root / src / lib / session.lib.php @ a9b72d88
Historique | Voir | Annoter | Télécharger (4,22 ko)
| 1 | d072e29c | Florent Chuffart | <?php
|
|---|---|---|---|
| 2 | d072e29c | Florent Chuffart | // Base sur Ph. Rigaux, OReilly 3e edition.
|
| 3 | d072e29c | Florent Chuffart | // table visitors (login/pwd)
|
| 4 | d072e29c | Florent Chuffart | // table websession
|
| 5 | d072e29c | Florent Chuffart | // Les privileges de labmember_add sont:
|
| 6 | d072e29c | Florent Chuffart | // SELECT sur visitors,
|
| 7 | d072e29c | Florent Chuffart | // et ALL sur sessionWeb
|
| 8 | d072e29c | Florent Chuffart | |
| 9 | d072e29c | Florent Chuffart | function execQry ($qry, $bd) |
| 10 | d072e29c | Florent Chuffart | {
|
| 11 | d072e29c | Florent Chuffart | $result = mysql_query($qry, $bd); |
| 12 | d072e29c | Florent Chuffart | if (!$result) |
| 13 | d072e29c | Florent Chuffart | {
|
| 14 | a9b72d88 | Florent Chuffart | echo "error in execQry ". mysql_error ($bd); |
| 15 | d072e29c | Florent Chuffart | exit;
|
| 16 | d072e29c | Florent Chuffart | } |
| 17 | d072e29c | Florent Chuffart | else
|
| 18 | d072e29c | Florent Chuffart | return $result; |
| 19 | d072e29c | Florent Chuffart | } |
| 20 | d072e29c | Florent Chuffart | |
| 21 | d072e29c | Florent Chuffart | |
| 22 | d072e29c | Florent Chuffart | function CleanOldSessions ($bd) |
| 23 | d072e29c | Florent Chuffart | {
|
| 24 | d072e29c | Florent Chuffart | //erase sessions outdated since 15 days
|
| 25 | d072e29c | Florent Chuffart | $tooOld = date ("U") - 1296000; |
| 26 | d072e29c | Florent Chuffart | $qry = "DELETE FROM websession WHERE time_limit < $tooOld"; |
| 27 | d072e29c | Florent Chuffart | $resultat = execQry ($qry, $bd); |
| 28 | d072e29c | Florent Chuffart | } |
| 29 | d072e29c | Florent Chuffart | |
| 30 | d072e29c | Florent Chuffart | function LoginForm ($nom_script, $login_default = "view") |
| 31 | d072e29c | Florent Chuffart | {
|
| 32 | 0ce29891 | Florent Chuffart | $ret = <<<EOD |
| 33 | 0ce29891 | Florent Chuffart | <div class="centered_form">
|
| 34 | 0ce29891 | Florent Chuffart | <i>To login, cookies must be enabled on your browser</i>
|
| 35 | 0ce29891 | Florent Chuffart | <br/>
|
| 36 | 0ce29891 | Florent Chuffart | <br/>
|
| 37 | 0ce29891 | Florent Chuffart | <form method="post" action="$nom_script">
|
| 38 | 0ce29891 | Florent Chuffart | <fieldset>
|
| 39 | 0ce29891 | Florent Chuffart | <legend >Log In</legend>
|
| 40 | 0ce29891 | Florent Chuffart | <input type="text" id="Login" value="$login_default" name="visitor_login"/>
|
| 41 | 0ce29891 | Florent Chuffart | <label style="margin: 5px;" for="MyText" > username</label><br/>
|
| 42 | 0ce29891 | Florent Chuffart | <input type="password" id="Pwd" name="visitor_pwd" value=""/>
|
| 43 | 0ce29891 | Florent Chuffart | <label style="margin: 5px;" for="MyText" > password</label><br/>
|
| 44 | 0ce29891 | Florent Chuffart | <input type="submit" id="MyButton" value="Submit"/>
|
| 45 | 0ce29891 | Florent Chuffart | </fieldset>
|
| 46 | 0ce29891 | Florent Chuffart | </form>
|
| 47 | 0ce29891 | Florent Chuffart | </div>
