Context Navigation

user.php

Revision 1733, 8.4 kB (checked in by mbonetti, 18 months ago)
made two ini_set's warning-safe

Line
1	<?php
2
3	###############################################################################
4	# Gregarius - A PHP based RSS aggregator.
5	# Copyright (C) 2003 - 2006 Marco Bonetti
6	#
7	###############################################################################
8	# This program is free software and open source software; you can redistribute
9	# it and/or modify it under the terms of the GNU General Public License as
10	# published by the Free Software Foundation; either version 2 of the License,
11	# or (at your option) any later version.
12	#
13	# This program is distributed in the hope that it will be useful, but WITHOUT
14	# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15	# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16	# more details.
17	#
18	# You should have received a copy of the GNU General Public License along
19	# with this program; if not, write to the Free Software Foundation, Inc.,
20	# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA or visit
21	# http://www.gnu.org/licenses/gpl.html
22	#
23	###############################################################################
24	# E-mail: mbonetti at gmail dot com
25	# Web page: http://gregarius.net/
26	#
27	###############################################################################
28	rss_require('cls/wrappers/user.php');
29
30	define ('RSS_USER_ACTION_LOGIN',0x01);
31	define ('RSS_USER_ACTION_COOKIE',0x02);
32	define ('RSS_USER_ACTION_SESSION',0x04);
33	define ('RSS_USER_ACTION_LOGOUT',0x08);
34
35	/**
36	* The RSSUser class holds all the business logic to handle Gregarius users
37	*/
38	class RSSUser {
39	/** Userid */
40	var $_uid;
41	/** Userlevel */
42	var $_level;
43	/** Username */
44	var $_uname;
45	/** md5 hash of the user password */
46	var $_hash;
47	/** List of valid IP subnets this user is allowed to log in via a cookie */
48	var $_validIPs;
49	/** Mobile session */
50	var $_mobileSession;
51	/** Action */
52	var $_action;
53	/** Show private feeds/items */
54	var $_showPrivate;
55
56	/**
57	* RSSUser constructor:
58	* Handles:
59	* -logout
60	* -cookie login (with validation)
61	* -login
62	*/
63	function RSSUser() {
64
65	$this -> _uid = 0;
66	$this -> _validIPs = array();
67	$this -> _level = RSS_USER_LEVEL_NOLEVEL;
68	$this -> _uname = '';
69	$this -> _realName = '';
70	$this -> _hash = null;
71	$this -> _showPrivate = 0;
72
73
74	$this -> _mobileSession =
75	isset($_POST['media']) && 'mobile' == $_POST['media'];
76
77	if ('mobile' == getThemeMedia()) {
78	@ini_set('session.use_trans_sid',true);
79	session_start();
80	}
81
82	if (array_key_exists('logout',$_GET)) {
83	$this -> logout();
84	rss_redirect('');
85	}
86
87	$cuname = $chash = null;
88	if (isset($_POST['username']) && isset($_POST['password'])) {
89	$_cuname = trim($_POST['username']);
90	if ($this -> _mobileSession) {
91	$_chash = md5(md5($_POST['password'] . $_POST['username']));
92	} else {
93	$_chash = md5($_POST['password']);
94	}
95	if ($this -> login($_cuname,$_chash)) {
96	$cuname = $_cuname;
97	$chash = $_chash;
98	$this -> _action = RSS_USER_ACTION_LOGIN;
99	}
100	}
101	elseif (isset($_COOKIE[RSS_USER_COOKIE])) {
102	list($cuname,$chash) = explode('\|',$_COOKIE[RSS_USER_COOKIE]);
103	$this -> _action = RSS_USER_ACTION_COOKIE;
104	}
105	elseif(isset($_SESSION['mobile'])) {
106	list($cuname,$chash) = explode('\|',$_SESSION['mobile']);
107	$this -> _mobileSession = true;
108	$this -> _action = RSS_USER_ACTION_SESSION;
109	}
110	if ($cuname && $chash) {
111	$sql = "select uid, uname, ulevel, realname, userips from " . getTable('users') . " where uname='"
112	.rss_real_escape_string($cuname) ."' and password='"
113	.preg_replace('#[^a-zA-Z0-9]#','',md5($chash)) ."'";
114	$rs = rss_query($sql);
115	if (rss_num_rows($rs) == 1) {
116	list($uid, $uname, $level, $realName, $tmpUserIps) = rss_fetch_row($rs);
