author | Dan |
Fri, 12 Jun 2009 11:38:43 -0400 | |
changeset 73 | 1f55c324efcf |
parent 44 | 92dd253f501c |
child 74 | 7719085707d8 |
permissions | -rw-r--r-- |
44
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
1 |
<?php |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
2 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
3 |
/** |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
4 |
* Greyhound - real web management for Amarok |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
5 |
* Copyright (C) 2008 Dan Fuhry |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
6 |
* |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
7 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
8 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
9 |
* |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
10 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
11 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
12 |
*/ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
13 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
14 |
function greyhound_login_page($httpd, $socket) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
15 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
16 |
if ( session_check() ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
17 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
18 |
$httpd->header('HTTP/1.1 307 Temporary Redirect'); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
19 |
$httpd->header('Location: /'); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
20 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
21 |
return; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
22 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
23 |
$tried = false; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
24 |
$success = false; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
25 |
if ( isset($_POST['username']) && isset($_POST['password']) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
26 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
27 |
$tried = true; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
28 |
if ( $sessionid = login($_POST['username'], $_POST['password']) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
29 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
30 |
$success = true; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
31 |
$httpd->setcookie('grey_session', $sessionid, time() + ( 86400 * 3650 )); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
32 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
33 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
34 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
35 |
global $theme; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
36 |
$iphone = ( ( strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') || |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
37 |
strpos($_SERVER['HTTP_USER_AGENT'], 'iPod') || |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
38 |
strpos($_SERVER['HTTP_USER_AGENT'], 'BlackBerry') || |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
39 |
isset($_GET['m']) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
40 |
&& !isset($_GET['f']) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
41 |
); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
42 |
$theme_id = ( $iphone ) ? 'iphone' : $theme; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
43 |
$smarty = load_theme($theme_id); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
44 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
45 |
$smarty->assign('theme', $theme_id); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
46 |
$smarty->assign('greyhound_version', GREY_VERSION); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
47 |
$smarty->assign('tried', $tried); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
48 |
$smarty->assign('success', $success); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
49 |
$smarty->display('login.tpl'); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
50 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
51 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
52 |
function greyhound_logout($httpd, $socket) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
53 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
54 |
// destroy the session |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
55 |
if ( isset($_COOKIE['grey_session']) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
56 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
57 |
load_session_data(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
58 |
global $session_data; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
59 |
unset($session_data[$_COOKIE['grey_session']]); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
60 |
session_commit_db(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
61 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
62 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
63 |
$httpd->setcookie('grey_session', '', time() - 864000); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
64 |
$httpd->header('HTTP/1.1 307 Temporary Redirect'); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
65 |
$httpd->header('Location: /'); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
66 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
67 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
68 |
/** |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
69 |
* Check to see if we're logged in |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
70 |
*/ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
71 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
72 |
function session_check() |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
73 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
74 |
global $use_auth, $auth_data; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
75 |
if ( isset($_COOKIE['grey_session']) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
76 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
77 |
load_session_data(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
78 |
global $session_data; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
79 |
if ( isset($session_data[$_COOKIE['grey_session']]) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
80 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
81 |
// has a cookie with a valid session ID, check credentials |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
82 |
$session =& $session_data[$_COOKIE['grey_session']]; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
83 |
if ( isset($auth_data[$session['user']]) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
84 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
85 |
if ( $session['hash'] === md5($auth_data[$session['user']] . $session['salt']) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
86 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
87 |
// session is valid, logged in |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
88 |
return true; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
89 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
90 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
91 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
92 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
93 |
return ( $use_auth ) ? false : true; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
94 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
95 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
96 |
function login($username, $password) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
97 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
98 |
global $use_auth, $auth_data; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
99 |
if ( !$use_auth ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
100 |
return false; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
101 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
102 |
if ( isset($auth_data[$username]) ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
103 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
104 |
if ( $auth_data[$username] === $password ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
105 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
106 |
return create_session($username, $password); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
107 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
108 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
109 |
return false; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
110 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
111 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
112 |
function create_session($username, $password) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
113 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
114 |
load_session_data(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
115 |
global $session_data; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
116 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
117 |
$sessid = md5(sha1(microtime() . mt_rand())); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
118 |
$salt = md5(sha1(md5(mt_rand() . microtime() . microtime() . mt_rand()))); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
119 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
120 |
$session_data[$sessid] = array( |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
121 |
'user' => $username, |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
122 |
'hash' => md5($password . $salt), |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
123 |
'salt' => $salt |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
124 |
); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
125 |
session_commit_db(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
126 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
127 |
return $sessid; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
128 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
129 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
130 |
function var_export_string($arr) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
131 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
132 |
ob_start(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
133 |
var_export($arr); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
134 |
$r = ob_get_contents(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
135 |
ob_end_clean(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
136 |
return $r; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
137 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
138 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
139 |
function session_commit_db() |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
140 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
141 |
global $session_data; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
142 |
$d = var_export_string($session_data); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
143 |
$fp = @fopen('./session_db.php', 'w'); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
144 |
if ( !$fp ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
145 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
146 |
warning('Could not open the session database for writing. Logins may not work.'); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
147 |
return false; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
148 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
149 |
$d = <<<EOF |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
150 |
<?php |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
151 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
152 |
// Automatically generated session database for Greyhound. Do not edit this file! |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
153 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
154 |
\$GLOBALS['session_data'] = $d; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
155 |
EOF; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
156 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
157 |
fwrite($fp, $d); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
158 |
fclose($fp); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
159 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
160 |
return true; |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
161 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
162 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
163 |
function load_session_data() |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
164 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
165 |
if ( file_exists('./session_db.php') ) |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
166 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
167 |
require('./session_db.php'); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
168 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
169 |
else |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
170 |
{ |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
171 |
$GLOBALS['session_data'] = array(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
172 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
173 |
} |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
174 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
175 |
$session_data = array(); |
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
176 |
|
92dd253f501c
First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff
changeset
|
177 |
?> |