root / src / lib / session.lib.php @ d072e29c
Historique | Voir | Annoter | Télécharger (4,78 ko)
| 1 | d072e29c | Florent Chuffart | <?php
|
|---|---|---|---|
| 2 | d072e29c | Florent Chuffart | // Base sur Ph. Rigaux, OReilly 3e edition.
|
| 3 | d072e29c | Florent Chuffart | // table visitors (login/pwd)
|
| 4 | d072e29c | Florent Chuffart | // table websession
|
| 5 | d072e29c | Florent Chuffart | // Les privileges de labmember_add sont:
|
| 6 | d072e29c | Florent Chuffart | // SELECT sur visitors,
|
| 7 | d072e29c | Florent Chuffart | // et ALL sur sessionWeb
|
| 8 | d072e29c | Florent Chuffart | |
| 9 | d072e29c | Florent Chuffart | require_once 'lib/form.cls.php'; |
| 10 | d072e29c | Florent Chuffart | |
| 11 | d072e29c | Florent Chuffart | function execQry ($qry, $bd) |
| 12 | d072e29c | Florent Chuffart | {
|
| 13 | d072e29c | Florent Chuffart | $result = mysql_query($qry, $bd); |
| 14 | d072e29c | Florent Chuffart | if (!$result) |
| 15 | d072e29c | Florent Chuffart | {
|
| 16 | d072e29c | Florent Chuffart | echo "error in execQry ". mysql_error ($db); |
| 17 | d072e29c | Florent Chuffart | exit;
|
| 18 | d072e29c | Florent Chuffart | } |
| 19 | d072e29c | Florent Chuffart | else
|
| 20 | d072e29c | Florent Chuffart | return $result; |
| 21 | d072e29c | Florent Chuffart | } |
| 22 | d072e29c | Florent Chuffart | |
| 23 | d072e29c | Florent Chuffart | |
| 24 | d072e29c | Florent Chuffart | function CleanOldSessions ($bd) |
| 25 | d072e29c | Florent Chuffart | {
|
| 26 | d072e29c | Florent Chuffart | //erase sessions outdated since 15 days
|
| 27 | d072e29c | Florent Chuffart | $tooOld = date ("U") - 1296000; |
| 28 | d072e29c | Florent Chuffart | $qry = "DELETE FROM websession WHERE time_limit < $tooOld"; |
| 29 | d072e29c | Florent Chuffart | $resultat = execQry ($qry, $bd); |
| 30 | d072e29c | Florent Chuffart | } |
| 31 | d072e29c | Florent Chuffart | |
| 32 | d072e29c | Florent Chuffart | // uses form class from "form.cls.php"
|
| 33 | d072e29c | Florent Chuffart | function LoginForm ($nom_script, $login_default = "view") |
| 34 | d072e29c | Florent Chuffart | {
|
| 35 | d072e29c | Florent Chuffart | $form = new form (); |
| 36 | d072e29c | Florent Chuffart | |
| 37 | d072e29c | Florent Chuffart | $form -> openForm (array ('action' => "$nom_script", 'id' => 'LoginForm')); |
| 38 | d072e29c | Florent Chuffart | $form -> openFieldset (array ('style' => 'border:1px dotted red; width: 300px;')); |
| 39 | d072e29c | Florent Chuffart | $form -> addLegend ('Please Login'); |
| 40 | d072e29c | Florent Chuffart | |
| 41 | d072e29c | Florent Chuffart | $form -> addInput ('text', array ('id' => 'Login', 'value' => "$login_default", 'name' => 'visitor_login', 'test' => 'test')); |
| 42 | d072e29c | Florent Chuffart | $form -> addLabel (' login', array ('for' => 'MyText', 'style' => 'margin: 5px;')); |
| 43 | d072e29c | Florent Chuffart | $form -> addAnything ('<br /><br />'); |
| 44 | d072e29c | Florent Chuffart | |
| 45 | d072e29c | Florent Chuffart | $form -> addInput ('password', array ('id' => 'Pwd', 'value' => '', 'name' => 'visitor_pwd', 'test' => 'test')); |
| 46 | d072e29c | Florent Chuffart | $form -> addLabel (' password', array ('for' => 'MyText', 'style' => 'margin: 5px;')); |
| 47 | d072e29c | Florent Chuffart | $form -> addAnything ('<br /><br />'); |
| 48 | d072e29c | Florent Chuffart | |
| 49 | d072e29c | Florent Chuffart | $form -> addInput ('submit', array ('id' => 'MyButton', 'value' => 'Submit', 'test' => 'test')); |
| 50 | d072e29c | Florent Chuffart | $form -> closeFieldset ();
|
