I’m trying to write a class for authentication. I’ve got it going quite
good but there are some problems I’m not shure how to deal with.
First, here's the idea:
When the class is called, the constructor checks a session variable to
see if the user is logged in. If not, it checks if a client-cookie is
set.
If the user is already logged in, the checksession function checks a
database to see if ip matches and so on. If all that matces, the session
is updated. If on the other hand a client-cookie is set, the cookie is
compared to the database and if true, the session is updated.
Now, when the user logs in, he can check a box if he wants to
remembered. Then, a cookie is generated and sent to client.
The problem is, a cookie seems to be generated, even if I don't check
the check box. Further more, when I log in, the session seems to be set.
When I refresh, a cookie that isn't supposed to exist is checked and the
session variables don't work. Then if I refresh again the session is ok
but cookie is not checked etc...
If someone has the time it would be great if he or she could take a look
at the code. Thanks in advance for any help.
Class.auth.php
-----------------------------------------
<?php
class Auth {
var $id=0;
var $failed=false;
var $debug;
var $mysql=null;
function auth($debug=0){
$this->debug=$debug;
$this->mysql=dbConnect($debug);
if ($_SESSION['logged']) {
$this->_checkSession();
}
elseif ( isset($_COOKIE['auth']) ) {
$this->_checkRemembered($_COOKIE['auth']);
}
}
function _checkLogin($username,$password,$remember){
if($this->debug) echo "<b>checking login...</b><br>";
if($remember="true"){
$remember=true;
}
else{
$remember=false;
}
$username=$this->mysqlEsc($username);
$password=$this->mysqlEsc(md5($password));
if($this->mysql->query("SELECT * FROM member WHERE
username=$username AND password=$password")){
if($this->mysql->num_rows() > 0){
while($this->mysql->movenext()){
$values=$this->mysql->getrow();
}
$this->_setSession($values,$remember);
return true;
}
else{
$this->failed=true;
$this->_logout();
return false;
}
}
else{
print "could not connect db.";
}
}
function _setSession(&$values,$remember,$init=true){
if($this->debug) echo "<b>Setting session...</b><br>";
$this->id = $values[id];
if(!$values[cookie] && $remember==true){
$cookie=$this->generateCookie();
$_SESSION['cookie'] = $cookie;
}
else{
$_SESSION['cookie'] = $values[cookie];
$cookie=$values[cookie];
}
$_SESSION['uid'] = $this->id;
$_SESSION['username'] =
htmlspecialchars($values[username]);
$_SESSION['logged'] = true;
if($remember==true) {
$this->updateCookie($cookie, true);
}
if($init) {
$session = $this->mysqlEsc(session_id());
$ip = $this->mysqlEsc($_SERVER['REMOTE_ADDR']);
$sql = "UPDATE member SET session=$session,
ip=$ip WHERE ".
"id = $this->id";
$this->mysql->query($sql);
}
}
function _checkSession() {
if($this->debug) echo "<b>checking session...</b><br>";
$username = $this->mysqlEsc($_SESSION['username']);
$cookie = $this->mysqlEsc($_SESSION['cookie']);
$session = $this->mysqlEsc(session_id());
$ip = $this->mysqlEsc($_SERVER['REMOTE_ADDR']);
$sql = "SELECT * FROM member WHERE " .
"(username = $username) AND (cookie = $cookie) AND " .
"(session = $session) AND (ip = $ip)";
if($this->mysql->query($sql)){
while($this->mysql->movenext()){
$result=$this->mysql->getrow();
}
}
if (is_object($result) ) {
$this->_setSession($result, false, false);
}
else{
$this->_logout();
}
}
function updateCookie($cookie, $save) {
if($this->debug) echo "<b>Updating cookie...</b><br>";
$_SESSION['cookie'] = $cookie;
if ($save) {
$cookie=$this->mysqlEsc($cookie);
$sql = "UPDATE member SET cookie=$cookie WHERE
".
"id = $this->id";
$this->mysql->query($sql);
$cookie =
base64_encode(serialize(array($_SESSION['username'], $cookie)));
setcookie('auth', $cookie, time() + 31104000,
'/', 'www.reddast.is');
}
}
function generateCookie(){
if($this->debug) echo "<b>Generating cookie...</b><br>";
$cookie=md5(uniqid(mt_rand(1, mt_getrandmax())));
return $cookie;
}
function deleteCookie($name) {
if (!headers_sent() ) {
if($this->debug) echo "<b>Deleting
cookie...</b><br>";
$id=$this->mysqlEsc($this->id);
$sql = "UPDATE member SET cookie='' WHERE ".
"id = $this->id";
$this->mysql->query($sql);
setcookie($name, 'bogus', time() - 3600, '/');
}
}
function _checkRemembered($cookie) {
$cookie=base64_decode($cookie);
if($this->debug) echo "<b>checking cookie
".$cookie."...</b><br>";
list($username, $cookie) = @unserialize($cookie);
if (!$username or !$cookie){
if($this->debug) echo "<b>Cookie does not
exist...</b><br>";
return;
}
$username = $this->mysqlEsc($username);
//$cookie = $this->mysqlEsc($cookie);
$sql = "SELECT * FROM member WHERE " .
"(username = $username) AND (cookie = $cookie)";
if($this->mysql->query($sql)){
while($this->mysql->movenext()){
$result=$this->mysql->getrow();
}
}
if ($this->mysql->hm) {
if($this->debug) echo "<b>Cookie
exists...</b><br>";
$this->_setSession($result, true);
}
}
function proxyIp($ip){
$ip = explode('.', $ip);
array_pop($ip);
$ip = implode('.', $ip);
return $ip;
}
function _logout(){
sessionDefaults();
}
function mysqlEsc($str){
return("'".mysql_escape_string($str)."'");
}
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
