function check_login()
{
// If session does not exist on server side, or IP address has changed, or session has expired, show login screen.
if (!isset($_SESSION['uid']) || !$_SESSION['uid'] || $_SESSION['ip'] != allIPs() || time() >= $_SESSION['expires_on']) {
logout();
}
$_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT;
// User accessed a page : Update his/her session expiration date.
// Tracabilité LOG
$dbconn = pg_connect(CONFIG_DB) or die('Connexion impossible : ' . pg_last_error());
$numero_ID = $_SESSION['numero_abo'];
if ($_SESSION['username'] != 'beprev') {
$today = new DateTime('now');
$horodate = date_format($today, 'Y-m-d H:i:s');
$req = 'SELECT MAX("ID") from user_log;';
$result = pg_query($req) or die('Échec de la requête : ' . pg_last_error());
$table = pg_fetch_row($result);
$Id = $table[0];
if (strlen($Id) == 0) {
$Id = 0;
}
$Id = $Id + 1;
$page = $_SESSION["ipFrontOffice"] . $_SERVER['PHP_SELF'];
$req = "INSERT INTO user_log (\"ID\", id_user,page,horodate) VALUES ('{$Id}','{$numero_ID}','{$page}','{$horodate}');";
$result = pg_query($req) or die('Échec de la requête : ' . pg_last_error());
}
pg_close($dbconn);
}
function fillSessionInfo()
{
$_SESSION['uid'] = sha1(uniqid('', true) . '_' . mt_rand());
// Generate unique random number (different than phpsessionid)
$_SESSION['ip'] = allIPs();
// We store IP address(es) of the client to make sure session is not hijacked.
$_SESSION['username'] = $GLOBALS['login'];
$_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT;
// Set session expiration.
}
function check_auth($login, $password)
{
$hash = sha1($password . $login . $GLOBALS['salt']);
if ($login == $GLOBALS['login'] && $hash == $GLOBALS['hash']) {
// Login/password is correct.
$_SESSION['uid'] = sha1(uniqid('', true) . '_' . mt_rand());
// generate unique random number (different than phpsessionid)
$_SESSION['ip'] = allIPs();
// We store IP address(es) of the client to make sure session is not hijacked.
$_SESSION['username'] = $login;
$_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT;
// Set session expiration.
logm('Login successful');
return True;
}
logm('Login failed for user ' . $login);
return False;
}
function isLoggedIn()
{
if ($GLOBALS['config']['OPEN_SHAARLI']) {
return true;
}
if (!isset($GLOBALS['login'])) {
return false;
}
// Shaarli is not configured yet.
if (@$_COOKIE['shaarli_staySignedIn'] === STAY_SIGNED_IN_TOKEN) {
fillSessionInfo();
return true;
}
// If session does not exist on server side, or IP address has changed, or session has expired, logout.
if (empty($_SESSION['uid']) || $GLOBALS['disablesessionprotection'] == false && $_SESSION['ip'] != allIPs() || time() >= $_SESSION['expires_on']) {
logout();
return false;
}
if (!empty($_SESSION['longlastingsession'])) {
$_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
} else {
$_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT;
}
// Standard session expiration date.
return true;
}
