sessions.php
author Dan
Tue, 23 Sep 2008 23:26:18 -0400
changeset 50 1b4288399b1f
parent 44 92dd253f501c
child 74 7719085707d8
permissions -rw-r--r--
Added graphical configuration, at this point only for the grey theme but others will follow soon. (This has been nearly done for two weeks or more but was on hold due to the bugs with multithreading)
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
44
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     1
<?php
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     2
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     3
/**
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     4
 * Greyhound - real web management for Amarok
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     5
 * Copyright (C) 2008 Dan Fuhry
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     6
 *
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     7
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     8
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
     9
 *
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    10
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    11
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    12
 */
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    13
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    14
function greyhound_login_page($httpd, $socket)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    15
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    16
  if ( session_check() )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    17
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    18
    $httpd->header('HTTP/1.1 307 Temporary Redirect');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    19
    $httpd->header('Location: /');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    20
    
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    21
    return;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    22
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    23
  $tried = false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    24
  $success = false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    25
  if ( isset($_POST['username']) && isset($_POST['password']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    26
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    27
    $tried = true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    28
    if ( $sessionid = login($_POST['username'], $_POST['password']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    29
    {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    30
      $success = true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    31
      $httpd->setcookie('grey_session', $sessionid, time() + ( 86400 * 3650 ));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    32
    }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    33
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    34
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    35
  global $theme;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    36
  $iphone = ( ( strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') ||
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    37
       strpos($_SERVER['HTTP_USER_AGENT'], 'iPod') ||
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    38
       strpos($_SERVER['HTTP_USER_AGENT'], 'BlackBerry') ||
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    39
       isset($_GET['m']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    40
       && !isset($_GET['f'])
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    41
       );
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    42
  $theme_id = ( $iphone ) ? 'iphone' : $theme;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    43
  $smarty = load_theme($theme_id);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    44
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    45
  $smarty->assign('theme', $theme_id);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    46
  $smarty->assign('greyhound_version', GREY_VERSION);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    47
  $smarty->assign('tried', $tried);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    48
  $smarty->assign('success', $success);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    49
  $smarty->display('login.tpl');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    50
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    51
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    52
function greyhound_logout($httpd, $socket)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    53
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    54
  // destroy the session
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    55
  if ( isset($_COOKIE['grey_session']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    56
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    57
    load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    58
    global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    59
    unset($session_data[$_COOKIE['grey_session']]);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    60
    session_commit_db();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    61
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    62
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    63
  $httpd->setcookie('grey_session', '', time() - 864000);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    64
  $httpd->header('HTTP/1.1 307 Temporary Redirect');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    65
  $httpd->header('Location: /');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    66
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    67
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    68
/**
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    69
 * Check to see if we're logged in
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    70
 */
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    71
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    72
function session_check()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    73
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    74
  global $use_auth, $auth_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    75
  if ( isset($_COOKIE['grey_session']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    76
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    77
    load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    78
    global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    79
    if ( isset($session_data[$_COOKIE['grey_session']]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    80
    {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    81
      // has a cookie with a valid session ID, check credentials
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    82
      $session =& $session_data[$_COOKIE['grey_session']];
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    83
      if ( isset($auth_data[$session['user']]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    84
      {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    85
        if ( $session['hash'] === md5($auth_data[$session['user']] . $session['salt']) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    86
        {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    87
          // session is valid, logged in
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    88
          return true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    89
        }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    90
      }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    91
    }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    92
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    93
  return ( $use_auth ) ? false : true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    94
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    95
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    96
function login($username, $password)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    97
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    98
  global $use_auth, $auth_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
    99
  if ( !$use_auth )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   100
    return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   101
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   102
  if ( isset($auth_data[$username]) )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   103
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   104
    if ( $auth_data[$username] === $password )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   105
    {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   106
      return create_session($username, $password);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   107
    }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   108
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   109
  return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   110
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   111
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   112
function create_session($username, $password)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   113
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   114
  load_session_data();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   115
  global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   116
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   117
  $sessid = md5(sha1(microtime() . mt_rand()));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   118
  $salt = md5(sha1(md5(mt_rand() . microtime() . microtime() . mt_rand())));
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   119
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   120
  $session_data[$sessid] = array(
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   121
      'user' => $username,
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   122
      'hash' => md5($password . $salt),
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   123
      'salt' => $salt
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   124
    );
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   125
  session_commit_db();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   126
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   127
  return $sessid;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   128
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   129
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   130
function var_export_string($arr)
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   131
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   132
  ob_start();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   133
  var_export($arr);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   134
  $r = ob_get_contents();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   135
  ob_end_clean();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   136
  return $r;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   137
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   138
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   139
function session_commit_db()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   140
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   141
  global $session_data;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   142
  $d = var_export_string($session_data);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   143
  $fp = @fopen('./session_db.php', 'w');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   144
  if ( !$fp )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   145
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   146
    warning('Could not open the session database for writing. Logins may not work.');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   147
    return false;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   148
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   149
  $d = <<<EOF
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   150
<?php
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   151
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   152
// Automatically generated session database for Greyhound. Do not edit this file!
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   153
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   154
\$GLOBALS['session_data'] = $d;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   155
EOF;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   156
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   157
  fwrite($fp, $d);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   158
  fclose($fp);
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   159
  
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   160
  return true;
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   161
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   162
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   163
function load_session_data()
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   164
{
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   165
  if ( file_exists('./session_db.php') )
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   166
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   167
    require('./session_db.php');
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   168
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   169
  else
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   170
  {
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   171
    $GLOBALS['session_data'] = array();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   172
  }
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   173
}
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   174
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   175
$session_data = array();
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   176
92dd253f501c First shot at getting a session management system in place. Login and logout pages are there, and auth seems to be working and sufficiently secure for the moment. Sessions last indefinitely and are cookie-based.
Dan
parents:
diff changeset
   177
?>