Show session_passport.php syntax highlighted
<?php
/**
* Session object which checks if the current user is guest,registered and what are his rights.
* Manages ECP Session implementation with database storage for data and additional information
* such as: user's location, idle time, session id etc.
*
* Supports also Single SignOn (Passport) function simillar to CAS implementation. (CAS not implemented yet)
*
* @package Session
* @author Luke Satin <cyberluk@seznam.cz>
* @version 0.9.8
* @todo CAS based verification
*/
class Session implements Session_interface {
/**
*
* @acccess private
*/
protected static $logged = false;
/**
*
* @return bool Returns true if current session is valid eg. the user is logged in.
*/
public static function isValid() {
return self :: $logged;
}
public static function Logout() {
i18n :: setDefaultLanguage();
DB :: DeleteById('ecp_engine_sessions', User :: getSID());
Storage :: Delete("session_id", Storage :: USER);
User :: setSID(false);
self :: $logged = false;
User :: setAuthor(false);
User :: setBlank();
}
/**
* This main method of Session class which creates a new session and sets its properties. At first it checks for users cookie validity and then it sends a message to {@link User} object.
*
* @return bool A boolean value is returned. Returns true if session is valid = user is logged or has been already logged or false if session is no longer valid or if there was a possible security issue.
*/
public static function Create() {
global $XCS, $ECP, $Config;
self :: $logged = false;
try {
if (isset ($_POST['logout']) || isset ($_GET['logout'])) {
self :: Logout();
return false;
}
self :: VerifyUser();
// LOGGED IN
$userid = Storage :: Load('userid');
if ($userid) {
User :: setProfile($userid, Storage :: Load('nick'));
Debug :: addReport('LOGGED IN AS: ' . User :: $profile->nick . '(group:' . User :: $profile->group . ')', 0);
i18n :: setLanguage(User :: $profile->language);
self :: $logged = true;
} else {
// ANONYMOUS USER
i18n :: setDefaultLanguage();
User :: setBlank();
Debug :: addReport('Setting guest user profile.', 0);
self :: $logged = true;
}
} catch (AuthException $e) {
Debug :: addReport('AuthException: ' . $e->getMessage(), 1);
if (isset ($_POST['nick']) && isset ($_POST['password']) && !empty ($_POST['nick']) && !empty ($_POST['password'])) {
$nick = $_POST['nick'];
$password = sha1($_POST['password']);
$UID = self :: VerifyUser($nick, $password, $XCS->getServer()->id);
// WRONG LOGIN
if ($UID === false) {
User :: wrongLogin();
Engine :: CallError(401);
} else {
// INACTIVE ACCOUNT
if (User :: $profile->status == User :: INACTIVE) {
Engine :: CallError(902);
}
// LOGGING IN
$SID = self :: generateSID();
User :: setSID($SID);
User :: goodLogin();
Storage :: Save('userid', $UID);
Storage :: Save('nick', $nick);
i18n :: setLanguage(User :: $profile->language);
self :: $logged = true;
}
} else {
// ANONYMOUS USER
i18n :: setDefaultLanguage();
User :: setBlank();
Debug :: addReport('Setting guest user profile.', 0);
}
}
return self :: $logged;
}
private static function _verifyLogin($nick, $password, $scope) {
$nick = String :: Escape($nick);
$password = String :: Escape($password);
$TA = new TA();
$TA->addQuery(TA :: SELECT, "ecp_engine_users");
$TA->addParam("id");
$TA->addParam("currentAccess");
$TA->addParam("password");
$TA->WHERE("`nick`='" . $nick . "'");
$TA->LIMIT(1);
$TA->Execute();
$result = $TA->Result()->FetchObject();
$TA->removeQuery();
if (!$result) {
return false;
}
$TA->addQuery(TA :: SELECT, "ecp_engine_authors");
$TA->addParam("password");
$TA->WHERE("`nick`='" . $nick . "' AND (`scope`='" . $scope . "' OR `scope`='0')");
$TA->LIMIT(1);
$TA->Execute();
$is_author = $TA->Result()->FetchObject();
$TA->End();
if (!$is_author) {
User :: setAuthor(false);
} else {
User :: setAuthor(true);
$result->password = $is_author->password;
}
if ($result->password !== $password) {
return false;
}
// Save client info
$detect = new Net_UserAgent_Detect();
$detect->Net_UserAgent_Detect();
if (isset ($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
$proxy = $_SERVER['REMOTE_ADDR'];
} else
if (isset ($_SERVER['HTTP_CLIENT_IP'])) {
$IP = $_SERVER['HTTP_CLIENT_IP'];
$proxy = $_SERVER['REMOTE_ADDR'];
} else {
$IP = $_SERVER['REMOTE_ADDR'];
$proxy = false;
}
$currentAccess = "Poslednà pÅ™Ãstup: " . Date :: NOW() . " z " . $IP . " (proxy server: " . $proxy . ") - " . $detect->getOSString() . " (" . $detect->getBrowserString() . ").";
DB :: UpdateById('ecp_engine_users', $result->id, array (
'lastAccess' => $result->currentAccess,
'currentAccess' => $currentAccess
));
$userid = $result->id;
User :: setProfile($userid, $nick);
return $userid;
}
public static function getSID() {
return Storage :: Load('session_id', Storage :: USER);
}
public static function generateSID() {
global $Config;
$SID = Engine :: generateUniqueToken();
Storage :: Save('session_id', $SID, Storage :: USER);
return $SID;
}
private static function VerifyUser($nick = false, $password = false, $scope = false) {
if ($nick !== false && $password !== false && $scope !== false) {
return self :: _verifyLogin($nick, $password, $scope);
}
try {
$SID = self :: getSID();
User :: setSID($SID);
$result = User :: hasSession();
if (!$result)
throw new AuthException('Invalid session');
else {
DB :: UpdateById('ecp_engine_sessions', User :: getSID(), array (
'location' => Location :: getURI()));
return true;
}
} catch (StorageException $e) {
throw new AuthException('Not logged in');
}
}
}
?>
See more files for this project here
EliteCore Project is a PHP5.1/Javascript/AJAX/XHTML/CSS framework for creating WEB 2.0 applications and services.The basic open-source instalation can be also used as an interactive personal page or BLOG.This project uses the latest features available.
