SimpleSession.php
Código PHP:
Ver original<?php
/**
* @copyright 2010
*/
// Error code constants
define('LOGIN_ACCESS_NO_ATTEMPT', -1); define('LOGIN_ACCESS_GRANTED', 0); define('LOGIN_ACCESS_ERROR_ATTEMPT_FAILED', 1); define('LOGIN_ACCESS_ERROR_NONEXISTENT_ACCOUNT', 2); define('LOGIN_ACCESS_ERROR_UNAUTHORIZED_ACCOUNT', 3); define('LOGIN_ACCESS_ERROR_UNVALIDATED_ACCOUNT', 4); define('LOGIN_ACCESS_ERROR_BLOCKED_ACCOUNT', 5); define('LOGIN_ACCESS_ERROR_MISSING_USERNAME', 6); define('LOGIN_ACCESS_ERROR_MISSING_PASSWORD', 7); define('LOGIN_ACCESS_ERROR_UNKNOWN_ERROR', 8);
// Session data encryption keys
define('SESSION_DATA_ENCRYPTION_KEY_1', '944672318'); define('SESSION_DATA_ENCRYPTION_KEY_2', '410344323');
/**
* Simple Login Management
*
* @package SimpleSession
* @subpackage SimpleLogin
* @copyright 2010
* @version 0.1
*/
abstract class SimpleLogin {
/**
* Authentification salt
*
* @access private
* @var string
*/
private $auth_salt = '$1$CZ..jd4.$XUyjB06VQ7K.E3yKw7hXh/';
/**
* Login status
*
* @access public
* @var integer
*/
public $status = LOGIN_ACCESS_NO_ATTEMPT;
/**
* Login
*
* @access public
* @return void
*/
public function login($username = '', $password = '') {
if ($this->logged_in())
return;
$username = trim($username); $password = trim($password);
if (!$username or
empty($username)) { $this->status = LOGIN_ACCESS_ERROR_MISSING_USERNAME;
return;
} else if (!$password or
empty($password)) { $this->status = LOGIN_ACCESS_ERROR_MISSING_PASSWORD;
return;
}
// Encrypt password
$password = crypt($password, $this->auth_salt);
// Build and execute query
$query_sentence = "
SELECT
id, account_name, account_pass, account_type, account_status
FROM
{$this->mysql->tables['users']}
WHERE
account_name = '%s'
";
$this->mysql->query(sprintf($query_sentence, $this->mysql->escape($username)));
// If user exists...
if ($this->mysql->affected_rows > 0) {
$row = $this->mysql->query_result[0];
$this->mysql->clean();
// 0 => Administrator, 1 => Moderator, 2 => User
// Allow administrators and moderators only
if ((int)$row->account_type > 1) {
$this->status = LOGIN_ACCESS_ERROR_UNAUTHORIZED_ACCOUNT;
return;
}
// Check whether the user account is unvalidated
if ((int)$row->account_status == 0) {
$this->status = LOGIN_ACCESS_ERROR_UNVALIDATED_ACCOUNT;
return;
}
// Check user password
if (substr($password, 0, 32) == $row->account_pass) {
// Now we check if the user account has been blocked
if ((int)$row->account_status == -1) {
$this->status = LOGIN_ACCESS_ERROR_BLOCKED_ACCOUNT;
return;
} else if ((int)$row->account_status == 1) {
$this->status = LOGIN_ACCESS_GRANTED;
$this->data->account_id = (int)$row->id;
$this->data->account_name = $row->account_name;
$this->data->account_type = (int)$row->account_type;
$this->data->access = true;
$this->regenerate_id(true);
return;
}
} else {
$this->status = LOGIN_ACCESS_ERROR_ATTEMPT_FAILED;
return;
}
} else {
$this->status = LOGIN_ACCESS_ERROR_NONEXISTENT_ACCOUNT;
return;
}
}
public function logout() {
if ($this->logged_in())
$this->destroy();
}
/**
* Check if user is logged in
*
* @access public
* @return boolean
*/
public function logged_in() {
if (!isset($this->data->account_name)) unset($this->data->access); else {
$username = trim($this->data->account_name); if (!$username or
empty($username)) { unset($this->data->account_id); unset($this->data->account_name); unset($this->data->account_type); unset($this->data->access); }
} return $this->data->access;
}
}
// Continua...
?>