| 51 | d072e29c | Florent Chuffart | $form -> closeForm ();
|
| 52 | d072e29c | Florent Chuffart | |
| 53 | d072e29c | Florent Chuffart | echo '<br><I>To login, cookies must be enabled on your browser</I><br><br>'; |
| 54 | d072e29c | Florent Chuffart | echo '<div >';//style="border: 1px solid darkgrey; text-align: center; width: 310px;">'; |
| 55 | d072e29c | Florent Chuffart | // on l'affiche
|
| 56 | d072e29c | Florent Chuffart | echo $form; |
| 57 | d072e29c | Florent Chuffart | echo '</div>'; |
| 58 | d072e29c | Florent Chuffart | |
| 59 | d072e29c | Florent Chuffart | echo '</body>'; |
| 60 | d072e29c | Florent Chuffart | echo '</html>'; |
| 61 | d072e29c | Florent Chuffart | } |
| 62 | d072e29c | Florent Chuffart | |
| 63 | d072e29c | Florent Chuffart | |
| 64 | d072e29c | Florent Chuffart | function get_visitor ($login, $bd) { |
| 65 | d072e29c | Florent Chuffart | $log = substr($login, 0, 3); |
| 66 | d072e29c | Florent Chuffart | $qry = "SELECT * FROM visitors WHERE `login` LIKE '%$log%'"; |
| 67 | d072e29c | Florent Chuffart | $result = mysql_query($qry, $bd); |
| 68 | d072e29c | Florent Chuffart | while($vis = mysql_fetch_object($result)) { |
| 69 | d072e29c | Florent Chuffart | if ($vis->login == substr($login, 0, strlen($vis->login))) { |
| 70 | d072e29c | Florent Chuffart | if ($vis->target_table != "all"){ |
| 71 | d072e29c | Florent Chuffart | $vis->target_table = substr($login, strlen($vis->login)); |
| 72 | d072e29c | Florent Chuffart | } |
| 73 | d072e29c | Florent Chuffart | return $vis; |
| 74 | d072e29c | Florent Chuffart | } |
| 75 | d072e29c | Florent Chuffart | } |
| 76 | d072e29c | Florent Chuffart | return NULL; |
| 77 | d072e29c | Florent Chuffart | } |
| 78 | d072e29c | Florent Chuffart | |
| 79 | d072e29c | Florent Chuffart | function create_session ($bd, $login, $pwd, $id_session){ |
| 80 | d072e29c | Florent Chuffart | $visitor = get_visitor ($login, $bd); |
| 81 | d072e29c | Florent Chuffart | //L'internaute existe-t-il?
|
| 82 | d072e29c | Florent Chuffart | if (is_object($visitor)) { |
| 83 | d072e29c | Florent Chuffart | //verif du mot de passe
|
| 84 | d072e29c | Florent Chuffart | if ($visitor->pwd == md5($pwd)) { |
| 85 | d072e29c | Florent Chuffart | // on insere une session de trente minutes dans table websession
|
| 86 | d072e29c | Florent Chuffart | $time_limit = date ("U") + 1800; |
| 87 | d072e29c | Florent Chuffart | $insSession = "INSERT INTO websession (id_session, login, " |
| 88 | d072e29c | Florent Chuffart | . "time_limit, target_table, "
|
| 89 | d072e29c | Florent Chuffart | . "mode) VALUES ('$id_session', '$login', '$time_limit', '$visitor->target_table', '$visitor->mode')";
|
| 90 | d072e29c | Florent Chuffart | $resultat = execQry ($insSession, $bd); |
| 91 | d072e29c | Florent Chuffart | return TRUE; |
| 92 | d072e29c | Florent Chuffart | } else {
|
| 93 | d072e29c | Florent Chuffart | echo "<B> Sorry, incorrect password for $login !</B><P>"; |
| 94 | d072e29c | Florent Chuffart | return FALSE; |
| 95 | d072e29c | Florent Chuffart | } |
| 96 | d072e29c | Florent Chuffart | } else {
|
| 97 | d072e29c | Florent Chuffart | echo "<B>Sorry, $login is not a registered login!</B><P>"; |
| 98 | d072e29c | Florent Chuffart | return FALSE; |
| 99 | d072e29c | Florent Chuffart | } |
| 100 | d072e29c | Florent Chuffart | } |
| 101 | d072e29c | Florent Chuffart | |
| 102 | d072e29c | Florent Chuffart | //check session validity, destroy if not
|
| 103 | d072e29c | Florent Chuffart | function is_valid_session ($session, $bd) { |
| 104 | d072e29c | Florent Chuffart | //is time over?
