$persistent_cookie[1] = _boolean($persistent_cookie[1]);
$persistent_cookie_found = true;
}
}
// kontrola existence session
if (!$disabled && ($persistent_cookie_found or isset($_SESSION[_sessionprefix . "user"]) and isset($_SESSION[_sessionprefix . "password"]) and isset($_SESSION[_sessionprefix . "ip"]))) {
// pouziti cookie pro nastaveni dat session (pokud neexistuji)
$persistent_cookie_used = false;
$persistent_cookie_bad = false;
if ($persistent_cookie_found and !(isset($_SESSION[_sessionprefix . "user"]) and isset($_SESSION[_sessionprefix . "password"]) and isset($_SESSION[_sessionprefix . "ip"])) and _iplogCheck(1)) {
$persistent_cookie_bad = true;
$uquery = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE id=" . $persistent_cookie[0]);
if (DB::size($uquery) != 0) {
$uquery = DB::row($uquery);
$persistent_cookie_used = true;
if ($persistent_cookie[2] == _md5HMAC($uquery['password'] . '$' . $uquery['email'], $persistent_cookie[1] ? _userip : _sessionprefix)) {
// platna cooke
$_SESSION[_sessionprefix . "user"] = $persistent_cookie[0];
$_SESSION[_sessionprefix . "password"] = $uquery['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = true;
$persistent_cookie_bad = false;
} else {
// neplatna cookie - zaznam v ip logu
_iplogUpdate(1);
}
}
}
// kontroly
$continue = false;
if (!$persistent_cookie_bad) {
if (DB::size($query) != 0) {
$query = DB::row($query);
if (empty($username)) {
$username = $query['username'];
}
$groupblock = DB::query_row("SELECT blocked FROM `" . _mysql_prefix . "-groups` WHERE id=" . $query['group']);
if ($query['blocked'] == 0 and $groupblock['blocked'] == 0) {
if (_md5Salt($password, $query['salt']) == $query['password']) {
// navyseni poctu prihlaseni
DB::query("UPDATE `" . _mysql_prefix . "-users` SET logincounter=logincounter+1 WHERE id=" . $query['id']);
// zaslani cookie pro stale prihlaseni
if ($persistent) {
$persistent_cookie_data = array();
$persistent_cookie_data[] = $query['id'];
$persistent_cookie_data[] = $ipbound ? '1' : '0';
$persistent_cookie_data[] = _md5HMAC($query['password'] . '$' . $query['email'], $ipbound ? _userip : _sessionprefix);
setcookie(_sessionprefix . "persistent_key", implode('$', $persistent_cookie_data), time() + 2592000, "/");
}
// ulozeni dat pro session
$_SESSION[_sessionprefix . "user"] = $query['id'];
$_SESSION[_sessionprefix . "password"] = $query['password'];
$_SESSION[_sessionprefix . "ip"] = _userip;
$_SESSION[_sessionprefix . "ipbound"] = $ipbound;
$result = 1;
} else {
_iplogUpdate(1);
}
} else {
$result = 2;
}
}
/**
* Vygenerovat XSRF token
* @param bool $forCheck token je ziskavan pro kontrolu (je bran ohled na situaci, ze mohlo zrovna dojit ke zmene ID session) 1/0
* @return string
*/
function _xsrfToken($forCheck = false)
{
// cache tokenu
static $tokens = array(null, null);
// typ tokenu (aktualni ci pro kontrolu)
$type = $forCheck ? 1 : 0;
// vygenerovat token
if (null === $tokens[$type]) {
// zjistit ID session
if (defined('_no_session')) {
// session je deaktivovana
$sessionId = 'none';
} elseif ($forCheck && defined('_session_regenerate')) {
// ID session bylo prave pregenerovane
$sessionId = _session_old_id;
} else {
// ID aktualni session
$sessionId = session_id();
if ('' === $sessionId) {
$sessionId = 'none';
}
}
// vygenerovat token
$tokens[$type] = _md5HMAC($sessionId, _sessionprefix);
}
// vystup
return $tokens[$type];
}
