From a4565e88edbc8e3bd092a475469769c86a4c350c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Fri, 2 Aug 2013 22:40:51 +0200 Subject: add Twig & refactor poche --- inc/3rdparty/Session.class.php | 136 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 inc/3rdparty/Session.class.php (limited to 'inc/3rdparty/Session.class.php') diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php new file mode 100644 index 00000000..eff924cc --- /dev/null +++ b/inc/3rdparty/Session.class.php @@ -0,0 +1,136 @@ + $value) { + $_SESSION[$key] = $value; + } + if ($login==$login_test && $password==$password_test){ + // generate unique random number to sign forms (HMAC) + $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); + $_SESSION['info']=Session::_allInfos(); + $_SESSION['username']=$login; + // Set session expiration. + $_SESSION['expires_on']=time()+Session::$inactivity_timeout; + return true; + } + return false; + } + + // Force logout + public static function logout() + { + unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass']); + } + + // Make sure user is logged in. + public static function isLogged() + { + if (!isset ($_SESSION['uid']) + || $_SESSION['info']!=Session::_allInfos() + || time()>=$_SESSION['expires_on']){ + Session::logout(); + return false; + } + // User accessed a page : Update his/her session expiration date. + $_SESSION['expires_on']=time()+Session::$inactivity_timeout; + return true; + } + + // Returns a token. + public static function getToken() + { + if (!isset($_SESSION['tokens'])){ + $_SESSION['tokens']=array(); + } + // We generate a random string and store it on the server side. + $rnd = sha1(uniqid('',true).'_'.mt_rand()); + $_SESSION['tokens'][$rnd]=1; + return $rnd; + } + + // Tells if a token is ok. Using this function will destroy the token. + // return true if token is ok. + public static function isToken($token) + { + if (isset($_SESSION['tokens'][$token])) + { + unset($_SESSION['tokens'][$token]); // Token is used: destroy it. + return true; // Token is ok. + } + return false; // Wrong token, or already used. + } +} \ No newline at end of file -- cgit v1.2.3 From 8d3275bee488d058c6ff0efe6e81d20a584d3709 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Tue, 6 Aug 2013 15:51:48 +0200 Subject: multi user --- inc/3rdparty/Session.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/3rdparty/Session.class.php') diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php index eff924cc..3162f507 100644 --- a/inc/3rdparty/Session.class.php +++ b/inc/3rdparty/Session.class.php @@ -93,7 +93,7 @@ class Session // Force logout public static function logout() { - unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass']); + unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['poche_user']); } // Make sure user is logged in. -- cgit v1.2.3