|
| 105 | d072e29c | Florent Chuffart | $now = date ("U"); |
| 106 | d072e29c | Florent Chuffart | if ($session->time_limit < $now) { |
| 107 | d072e29c | Florent Chuffart | session_destroy(); |
| 108 | d072e29c | Florent Chuffart | $destr = "DELETE FROM websession WHERE id_session='$session->id_session'"; |
| 109 | d072e29c | Florent Chuffart | $resultat = execQry ($destr, $bd); |
| 110 | d072e29c | Florent Chuffart | } else { //session is valid |
| 111 | d072e29c | Florent Chuffart | return TRUE; |
| 112 | d072e29c | Florent Chuffart | } |
| 113 | d072e29c | Florent Chuffart | } |
| 114 | d072e29c | Florent Chuffart | |
| 115 | d072e29c | Florent Chuffart | |
| 116 | d072e29c | Florent Chuffart | function get_session ($id_session, $bd) { |
| 117 | d072e29c | Florent Chuffart | $qry = "SELECT * FROM websession WHERE `id_session` = '$id_session'"; |
| 118 | d072e29c | Florent Chuffart | while($sess = mysql_fetch_object(execQry ($qry, $bd))) { |
| 119 | d072e29c | Florent Chuffart | if ($sess->id_session == $id_session) { |
| 120 | d072e29c | Florent Chuffart | return $sess; |
| 121 | d072e29c | Florent Chuffart | } |
| 122 | d072e29c | Florent Chuffart | } |
| 123 | d072e29c | Florent Chuffart | return NULL; |
| 124 | d072e29c | Florent Chuffart | } |
| 125 | d072e29c | Florent Chuffart | |
| 126 | d072e29c | Florent Chuffart | // main function for access control
|
| 127 | d072e29c | Florent Chuffart | function control_access ($nom_script, $infos_login, $id_session, $bd) { |
| 128 | d072e29c | Florent Chuffart | //recherche la session
|
| 129 | d072e29c | Florent Chuffart | $session_courante = get_session ($id_session, $bd); |
| 130 | d072e29c | Florent Chuffart | //cas 1: la session existe, on verifie sa validite
|
| 131 | d072e29c | Florent Chuffart | if (is_object($session_courante)) { |
| 132 | d072e29c | Florent Chuffart | // la session existe, est-elle valide?
|
| 133 | d072e29c | Florent Chuffart | if (is_valid_session ($session_courante, $bd)) { |
| 134 | d072e29c | Florent Chuffart | // on renvoie l'objet session
|
| 135 | d072e29c | Florent Chuffart | return $session_courante; |
| 136 | d072e29c | Florent Chuffart | } else {
|
| 137 | d072e29c | Florent Chuffart | echo "<B> Your session is not (or no longer) valid.<P></B>\n"; |
| 138 | d072e29c | Florent Chuffart | } |
| 139 | d072e29c | Florent Chuffart | } |
| 140 | d072e29c | Florent Chuffart | // Cas 2.a: La session n'existe pas mais un login et pwd ont ete fournis
|
| 141 | d072e29c | Florent Chuffart | if (isset($infos_login['visitor_login']) & isset($infos_login['visitor_pwd'])) { |
| 142 | d072e29c | Florent Chuffart | // Les login/pwd sont-ils corrects?
|
| 143 | d072e29c | Florent Chuffart | if (create_session ($bd, $infos_login['visitor_login'], $infos_login['visitor_pwd'], $id_session)) { |
| 144 | d072e29c | Florent Chuffart | // on renvoie l'object session
|
| 145 | d072e29c | Florent Chuffart | return get_session ($id_session, $bd); |
| 146 | d072e29c | Florent Chuffart | } else {
|
| 147 | d072e29c | Florent Chuffart | echo "<B> Identification failed.<P></B>\n"; |
| 148 | d072e29c | Florent Chuffart | } |
| 149 | d072e29c | Florent Chuffart | } |
| 150 | d072e29c | Florent Chuffart | // Cas 2.b: La session n'existe pas
|
| 151 | d072e29c | Florent Chuffart | // et il faut afficher le formulaire d'identification
|
| 152 | d072e29c | Florent Chuffart | LoginForm ($nom_script); |
| 153 | d072e29c | Florent Chuffart | } |
| 154 | d072e29c | Florent Chuffart | |
| 155 | d072e29c | Florent Chuffart | |
| 156 | d072e29c | Florent Chuffart | ?> |