Project homepage:
http://sourceforge.net/projects/elitecore
Programming language(s): JavaScript,PHP,XML
License: cpl
debug/
content.php
exceptions/
ajaxflush.php
nomodule.php
undefineddata.php
interface/
encryption.php
form.php
module_class.php
session_interface.php
renderers/
default.php
sql/
mysql.php
mysqli.php
themes/
ECP/
accept.png
add.png
alt_star.gif
anchor.png
arrow_refresh.png
asterisk_orange.png
asterisk_yellow.png
attach.png
back.png
cog_error.png
cog_go.png
comment.png
comment_add.png
comment_delete.png
comment_edit.png
comments.png
comments_add.png
comments_delete.png
control_play_blue.png
drive.png
gnome-fs-directory.png
gnome-mime-audio.png
layers.png
layout.png
layout_add.png
layout_content.png
layout_delete.png
layout_edit.png
layout_error.png
layout_header.png
layout_link.png
layout_sidebar.png
lightbulb.png
lightbulb_add.png
lightbulb_delete.png
lightbulb_off.png
lightning.png
lightning_add.png
lightning_delete.png
lightning_go.png
link.png
link_add.png
link_break.png
link_delete.png
link_edit.png
link_error.png
link_go.png
lock.png
lock_add.png
lock_break.png
lock_delete.png
lock_edit.png
lock_go.png
lock_open.png
newspaper.png
newspaper_add.png
newspaper_delete.png
newspaper_go.png
newspaper_link.png
note.gif
note.png
note_add.png
note_delete.gif
note_delete.png
note_edit.png
note_error.png
note_go.png
note_new.gif
overlays.png
package.png
package_add.png
package_delete.png
package_go.png
package_green.png
package_link.png
page.gif
page.png
page_add.png
page_attach.png
page_code.png
page_copy.png
page_delete.png
page_edit.png
page_error.png
page_excel.png
page_find.png
page_gear.png
page_go.png
page_green.png
page_key.png
page_lightning.png
page_link.png
page_paintbrush.png
page_paste.png
page_red.png
page_refresh.png
page_save.png
page_white.png
pencil.png
pencil_add.png
pencil_delete.png
pencil_go.png
photo.png
photo_add.png
photo_delete.png
photo_link.png
photos.png
picture.png
picture_add.png
picture_delete.png
picture_edit.png
picture_empty.png
picture_error.png
picture_go.png
picture_key.png
picture_link.png
picture_save.png
pictures.png
plugin.png
plugin_add.png
plugin_delete.png
plugin_disabled.png
plugin_edit.png
plugin_error.png
plugin_go.png
plugin_link.png
report.png
report_add.png
report_delete.png
report_disk.png
report_edit.png
report_go.png
report_key.png
report_link.png
report_magnify.png
report_picture.png
report_user.png
report_word.png
script.png
script_add.png
script_code.png
script_code_red.png
script_delete.png
script_edit.png
script_error.png
script_gear.png
script_go.png
script_key.png
script_lightning.png
script_link.png
script_palette.png
script_save.png
star.png
star_rating.gif
stop.png
style.png
text_align_center.png
text_align_justify.png
text_align_left.png
text_align_right.png
text_allcaps.png
text_bold.png
text_columns.png
text_dropcaps.png
text_heading_1.png
text_heading_2.png
text_heading_3.png
text_heading_4.png
text_heading_5.png
text_heading_6.png
text_horizontalrule.png
text_indent.png
text_indent_remove.png
text_italic.png
text_kerning.png
text_letter_omega.png
text_letterspacing.png
text_linespacing.png
text_list_bullets.png
text_list_numbers.png
text_lowercase.png
text_padding_bottom.png
text_padding_left.png
text_padding_right.png
text_padding_top.png
text_replace.png
text_signature.png
text_smallcaps.png
text_strikethrough.png
text_subscript.png
text_superscript.png
text_underline.png
text_uppercase.png
textfield.png
textfield_add.png
textfield_delete.png
textfield_key.png
textfield_rename.png
tux.png
vert_star.gif
ECP.xml
Icon.php
Location.php
Module.php
ModulesManager.php
MusicTags.php
Page.php
XHTMLParser.php
XMLForms.php
ajax.php
author.html
cache.php
config.php
date.php
db.php
debug.php
ecp-full.php
ecp-mini.php
engine.php
events.php
filesystem.php
footer.html
i18n.php
mailer.php
main.css
mcrypt.php
mime.php
mod_rewrite.php
perspective.php
rc4.php
reflection.php
session_passport.php
storage.php
string.php
template.php
texy.php
user.php
user_cache.php
wysiwyg_texy.php
xhtml_form.php
xtea.php