ng($DBUser,$DBName,$DBPass,$DBHost,$sql);
268  session_destroy();
269  unset($signature);
270  $cookie1=0;
271  $cookie2=0;
272  $error=NULL;
273  $LoginExp=time()-7200;
274  $sql="INSERT INTO `console` (`id` ,`time` ,`title` ,`data`) VALUES (NULL , NOW(), 'MANUAL_LOGOUT', 'user:$userid, browser:".USER_BROWSER."');";
275  sql_freecode_ng($DBUser,$DBName,$DBPass,$DBHost,$sql);
276 }
277 unset($con,$con2,$sql,$id,$ssnData,$LoginCountry,$oldSignature,$desissn,$pass,$row,$row2,$result,$userid);
278 /*
279  *
280  * error = 0; //system: OK - access granted
281  * error = null; //system: UNKNOWN STATUS, system continued
282  * error = 1; //system: I/O - ERROR email not exist
283  * error = 2; //system: I/O - ERROR password error
284  * error = 3; //system: DB - ERROR login structured data failed - AntiHack attention
285  *
286  * Session manipulation:
287  * ?s=exit //system get status NULL and unset access signature - system go to logout mode
288  *
289  */
290 //echo("<script>alert('Country:".USER_GEO.";User:".$_SESSION['userid'].";Status:".$error.";Cookies:[".$cookie1."],[".$cookie2."];Exp:".$LoginExp.";SessionID:".$_SESSION['sessionid']."');</script>");
291 ?>
$error
$error
Definition: session.php:148
sessionManager\sm_get
sm_get($name)
Definition: session.php:45
$pass
$pass
Definition: session.php:145
$signature
$signature
Definition: main-config.php:38
$result
$result
Definition: session.php:211
$userid
$userid
Definition: session.php:212
$perm
$perm
Definition: session.php:150
$LoginCountry
$LoginCountry
Definition: session.php:224
$cookie1
$cookie1
Definition: session.php:146
$email
$email
Definition: session.php:144
loginManager\lm_addUser
lm_addUser($name, $pass, $perm=1000)
Definition: session.php:137
USER_GEO
const USER_GEO
Definition: main-config.php:75
$ssnData
$ssnData
Definition: session.php:213
$mysql
$mysql
Definition: core_sql.php:254
$con
$con
Definition: session.php:208
$readsql
$readsql
Definition: session.php:207
$sql
$sql
Definition: session.php:259
USER_BROWSER
const USER_BROWSER
Definition: main-config.php:78
$desissn
$desissn
Definition: session.php:206
$LoginExp
$LoginExp
Definition: session.php:149
$cookie2
$cookie2
Definition: session.php:147
$oldSignature
$oldSignature
Definition: session.php:225
USER_GEO_TWO
const USER_GEO_TWO
Definition: main-config.php:76