function check_login() { // If session does not exist on server side, or IP address has changed, or session has expired, show login screen. if (!isset($_SESSION['uid']) || !$_SESSION['uid'] || $_SESSION['ip'] != allIPs() || time() >= $_SESSION['expires_on']) { logout(); } $_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT; // User accessed a page : Update his/her session expiration date. // Tracabilité LOG $dbconn = pg_connect(CONFIG_DB) or die('Connexion impossible : ' . pg_last_error()); $numero_ID = $_SESSION['numero_abo']; if ($_SESSION['username'] != 'beprev') { $today = new DateTime('now'); $horodate = date_format($today, 'Y-m-d H:i:s'); $req = 'SELECT MAX("ID") from user_log;'; $result = pg_query($req) or die('Échec de la requête : ' . pg_last_error()); $table = pg_fetch_row($result); $Id = $table[0]; if (strlen($Id) == 0) { $Id = 0; } $Id = $Id + 1; $page = $_SESSION["ipFrontOffice"] . $_SERVER['PHP_SELF']; $req = "INSERT INTO user_log (\"ID\", id_user,page,horodate) VALUES ('{$Id}','{$numero_ID}','{$page}','{$horodate}');"; $result = pg_query($req) or die('Échec de la requête : ' . pg_last_error()); } pg_close($dbconn); }
function fillSessionInfo() { $_SESSION['uid'] = sha1(uniqid('', true) . '_' . mt_rand()); // Generate unique random number (different than phpsessionid) $_SESSION['ip'] = allIPs(); // We store IP address(es) of the client to make sure session is not hijacked. $_SESSION['username'] = $GLOBALS['login']; $_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT; // Set session expiration. }
function check_auth($login, $password) { $hash = sha1($password . $login . $GLOBALS['salt']); if ($login == $GLOBALS['login'] && $hash == $GLOBALS['hash']) { // Login/password is correct. $_SESSION['uid'] = sha1(uniqid('', true) . '_' . mt_rand()); // generate unique random number (different than phpsessionid) $_SESSION['ip'] = allIPs(); // We store IP address(es) of the client to make sure session is not hijacked. $_SESSION['username'] = $login; $_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT; // Set session expiration. logm('Login successful'); return True; } logm('Login failed for user ' . $login); return False; }
function isLoggedIn() { if ($GLOBALS['config']['OPEN_SHAARLI']) { return true; } if (!isset($GLOBALS['login'])) { return false; } // Shaarli is not configured yet. if (@$_COOKIE['shaarli_staySignedIn'] === STAY_SIGNED_IN_TOKEN) { fillSessionInfo(); return true; } // If session does not exist on server side, or IP address has changed, or session has expired, logout. if (empty($_SESSION['uid']) || $GLOBALS['disablesessionprotection'] == false && $_SESSION['ip'] != allIPs() || time() >= $_SESSION['expires_on']) { logout(); return false; } if (!empty($_SESSION['longlastingsession'])) { $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession']; } else { $_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT; } // Standard session expiration date. return true; }