public function __construct($dbConnection, $name, $tableName = 'session', $lifetime = 3600, $path = null, $domain = null, $secure = false) { parent::__construct($dbConnection); $this->sessionName = $name; $this->tableName = $tableName; $this->lifetime = $lifetime; $this->path = $path; $this->domain = $domain; $this->secure = $secure; $this->sessionId = $_COOKIE[$name]; if (rand(0, 50) == 1) { $this->garbageCollector(); } if (strlen($this->sessionId) < 32) { $this->startNewSession(); } else { if (!$this->validateSession()) { $this->startNewSession(); } } }
private function ValidateAuthorization($doc) { $doc = strtolower($doc); $notLoggedRegex = '/@notlogged/'; preg_match($notLoggedRegex, $doc, $matches); if ($matches) { if (App::getInstance()->getSession()->_login) { throw new \Exception("Already logged in!", 400); } } $authorizeRegex = '/@authorize(?:\\s+error:\\("(.+)"\\))?/'; preg_match($authorizeRegex, $doc, $matches); if ($matches) { $error = 'Unauthorized!'; if ($matches[1]) { $error = ucfirst($matches[1]); } if (!App::getInstance()->getSession()->_login) { throw new \Exception($error, 401); } } $adminRegex = '/@admin/'; preg_match($adminRegex, $doc, $matches); if ($matches) { if (!SimpleDB::isAdmin()) { throw new \Exception("Admin access only!", 401); } } $roleRegex = '/@role\\s*\\("(.+)"\\)/'; preg_match($roleRegex, $doc, $matches); if ($matches[1]) { $role = $matches[1]; if (!SimpleDB::hasRole($role) && !SimpleDB::isAdmin()) { $role = ucfirst($role); throw new \Exception("{$role} access only!", 401); } } }
/** * @param int $userId * @return ProfileViewModel */ function getUserInfo(int $userId) : ProfileViewModel { $db = SimpleDB::getInstance('conference_scheduler'); $result = $db->prepare("SELECT\n username, email\n FROM users\n WHERE id = ?"); $result->execute([$userId]); $userRow = $result->fetch(); $user = new ProfileViewModel($userRow['username'], $userRow['email']); return $user; }