|
| 48 | 0ce29891 | Florent Chuffart | EOD;
|
| 49 | 0ce29891 | Florent Chuffart | echo $ret; |
| 50 | d072e29c | Florent Chuffart | } |
| 51 | d072e29c | Florent Chuffart | |
| 52 | d072e29c | Florent Chuffart | |
| 53 | d072e29c | Florent Chuffart | function get_visitor ($login, $bd) { |
| 54 | d072e29c | Florent Chuffart | $log = substr($login, 0, 3); |
| 55 | d072e29c | Florent Chuffart | $qry = "SELECT * FROM visitors WHERE `login` LIKE '%$log%'"; |
| 56 | d072e29c | Florent Chuffart | $result = mysql_query($qry, $bd); |
| 57 | d072e29c | Florent Chuffart | while($vis = mysql_fetch_object($result)) { |
| 58 | d072e29c | Florent Chuffart | if ($vis->login == substr($login, 0, strlen($vis->login))) { |
| 59 | d072e29c | Florent Chuffart | if ($vis->target_table != "all"){ |
| 60 | d072e29c | Florent Chuffart | $vis->target_table = substr($login, strlen($vis->login)); |
| 61 | d072e29c | Florent Chuffart | } |
| 62 | d072e29c | Florent Chuffart | return $vis; |
| 63 | d072e29c | Florent Chuffart | } |
| 64 | d072e29c | Florent Chuffart | } |
| 65 | d072e29c | Florent Chuffart | return NULL; |
| 66 | d072e29c | Florent Chuffart | } |
| 67 | d072e29c | Florent Chuffart | |
| 68 | d072e29c | Florent Chuffart | function create_session ($bd, $login, $pwd, $id_session){ |
| 69 | d072e29c | Florent Chuffart | $visitor = get_visitor ($login, $bd); |
| 70 | d072e29c | Florent Chuffart | //L'internaute existe-t-il?
|
| 71 | d072e29c | Florent Chuffart | if (is_object($visitor)) { |
| 72 | d072e29c | Florent Chuffart | //verif du mot de passe
|
| 73 | d072e29c | Florent Chuffart | if ($visitor->pwd == md5($pwd)) { |
| 74 | d072e29c | Florent Chuffart | // on insere une session de trente minutes dans table websession
|
| 75 | 3fb9b24c | Florent Chuffart | $time_limit = date ("U") + SESSION_DURATION; |
| 76 | d072e29c | Florent Chuffart | $insSession = "INSERT INTO websession (id_session, login, " |
| 77 | d072e29c | Florent Chuffart | . "time_limit, target_table, "
|
| 78 | d072e29c | Florent Chuffart | . "mode) VALUES ('$id_session', '$login', '$time_limit', '$visitor->target_table', '$visitor->mode')";
|
| 79 | d072e29c | Florent Chuffart | $resultat = execQry ($insSession, $bd); |
| 80 | d072e29c | Florent Chuffart | return TRUE; |
| 81 | d072e29c | Florent Chuffart | } else {
|
| 82 | d072e29c | Florent Chuffart | echo "<B> Sorry, incorrect password for $login !</B><P>"; |
| 83 | d072e29c | Florent Chuffart | return FALSE; |
| 84 | d072e29c | Florent Chuffart | } |
| 85 | d072e29c | Florent Chuffart | } else {
|
| 86 | d072e29c | Florent Chuffart | echo "<B>Sorry, $login is not a registered login!</B><P>"; |
| 87 | d072e29c | Florent Chuffart | return FALSE; |
| 88 | d072e29c | Florent Chuffart | } |
| 89 | d072e29c | Florent Chuffart | } |
| 90 | d072e29c | Florent Chuffart | |
| 91 | d072e29c | Florent Chuffart | //check session validity, destroy if not
|
| 92 | d072e29c | Florent Chuffart | function is_valid_session ($session, $bd) { |
| 93 | d072e29c | Florent Chuffart | //is time over?
