root / src / lib / session.lib.php @ a9b72d88
Historique | Voir | Annoter | Télécharger (4,22 ko)
| 1 |
<?php
|
|---|---|
| 2 |
// Base sur Ph. Rigaux, OReilly 3e edition.
|
| 3 |
// table visitors (login/pwd)
|
| 4 |
// table websession
|
| 5 |
// Les privileges de labmember_add sont:
|
| 6 |
// SELECT sur visitors,
|
| 7 |
// et ALL sur sessionWeb
|
| 8 |
|
| 9 |
function execQry ($qry, $bd) |
| 10 |
{
|
| 11 |
$result = mysql_query($qry, $bd); |
| 12 |
if (!$result) |
| 13 |
{
|
| 14 |
echo "error in execQry ". mysql_error ($bd); |
| 15 |
exit;
|
| 16 |
} |
| 17 |
else
|
| 18 |
return $result; |
| 19 |
} |
| 20 |
|
| 21 |
|
| 22 |
function CleanOldSessions ($bd) |
| 23 |
{
|
| 24 |
//erase sessions outdated since 15 days
|
| 25 |
$tooOld = date ("U") - 1296000; |
| 26 |
$qry = "DELETE FROM websession WHERE time_limit < $tooOld"; |
| 27 |
$resultat = execQry ($qry, $bd); |
| 28 |
} |
| 29 |
|
| 30 |
function LoginForm ($nom_script, $login_default = "view") |
| 31 |
{
|
| 32 |
$ret = <<<EOD |
| 33 |
<div class="centered_form">
|
| 34 |
<i>To login, cookies must be enabled on your browser</i>
|
| 35 |
<br/>
|
| 36 |
<br/>
|
| 37 |
<form method="post" action="$nom_script">
|
| 38 |
<fieldset>
|
| 39 |
<legend >Log In</legend>
|
| 40 |
<input type="text" id="Login" value="$login_default" name="visitor_login"/>
|
| 41 |
<label style="margin: 5px;" for="MyText" > username</label><br/>
|
| 42 |
<input type="password" id="Pwd" name="visitor_pwd" value=""/>
|
| 43 |
<label style="margin: 5px;" for="MyText" > password</label><br/>
|
| 44 |
<input type="submit" id="MyButton" value="Submit"/>
|
| 45 |
</fieldset>
|
| 46 |
</form>
|
| 47 |
</div>
|
| 48 |
EOD;
|
| 49 |
echo $ret; |
| 50 |
} |
| 51 |
|
| 52 |
|
| 53 |
function get_visitor ($login, $bd) { |
| 54 |
$log = substr($login, 0, 3); |
| 55 |
$qry = "SELECT * FROM visitors WHERE `login` LIKE '%$log%'"; |
| 56 |
$result = mysql_query($qry, $bd); |
| 57 |
while($vis = mysql_fetch_object($result)) { |
| 58 |
if ($vis->login == substr($login, 0, strlen($vis->login))) { |
| 59 |
if ($vis->target_table != "all"){ |
| 60 |
$vis->target_table = substr($login, strlen($vis->login)); |
| 61 |
} |
| 62 |
return $vis; |
| 63 |
} |
| 64 |
} |
| 65 |
return NULL; |
| 66 |
} |
| 67 |
|
| 68 |
function create_session ($bd, $login, $pwd, $id_session){ |
| 69 |
$visitor = get_visitor ($login, $bd); |
| 70 |
//L'internaute existe-t-il?
|
| 71 |
if (is_object($visitor)) { |
| 72 |
//verif du mot de passe
|
| 73 |
if ($visitor->pwd == md5($pwd)) { |
| 74 |
// on insere une session de trente minutes dans table websession
|
| 75 |
$time_limit = date ("U") + SESSION_DURATION; |
| 76 |
$insSession = "INSERT INTO websession (id_session, login, " |
| 77 |
. "time_limit, target_table, "
|
| 78 |
. "mode) VALUES ('$id_session', '$login', '$time_limit', '$visitor->target_table', '$visitor->mode')";
|
| 79 |
$resultat = execQry ($insSession, $bd); |
| 80 |
return TRUE; |
| 81 |
} else {
|
| 82 |
echo "<B> Sorry, incorrect password for $login !</B><P>"; |
| 83 |
return FALSE; |
| 84 |
} |
| 85 |
} else {
|
| 86 |
echo "<B>Sorry, $login is not a registered login!</B><P>"; |
| 87 |
return FALSE; |
| 88 |
} |
| 89 |
} |
| 90 |
|
| 91 |
//check session validity, destroy if not
|
| 92 |
function is_valid_session ($session, $bd) { |
| 93 |
//is time over?
|
| 94 |
$now = date ("U"); |
| 95 |
if ($session->time_limit < $now) { |
| 96 |
session_destroy(); |
| 97 |
$destr = "DELETE FROM websession WHERE id_session='$session->id_session'"; |
| 98 |
$resultat = execQry ($destr, $bd); |
| 99 |
} else { //session is valid |
| 100 |
return TRUE; |
| 101 |
} |
| 102 |
} |
| 103 |
|
| 104 |
|
| 105 |
function get_session ($id_session, $bd) { |
| 106 |
$qry = "SELECT * FROM websession WHERE `id_session` = '$id_session'"; |
| 107 |
while($sess = mysql_fetch_object(execQry ($qry, $bd))) { |
| 108 |
if ($sess->id_session == $id_session) { |
| 109 |
return $sess; |
| 110 |
} |
| 111 |
} |
| 112 |
return NULL; |
| 113 |
} |
| 114 |
|
| 115 |
// main function for access control
|
| 116 |
function control_access ($nom_script, $infos_login, $id_session, $bd) { |
| 117 |
//recherche la session
|
| 118 |
$session_courante = get_session ($id_session, $bd); |
| 119 |
//cas 1: la session existe, on verifie sa validite
|
| 120 |
if (is_object($session_courante)) { |
| 121 |
// la session existe, est-elle valide?
|
| 122 |
if (is_valid_session ($session_courante, $bd)) { |
| 123 |
// on renvoie l'objet session
|
| 124 |
return $session_courante; |
| 125 |
} else {
|
| 126 |
echo "<B> Your session is not (or no longer) valid.<P></B>\n"; |
| 127 |
} |
| 128 |
} |
| 129 |
// Cas 2.a: La session n'existe pas mais un login et pwd ont ete fournis
|
| 130 |
if (isset($infos_login['visitor_login']) & isset($infos_login['visitor_pwd'])) { |
| 131 |
// Les login/pwd sont-ils corrects?
|
| 132 |
if (create_session ($bd, $infos_login['visitor_login'], $infos_login['visitor_pwd'], $id_session)) { |
| 133 |
// on renvoie l'object session
|
| 134 |
return get_session ($id_session, $bd); |
| 135 |
} else {
|
| 136 |
echo "<B> Identification failed.<P></B>\n"; |
| 137 |
} |
| 138 |
} |
| 139 |
// Cas 2.b: La session n'existe pas
|
| 140 |
// et il faut afficher le formulaire d'identification
|
| 141 |
LoginForm ($nom_script); |
| 142 |
} |
| 143 |
|
| 144 |
|
| 145 |
?>
|