sessions.php
author Dan
Tue, 26 May 2009 15:25:58 -0400
changeset 70 efabb54a418d
parent 44 92dd253f501c
child 74 7719085707d8
permissions -rw-r--r--
Core: should properly handle IPv4/IPv6 toggle preferences now
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
44
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     1
<?php
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     2
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     3
/**
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     4
 * Greyhound - real web management for Amarok
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     5
 * Copyright (C) 2008 Dan Fuhry
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     6
 *
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     7
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     8
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     9
 *
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    10
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    11
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    12
 */
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    13
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    14
function greyhound_login_page($httpd, $socket)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    15
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    16
  if ( session_check() )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    17
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    18
    $httpd->header('HTTP/1.1 307 Temporary Redirect');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    19
    $httpd->header('Location: /');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    20
    
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    21
    return;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    22
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    23
  $tried = false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    24
  $success = false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    25
  if ( isset($_POST['username']) && isset($_POST['password']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    26
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    27
    $tried = true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    28
    if ( $sessionid = login($_POST['username'], $_POST['password']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    29
    {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    30
      $success = true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    31
      $httpd->setcookie('grey_session', $sessionid, time() + ( 86400 * 3650 ));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    32
    }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    33
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    34
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    35
  global $theme;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    36
  $iphone = ( ( strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') ||
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    37
       strpos($_SERVER['HTTP_USER_AGENT'], 'iPod') ||
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    38
       strpos($_SERVER['HTTP_USER_AGENT'], 'BlackBerry') ||
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    39
       isset($_GET['m']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    40
       && !isset($_GET['f'])
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    41
       );
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    42
  $theme_id = ( $iphone ) ? 'iphone' : $theme;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    43
  $smarty = load_theme($theme_id);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    44
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    45
  $smarty->assign('theme', $theme_id);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    46
  $smarty->assign('greyhound_version', GREY_VERSION);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    47
  $smarty->assign('tried', $tried);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    48
  $smarty->assign('success', $success);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    49
  $smarty->display('login.tpl');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    50
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    51
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    52
function greyhound_logout($httpd, $socket)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    53
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    54
  // destroy the session
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    55
  if ( isset($_COOKIE['grey_session']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    56
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    57
    load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    58
    global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    59
    unset($session_data[$_COOKIE['grey_session']]);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    60
    session_commit_db();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    61
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    62
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    63
  $httpd->setcookie('grey_session', '', time() - 864000);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    64
  $httpd->header('HTTP/1.1 307 Temporary Redirect');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    65
  $httpd->header('Location: /');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    66
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    67
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    68
/**
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    69
 * Check to see if we're logged in
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    70
 */
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    71
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    72
function session_check()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    73
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    74
  global $use_auth, $auth_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    75
  if ( isset($_COOKIE['grey_session']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    76
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    77
    load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    78
    global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    79
    if ( isset($session_data[$_COOKIE['grey_session']]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    80
    {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    81
      // has a cookie with a valid session ID, check credentials
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    82
      $session =& $session_data[$_COOKIE['grey_session']];
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    83
      if ( isset($auth_data[$session['user']]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    84
      {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    85
        if ( $session['hash'] === md5($auth_data[$session['user']] . $session['salt']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    86
        {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    87
          // session is valid, logged in
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    88
          return true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    89
        }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    90
      }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    91
    }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    92
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    93
  return ( $use_auth ) ? false : true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    94
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    95
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    96
function login($username, $password)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    97
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    98
  global $use_auth, $auth_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    99
  if ( !$use_auth )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   100
    return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   101
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   102
  if ( isset($auth_data[$username]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   103
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   104
    if ( $auth_data[$username] === $password )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   105
    {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   106
      return create_session($username, $password);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   107
    }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   108
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   109
  return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   110
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   111
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   112
function create_session($username, $password)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   113
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   114
  load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   115
  global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   116
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   117
  $sessid = md5(sha1(microtime() . mt_rand()));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   118
  $salt = md5(sha1(md5(mt_rand() . microtime() . microtime() . mt_rand())));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   119
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   120
  $session_data[$sessid] = array(
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   121
      'user' => $username,
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   122
      'hash' => md5($password . $salt),
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   123
      'salt' => $salt
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   124
    );
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   125
  session_commit_db();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   126
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   127
  return $sessid;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   128
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   129
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   130
function var_export_string($arr)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   131
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   132
  ob_start();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   133
  var_export($arr);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   134
  $r = ob_get_contents();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   135
  ob_end_clean();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   136
  return $r;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   137
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   138
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   139
function session_commit_db()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   140
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   141
  global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   142
  $d = var_export_string($session_data);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   143
  $fp = @fopen('./session_db.php', 'w');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   144
  if ( !$fp )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   145
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   146
    warning('Could not open the session database for writing. Logins may not work.');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   147
    return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   148
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   149
  $d = <<<EOF
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   150
<?php
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   151
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   152
// Automatically generated session database for Greyhound. Do not edit this file!
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   153
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   154
\$GLOBALS['session_data'] = $d;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   155
EOF;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   156
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   157
  fwrite($fp, $d);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   158
  fclose($fp);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   159
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   160
  return true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   161
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   162
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   163
function load_session_data()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   164
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   165
  if ( file_exists('./session_db.php') )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   166
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   167
    require('./session_db.php');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   168
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   169
  else
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   170
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   171
    $GLOBALS['session_data'] = array();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   172
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   173
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   174
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   175
$session_data = array();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   176
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   177
?>