117	$userIPs = explode(' ',$tmpUserIps);
118	$subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']);
119	if ((array_search($subnet, $userIPs) !== FALSE) \|\| ($this -> _action != RSS_USER_ACTION_COOKIE)) {
120	$this -> _uid = $uid;
121	$this -> _uname = $uname;
122	$this -> _validIPs = $userIPs;
123	$this -> _level = $level;
124	$this -> _realName = $realName;
125	$this -> _hash = $chash;
126	}
127	}
128	}
129	}
130
131	/**
132	* Logs in a user given the username and password.
133	* If the user provided valid username and password,
134	* he is given a cookie and his IP address subnet is added
135	* to the list of valid IPs this user is allowed to log in
136	* via a cookie
137	*
138	* Returns true on a successful login, false otherwise.
139	*/
140	function login($uname,$pass) {
141	$sql ="select uname,ulevel,userips from " .getTable('users') . "where uname='"
142	.rss_real_escape_string($uname)."' and password='".md5($pass)."'";
143	list($uname,$ulevel,$userips) = rss_fetch_row(rss_query($sql));
144	if ($ulevel == '') {
145	$ulevel = RSS_USER_LEVEL_NOLEVEL;
146	return false;
147	} else {
148	// "push" the user IP into the list of logged-in IP subnets
149	$subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']);
150	$this -> _validIPs = explode(' ',$userips);
151	$this -> _validIPs[] = $subnet;
152	$sql = "update " .getTable('users')
153	. " set userips = '" . implode(' ', $this -> _validIPs ) ."'"
154	." where uname = '$uname' ";
155	rss_query($sql);
156	if ($this -> _mobileSession) {
157	$this -> setUserSession($uname,$pass);
158	} else {
159	$this -> setUserCookie($uname,$pass);
160	}
161	rss_invalidate_cache();
162	return true;
163	}
164	return false;
165	}
166
167	/**
168	* Hands the user a yummy cookie.
169	* The cookie holds the md5 hash of the user password
170	*/
171	function setUserCookie($user,$hash) {
172	$rs = rss_query(
173	'select value_ from ' .getTable('config') . "where key_ = 'rss.config.autologout'", false,true);
174	if (rss_is_sql_error(RSS_SQL_ERROR_NO_ERROR) && rss_num_rows($rs) > 0) {
175	list($als) = rss_fetch_row($rs);
176	$al = ($als == 'true');
177	} else {
178	$al = false;
179	}
180	$t = $al ? 0: time()+COOKIE_LIFESPAN;
181	setcookie(RSS_USER_COOKIE, $user .'\|' . $hash , $t, getPath());
182	}
183
184	function setUserSession($user,$hash) {
185	$_SESSION['mobile'] = $user . "\|" . $hash;
186	}
187
188	/**
189	* Logs the user out.
190	* - deletes the cookie
191	* - removes the user's IP subnet from the list of valid subnets this
192	* user is allowed to log in with a cookie.
193	*/
194	function logout() {
195	if (array_key_exists(RSS_USER_COOKIE, $_COOKIE) \|\| isset($_SESSION['mobile'])) {
196	$subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']);
197
198	if (($idx = array_search($subnet, $this -> _validIPs)) !== FALSE) {
199	$cnt = count($this -> _validIPs);
200	unset($this -> _validIPs[$idx]);
201	$uname = trim($this -> _uname);
202	if ($uname && ($cnt > count($this -> _validIPs))) {
203	$sql = "update " .getTable('users')
204	. " set userips = '" . implode(' ',$this -> _validIPs) ."'"
205	." where uname = '$uname' ";
206	rss_query($sql);
207	}
208	}
209
210	// get rid of the cookie
211	unset($_COOKIE[RSS_USER_COOKIE]);
212	setcookie(RSS_USER_COOKIE, "", -1, getPath());
213	if (isset($_SESSION['mobile'])) {
214	unset($_SESSION['mobile']);
215	}
216
217	rss_invalidate_cache();
218	}
219	}
220
221	///// Getters //////
222	function getUserName() {
223	return $this -> _uname;
224	}
225
226	function getUserLevel() {
227	return $this -> _level;
228	}
229
230	function getShowPrivate() {
231	return true; //$this -> _showPrivate;
232	}
233	function setShowPrivate($show) {
234	$this -> _showPrivate = $show;
235	}
236	}
237
238	// Create the unique instance.
239	$GLOBALS['rssuser'] = new RSSUser();
240	?>

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/gregarius/cls/user.php

Download in other formats: