/**
* Checks POSTed data for CSRF token validity
*/
static function detect()
{
$CSRF = !isset($_POST[self::$_cookieKey]) || !Cookie::exists(self::$_cookieKey) || $_POST[self::$_cookieKey] !== Cookie::get(self::$_cookieKey);
if (!POST_REQUEST && $CSRF) {
Cookie::set(self::$_cookieKey, md5(time() + rand()), Cookie::SESSION);
}
}
public function __construct($user = null)
{
$this->_db = DB::getInstance();
$this->session_name = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
if (!$user) {
if (Session::exists($this->session_name)) {
if ($this->find_by_id(Session::get($this->session_name))) {
$this->_isLoggedIn = true;
} else {
// logout process
$this->logout();
}
} elseif (Cookie::exists($this->_cookieName)) {
$this->_db->get('user_id', 'users_session', array('hash', '=', Cookie::get($this->_cookieName)));
if ($this->find_by_id($this->_db->first()->user_id)) {
Session::put($this->session_name, $this->data()->id);
Cookie::put($this->_cookieName, Cookie::get($this->_cookieName), Config::get('remember/cookie_expiry'));
Session::flash('success', 'Wellcome Back ' . $this->data()->username);
$this->_isLoggedIn = true;
} else {
$this->logout();
}
}
} elseif (is_numeric($user)) {
if ($this->find_by_id($user)) {
Session::put($this->session_name, $this->data()->id);
$this->_isLoggedIn = true;
} else {
$this->logout();
}
} elseif (is_string($user)) {
return $this->find($user);
}
}
/**
* Save language to cookies
* @param string $lang
* @param bool $forever - true: cookie will expire in a year | false: cookie will expire in a month
* @param string $path
* @param bool $forceReplace - true: replace lang cookie even if it have been already set
*/
public static function saveLanguageToCookies($lang, $forever = false, $path = '/', $forceReplace = false)
{
if ($_SERVER['HTTP_USER_AGENT'] !== 'shell') {
if ($forceReplace || !Cookie::exists('lang') || Cookie::get('lang') !== $lang || $forever) {
Cookie::set('lang', $lang, $forever ? 604800 : 0, array('path' => $path, 'encrypt' => false, 'httpOnly' => false));
}
}
}
public static function varDump($Key = 0)
{
$Data = array();
if (\Session::exists("refKey")) {
$Data["Trackers"]["Session"] = \Session::get("refKey");
}
if (\Cookie::exists("refKey")) {
$Data["Trackers"]["Cookie"] = \Cookie::get("refKey");
}
return $Data;
}
function beforeroute()
{
if (Cookie::exists(config::get('cookie/name')) && !Session::exist(config::get('session/session_name'))) {
$hash = Cookie::get(config::get('cookie/name'));
$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
if ($hashCheck->count()) {
$user = new User($hashCheck->first()->user_id);
$user->login();
Redirect::to('home');
}
}
}
public static function init()
{
self::$_currentUser = new User();
DB::instance()->delete("user_sessions", array("", "expiry", "<", DateFormat::sql()));
if (Cookie::exists(Config::get('remember/cookie_name')) && !Users::loggedIn()) {
$cookieHash = Cookie::get(Config::get('remember/cookie_name'));
$hashCheck = DB::instance()->get("user_sessions", array("", "hash", "=", $cookieHash));
if ($hashCheck->count()) {
$user = new User($hashCheck->first()->user_id);
self::forceLogin($user, true);
}
}
if (self::loggedIn()) {
self::currentUser()->update(array('last_online' => DateFormat::sql()));
UserTables::updateTables();
}
}
public function __construct($user = null, $field = 'email')
{
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
$this->_cookieExpiry = Config::get('remember/cookie_expiry');
/**
* Grabs the user data when an object of User is created.
*
* If User ID is not passed : Will grab the data of loggedin user if session exists. And sets Logged In Status to true
* If user ID is specified during object creation, will grab the data of givien ID.
*/
if (!$user) {
if (Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if ($this->find($user, 'user_id')) {
$this->_isLoggedIn = true;
}
} else {
if (Cookie::exists(Config::get('remember/cookie_name'))) {
/*
* If the cookie has a hash value, process if user with a similar has exist or not.
* If there exist a user for the has log the userin.
**/
$hash = Cookie::get(Config::get('remember/cookie_name'));
$hashCheck = DB::getInstance()->get('users_sessions', array('hash', '=', $hash));
if ($hashCheck->count()) {
$user = new User($hashCheck->first()->user_id, 'user_id');
$user->login();
/*
* Redirect to sama page once the session is expired.
* If not user user will be logged in but the login redirect will force them to login page.
* Only if the user refresh his existing session will be used else new login will over ride.
* which makes this a usless process.
*/
header('Location: ' . Input::get('url'));
}
}
}
} else {
$this->find($user, $field);
}
}
private function getKey()
{
if (isset($_GET['ref'])) {
//Straight up Declared it
return $_GET['ref'];
}
if (\Session::exists("refKey")) {
//has Not viewed this session
return \Session::get('refKey');
}
if (\Cookie::exists("refKey")) {
//has Not viewed this session
return \Cookie::get('refKey');
}
if (false) {
//Guess the key based off IP?
}
return false;
}
public static function CheckForUpdate()
{
$user = new user();
if ($user->HasPermission('admin')) {
// check if already checked for update
if (Cookie::exists("app_version")) {
$check = Cookie::get("app_version");
} else {
$check = Curl::get("http://kingposter.net/update_test/?source=" . Options::get('siteurl'));
Cookie::put("app_version", $check, 60 * 60 * 24 * 15);
}
$update = json_decode($check);
if (isset($update->version)) {
if (VERSION < $update->version) {
if (!defined("update")) {
define('UPDATE', true);
}
if (isset($update->message)) {
Session::Flash("home", "warning", $update->message, true);
}
}
}
}
}
<?php
/**
* @author James Haney
* @copyright 2014
*/
spl_autoload_register(function ($class) {
require_once 'classes/' . $class . '.php';
});
require_once 'wpinit.php';
$GLOBALS['config'] = array('mysql' => array('host' => wpconfig::get('db/host'), 'username' => wpconfig::get('db/user'), 'password' => wpconfig::get('db/pass'), 'db' => wpconfig::get('db/name')), 'remember' => array('cookie_name' => 'hash', 'cookie_expiry' => 604800), 'session' => array('session_name' => 'user', 'token_name' => 'token'));
//require_once 'functions/sanitize.php';
if (Cookie::exists(Config::get('remember/cookie_name'))) {
if (!Session::exists(Config::get('session/session_name'))) {
$hash = Cookie::get(Config::get('remember/cookie_name'));
$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
if ($hashCheck->count()) {
$user = new User($hashCheck->first()->user_id);
$user->login();
}
}
}
//echo wpconfig::get('wpdb/host');
<?php
session_start();
$GLOBALS['config'] = array('mysql' => array('host' => '127.0.0.1', 'username' => 'root', 'password' => '', 'db' => 'user_data'), 'remember' => array('cookie_name' => 'hash', 'cookie_expiry' => 604800), 'session' => array('session_name' => 'user', 'token_name' => 'token'));
spl_autoload_register(function ($class) {
require_once 'C:/xampp/htdocs/register/classes/' . $class . '.php';
});
require_once "C:/xampp/htdocs/register/functions/sanitize.php";
if (Cookie::exists(Config::get("remember/cookie_name")) && !Session::exists(Config::get("session/session_name"))) {
$hash = Cookie::get(Config::get("remember/cookie_name"));
$hashCheck = DB::getInstance()->get("users_sessions", array("hash", "=", $hash));
if ($hashCheck->count()) {
$user = new User($hashCheck->get_data()->user_id);
$user->login();
}
}
foreach ($validation->errors() as $error) {
$error_string .= ucfirst($error) . '<br />';
}
Session::flash('failure_post', '<div class="alert alert-danger alert-dismissable"> <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">×</span></button>' . $error_string . '</div>');
}
} else {
// Invalid token - TODO: improve
//echo 'Invalid token';
}
}
// Generate a post token
if ($user->isLoggedIn()) {
$token = Token::generate();
}
// View count
if (!Cookie::exists('nl-topic-' . $tid)) {
$queries->increment("topics", $tid, "topic_views");
Cookie::put("nl-topic-" . $tid, "true", 3600);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="<?php
echo $sitename;
?>
Forum - Topic: <?php
/**
* @depends testCookieSet
* @depends testCookieExist
*/
public function testSessionUnset()
{
\Cookie::put("Test", "Hello World", 5);
\Cookie::delete("Test");
$this->assertEquals(\Cookie::exists("Test"), false);
}
*/
session_start();
/*
* Creating a gloabl array for easy access to data.
*/
$GLOBALS['config'] = array('mysql' => array('host' => "tcp:appetite.database.windows.net,1433", 'userName' => "app", 'passCode' => "Admin12£", 'db' => "appetite"), 'remember' => array('cookie_name' => 'appetiteCookieHash', 'cookie_name2' => 'appetiteCookieUserID', 'cookie_expiry' => 315532800), 'session' => array('session_name' => 'user', 'token_name' => 'token'));
/**
* Using the standard php library (spl) to autoload a class only when it is required. This saves having to write require_once '...' for each class in every script.
*/
spl_autoload_register(function ($class) {
require_once $class . '.php';
});
require_once 'functions.php';
// Imports functions which should be accessible to scripts which use require_once 'init.php'.
//if the cookie exists but the session does not - then the user asked to be remembered and so should be logged in.
if (Cookie::exists(Configurations::get('remember/cookie_name')) && !Session::exists(Configurations::get('session/session_name'))) {
//echo '<br /> User asked to be remembered <br />'; //for debugging.
$hash = Cookie::get(Configurations::get('remember/cookie_name'));
$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
if ($hashCheck->count()) {
/* echo 'Hash Matches, log the user in.';
echo '<br />'.$hashCheck->first()->user_id; */
//for debugging.
//if here then the user wanted to be remembered and so should be logged in
$user = new User($hashCheck->first()->user_id);
$user->login();
}
}
?>
static function get($var_name, $default_value = NULL)
{
return Cookie::exists($var_name) ? $_COOKIE[$var_name] : $default_value;
}
<?php
require_once 'core/init.php';
if (Session::exists('home')) {
//if session "home" exists
echo Session::flash('home');
//flash message of home
}
$user = new User();
//instantiante new user
if ($user->isLoggedIn()) {
//if user is logged in
require_once 'includes/templates/home.php';
//require home page template
if (!Cookie::exists('score')) {
//if cookie score doesn't exist
Cookie::put('score', 0, time() + 60 * 60 * 24);
//set a cookie of a score of 0
}
if (Input::exists()) {
//if input (post) exists
$game = new Game();
//instantiate new game
$game->randomHand();
//generate a computer's random hand
$game->play(Input::get('hand'));
//play player's hand (from input)
$computerHand = $game->computerHand();
//set the computer's hand
$result = $game->result();
//set the result
*/
spl_autoload_register(function ($class) {
require_once 'classes/' . $class . '.php';
});
require_once 'functions/sanitize.php';
/*
* hier wird geprüft ob ein cookie bereits vorhanden ist
* ist es vorhanden, heisst das , dass der user remember me angewählt hat
*
* (bedenken: falls jemand sich zugriff auf meine db verschafft, kann er sich selber ein cookie mit den gespeicherten hashes
* setzen. so verschafft er sich zugriff auf die userkonten, er kann zwar keine pws ändern, ist aber dennoch als user eingeloggt!!
*
* möglichkeiten:
* im cookie nur einen uniquehash, unverschlüsselt setzen, und in der db den verschlüsselten, gesalzenen hash speichern, ähnlich wie beim pw
* überprüfung der ip-addresse?
* )
*
*/
if (!Session::exists(Config::get('session/session_name')) && Cookie::exists(Config::get('remember/cookie_name'))) {
//hash aus dem cookie wird abgerufen
$hash = Cookie::get(Config::get('remember/cookie_name'));
//hash wird in der datenbank gesucht
$hasCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
//falls er was findet
if ($hasCheck->count()) {
//nimm erstes ( hoffentlich auch einziges) resultat, nimm davon die zugehörige user id
$user = new User($hasCheck->first()->user_id);
//erstelle den user, anhand des gerade ermittelten primary key
$user->login();
}
}
public function isLoggedIn()
{
if (Session::exists('isLoggedIn')) {
return Session::get('isLoggedIn');
} else {
if (Cookie::exists(Config::get('remember/cookie_name'))) {
$hashCheck = DB::getInstance()->table(Config::get('session/table'))->where(Config::get('session/hashField'), '=', Cookie::get(Config::get('remember/cookie_name')))->first();
if ($hashCheck) {
$class = Config::get('user/user_class');
$user = $class::find($hashCheck->{Config::get('session/primaryKey')});
Session::put('isLoggedIn', true);
Session::put(Config::get('session/session_name'), $user);
if (Config::get('groups/active')) {
Session::put('listPermission', self::getPermissions($user));
}
return Session::get('isLoggedIn');
} else {
Cookie::delete(Config::get('remember/cookie_name'));
}
}
}
return false;
}
<?php
session_start();
$GLOBALS['config'] = array('mysql' => array('host' => '127.0.0.1', 'username' => 'root', 'password' => '', 'db' => 'lr'), 'remember' => array('cookie_name' => 'hash', 'cookie_expiry' => 604800), 'session' => array('session_name' => 'user', 'token_name' => 'token'));
spl_autoload_register(function ($class) {
require_once 'classes/' . $class . '.php';
});
require_once 'functions/sanitize.php';
if (Cookie::exists(Config::get('remember.cookie_name')) && !Session::exists(Config::get('session.session_name'))) {
$hash = Cookie::get(Config::get('remember.cookie_name'));
$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
if ($hashCheck->count()) {
$user = new User($hashCheck->first()->user_id);
$user->login();
}
}
<?php
session_start();
$GLOBALS['config'] = array('mysql' => array('host' => 'localhost', 'username' => 'root', 'password' => '', 'db' => 'asaphot'), 'remember' => array('cookieName' => 'hash', 'cookieExpiry' => 604800), 'session' => array('sessionName' => 'user', 'tokenName' => 'token'));
spl_autoload_register(function ($class) {
require_once 'classes/' . $class . '.php';
});
require_once 'functions/sanitize.func.php';
if (Cookie::exists(Config::get('remember/cookieName')) && !Session::exists(Config::get('session/sessionName'))) {
$hash = Cookie::get(Config::get('remember/cookieName'));
$hashCheck = Database::getInstance()->get('usersSessions', array('hash', '=', $hash));
if ($hashCheck->count()) {
$user = new User($hashCheck->first()->userID);
$user->login();
}
}