|
| 94 | d072e29c | Florent Chuffart | $now = date ("U"); |
| 95 | d072e29c | Florent Chuffart | if ($session->time_limit < $now) { |
| 96 | d072e29c | Florent Chuffart | session_destroy(); |
| 97 | d072e29c | Florent Chuffart | $destr = "DELETE FROM websession WHERE id_session='$session->id_session'"; |
| 98 | d072e29c | Florent Chuffart | $resultat = execQry ($destr, $bd); |
| 99 | d072e29c | Florent Chuffart | } else { //session is valid |
| 100 | d072e29c | Florent Chuffart | return TRUE; |
| 101 | d072e29c | Florent Chuffart | } |
| 102 | d072e29c | Florent Chuffart | } |
| 103 | d072e29c | Florent Chuffart | |
| 104 | d072e29c | Florent Chuffart | |
| 105 | d072e29c | Florent Chuffart | function get_session ($id_session, $bd) { |
| 106 | d072e29c | Florent Chuffart | $qry = "SELECT * FROM websession WHERE `id_session` = '$id_session'"; |
| 107 | d072e29c | Florent Chuffart | while($sess = mysql_fetch_object(execQry ($qry, $bd))) { |
| 108 | d072e29c | Florent Chuffart | if ($sess->id_session == $id_session) { |
| 109 | d072e29c | Florent Chuffart | return $sess; |
| 110 | d072e29c | Florent Chuffart | } |
| 111 | d072e29c | Florent Chuffart | } |
| 112 | d072e29c | Florent Chuffart | return NULL; |
| 113 | d072e29c | Florent Chuffart | } |
| 114 | d072e29c | Florent Chuffart | |
| 115 | d072e29c | Florent Chuffart | // main function for access control
|
| 116 | d072e29c | Florent Chuffart | function control_access ($nom_script, $infos_login, $id_session, $bd) { |
| 117 | d072e29c | Florent Chuffart | //recherche la session
|
| 118 | d072e29c | Florent Chuffart | $session_courante = get_session ($id_session, $bd); |
| 119 | d072e29c | Florent Chuffart | //cas 1: la session existe, on verifie sa validite
|
| 120 | d072e29c | Florent Chuffart | if (is_object($session_courante)) { |
| 121 | d072e29c | Florent Chuffart | // la session existe, est-elle valide?
|
| 122 | d072e29c | Florent Chuffart | if (is_valid_session ($session_courante, $bd)) { |
| 123 | d072e29c | Florent Chuffart | // on renvoie l'objet session
|
| 124 | d072e29c | Florent Chuffart | return $session_courante; |
| 125 | d072e29c | Florent Chuffart | } else {
|
| 126 | d072e29c | Florent Chuffart | echo "<B> Your session is not (or no longer) valid.<P></B>\n"; |
| 127 | d072e29c | Florent Chuffart | } |
| 128 | d072e29c | Florent Chuffart | } |
| 129 | d072e29c | Florent Chuffart | // Cas 2.a: La session n'existe pas mais un login et pwd ont ete fournis
|
| 130 | d072e29c | Florent Chuffart | if (isset($infos_login['visitor_login']) & isset($infos_login['visitor_pwd'])) { |
| 131 | d072e29c | Florent Chuffart | // Les login/pwd sont-ils corrects?
|
| 132 | d072e29c | Florent Chuffart | if (create_session ($bd, $infos_login['visitor_login'], $infos_login['visitor_pwd'], $id_session)) { |
| 133 | d072e29c | Florent Chuffart | // on renvoie l'object session
|
| 134 | d072e29c | Florent Chuffart | return get_session ($id_session, $bd); |
| 135 | d072e29c | Florent Chuffart | } else {
|
| 136 | d072e29c | Florent Chuffart | echo "<B> Identification failed.<P></B>\n"; |
| 137 | d072e29c | Florent Chuffart | } |
| 138 | d072e29c | Florent Chuffart | } |
| 139 | d072e29c | Florent Chuffart | // Cas 2.b: La session n'existe pas
|
| 140 | d072e29c | Florent Chuffart | // et il faut afficher le formulaire d'identification
|
| 141 | d072e29c | Florent Chuffart | LoginForm ($nom_script); |
| 142 | d072e29c | Florent Chuffart | } |
| 143 | d072e29c | Florent Chuffart | |
| 144 | d072e29c | Florent Chuffart | |
| 145 | d072e29c | Florent Chuffart | ?> |