Esempio n. 1
0
 /**
  * Проверка подлинности сессии
  */
 private function check_session() : bool
 {
     $check = false;
     $login = self::$session->read('login');
     $action_time = self::$session->read('action_time');
     $hash = self::$session->read('hash');
     $sid = self::$session->read('sid');
     $row = self::$db->selectOne('SELECT `user`, `sid`,`action_time` FROM `Auth` WHERE `user` = :login AND `sid` = :hash AND `action_time` = :action_time', ['login' => $login, 'action_time' => $action_time, 'hash' => $hash]);
     if (!empty($row) && $row['sid'] === $hash) {
         $row = self::$db->selectOne('SELECT `login`, `user_group`, `sid`, `control_ip`, `action_time` FROM Users WHERE `login` = :login', ['login' => $login]);
         if (!empty($row) && $row['sid'] === self::hash($sid, $row['action_time'], $row['control_ip'])) {
             if (self::$config['tech_work'] && !$row['user_group'] < 5) {
                 if ($action_time < self::mtime()) {
                     self::$session->recreate($login, $sid);
                     self::$db->runQuery('UPDATE Auth SET `sid` = :sid, `action_time` = :action_time WHERE `user` = :login LIMIT 1', ['login' => $login, 'sid' => self::$session->read('hash'), 'action_time' => self::$session->read('action_time')]);
                     $check = true;
                 } else {
                     $check = true;
                 }
             } else {
                 $check = false;
             }
         } else {
             $check = false;
         }
     } else {
         $check = false;
     }
     if ($check) {
         self::$login = $row['login'];
         self::$user_group = $row['user_group'];
         return true;
     } else {
         return false;
     }
 }
Esempio n. 2
0
    die;
}
// was the ROOT trying to log in?
if ($name == 'mwaroot' && $rootPasswd != "" && $password == $rootPasswd) {
    // match, create root userdata.
    $userdata = array();
    $userdata['id'] = 0;
    $userdata['name'] = "mwaroot";
    $userdata['groups'] = "root";
} else {
    // are there any user models?
    $mdl = sprintf("%s/model/user.php", ROOT);
    if (!file_exists($mdl)) {
        // no user model, asumming only root user.
        http_response::redir('/admin');
        die;
    }
    // try login
    $mdlUser = new model_user();
    $userdata = $mdlUser->login($name, $password);
}
if ($userdata == null) {
    http_response::redir('/admin');
    die;
}
// init login session
$user = user::getInstance();
$user->login($userdata['id'], $userdata['name'], $userdata['groups'], $remember);
// enter admin
http_response::redir('/admin/index');
die;