Greyhound: sessions.php@8663af0e27c7 (annotated)

44 92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	1	<?php
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	2
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	3	/**
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	4	* Greyhound - real web management for Amarok
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	5	* Copyright (C) 2008 Dan Fuhry
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	6	*
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	7	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	8	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	9	*
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	10	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	11	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	12	*/
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	13
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	14	function greyhound_login_page($httpd, $socket)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	15	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	16	if ( session_check() )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	17	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	18	$httpd->header('HTTP/1.1 307 Temporary Redirect');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	19	$httpd->header('Location: /');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	20
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	21	return;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	22	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	23	$tried = false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	24	$success = false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	25	if ( isset($_POST['username']) && isset($_POST['password']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	26	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	27	$tried = true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	28	if ( $sessionid = login($_POST['username'], $_POST['password']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	29	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	30	$success = true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	31	$httpd->setcookie('grey_session', $sessionid, time() + ( 86400 * 3650 ));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	32	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	33	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	34
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	35	global $theme;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	36	$iphone = ( ( strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') \|\|
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	37	strpos($_SERVER['HTTP_USER_AGENT'], 'iPod') \|\|
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	38	strpos($_SERVER['HTTP_USER_AGENT'], 'BlackBerry') \|\|
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	39	isset($_GET['m']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	40	&& !isset($_GET['f'])
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	41	);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	42	$theme_id = ( $iphone ) ? 'iphone' : $theme;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	43	$smarty = load_theme($theme_id);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	44
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	45	$smarty->assign('theme', $theme_id);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	46	$smarty->assign('greyhound_version', GREY_VERSION);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	47	$smarty->assign('tried', $tried);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	48	$smarty->assign('success', $success);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	49	$smarty->display('login.tpl');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	50	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	51
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	52	function greyhound_logout($httpd, $socket)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	53	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	54	// destroy the session
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	55	if ( isset($_COOKIE['grey_session']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	56	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	57	load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	58	global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	59	unset($session_data[$_COOKIE['grey_session']]);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	60	session_commit_db();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	61	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	62
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	63	$httpd->setcookie('grey_session', '', time() - 864000);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	64	$httpd->header('HTTP/1.1 307 Temporary Redirect');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	65	$httpd->header('Location: /');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	66	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	67
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	68	/**
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	69	* Check to see if we're logged in
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	70	*/
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	71
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	72	function session_check()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	73	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	74	global $use_auth, $auth_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	75	if ( isset($_COOKIE['grey_session']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	76	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	77	load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	78	global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	79	if ( isset($session_data[$_COOKIE['grey_session']]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	80	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	81	// has a cookie with a valid session ID, check credentials
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	82	$session =& $session_data[$_COOKIE['grey_session']];
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	83	if ( isset($auth_data[$session['user']]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	84	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	85	if ( $session['hash'] === md5($auth_data[$session['user']] . $session['salt']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	86	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	87	// session is valid, logged in
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	88	return true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	89	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	90	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	91	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	92	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	93	return ( $use_auth ) ? false : true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	94	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	95
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	96	function login($username, $password)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	97	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	98	global $use_auth, $auth_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	99	if ( !$use_auth )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	100	return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	101
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	102	if ( isset($auth_data[$username]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	103	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	104	if ( $auth_data[$username] === $password )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	105	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	106	return create_session($username, $password);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	107	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	108	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	109	return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	110	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	111
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	112	function create_session($username, $password)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	113	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	114	load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	115	global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	116
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	117	$sessid = md5(sha1(microtime() . mt_rand()));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	118	$salt = md5(sha1(md5(mt_rand() . microtime() . microtime() . mt_rand())));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	119
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	120	$session_data[$sessid] = array(
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	121	'user' => $username,
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	122	'hash' => md5($password . $salt),
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	123	'salt' => $salt
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	124	);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	125	session_commit_db();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	126
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	127	return $sessid;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	128	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	129
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	130	function var_export_string($arr)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	131	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	132	ob_start();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	133	var_export($arr);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	134	$r = ob_get_contents();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	135	ob_end_clean();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	136	return $r;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	137	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	138
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	139	function session_commit_db()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	140	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	141	global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	142	$d = var_export_string($session_data);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	143	$fp = @fopen('./session_db.php', 'w');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	144	if ( !$fp )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	145	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	146	warning('Could not open the session database for writing. Logins may not work.');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	147	return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	148	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	149	$d = <<<EOF
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	150	<?php
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	151
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	152	// Automatically generated session database for Greyhound. Do not edit this file!
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	153
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	154	\$GLOBALS['session_data'] = $d;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	155	EOF;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	156
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	157	fwrite($fp, $d);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	158	fclose($fp);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	159
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	160	return true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	161	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	162
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	163	function load_session_data()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	164	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	165	if ( file_exists('./session_db.php') )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	166	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	167	require('./session_db.php');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	168	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	169	else
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	170	{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	171	$GLOBALS['session_data'] = array();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	172	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	173	}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	174
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	175	$session_data = array();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	176
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based. Dan parents: diff changeset	177	?>

author	Dan
	Tue, 26 May 2009 15:26:22 -0400
changeset 71	8663af0e27c7
parent 44	92dd253f501c
child 74	7719085707d8
permissions	-rw-r--r--