function session_check($redirect = false, $showErrorMsg = false) { $valid = false; if (defined("SITENAME")) { if (isset($_SESSION['SESS_USER_ID']) && isset($_SESSION['SESS_PRIVILEGE_ID']) && isset($_SESSION['SESS_ACCESS_ID']) && isset($_SESSION['SESS_TOKEN']) && isset($_SESSION['SESS_SITEID']) && isset($_SESSION['SESS_LOGIN_SITE']) && isset($_SESSION['SESS_ACCESS_SITES']) && isset($_SESSION['SESS_SITEID']) && $_SESSION['SESS_SITEID'] == SiteID) { if ($_SESSION['SESS_TOKEN'] == session_id() || $_SESSION['MAUTH_KEY'] == generateMAuthKey()) { if (is_numeric($_SESSION['SESS_PRIVILEGE_ID']) && $_SESSION['SESS_PRIVILEGE_ID'] > 0) { if ($_SESSION['SESS_LOGIN_SITE'] == $_REQUEST['site']) { $valid = true; } elseif (is_array($_SESSION['SESS_ACCESS_SITES']) && in_array(SITENAME, $_SESSION['SESS_ACCESS_SITES'])) { $valid = true; } } } } } if ($valid) { return true; } else { if ($redirect) { $relink = SiteLocation . "login"; redirectTo($relink, "SESSION Expired. Going To Login Page"); session_destroy(); exit; } else { if ($showErrorMsg) { trigger_logikserror("Accessing Forbidden Page", E_USER_ERROR, 401); } return false; } } }
function startNewSession($userid, $domain, $dbLink, $params = array()) { session_regenerate_id(); $data = $_ENV['AUTH-DATA']; //printArray($data);exit(); $_SESSION['SESS_USER_ID'] = $data['userid']; $_SESSION['SESS_PRIVILEGE_ID'] = $data['privilege']; $_SESSION['SESS_ACCESS_ID'] = $data['access']; $_SESSION['SESS_GUID'] = $data['guid']; $_SESSION['SESS_PRIVILEGE_NAME'] = $data['privilege_name']; $_SESSION['SESS_ACCESS_NAME'] = $data['master']; $_SESSION['SESS_ACCESS_SITES'] = $data['sitelist']; $_SESSION['SESS_USER_NAME'] = $data['name']; $_SESSION['SESS_USER_EMAIL'] = $data['email']; $_SESSION['SESS_USER_CELL'] = $data['mobile']; $_SESSION['SESS_USER_AVATAR'] = $data['avatar_type'] . "::" . $data['avatar']; $_SESSION['SESS_LOGIN_SITE'] = $domain; $_SESSION['SESS_ACTIVE_SITE'] = $domain; _envData("SESSION", 'SESS_ACTIVE_SITE', $domain); $_SESSION['SESS_TOKEN'] = session_id(); $_SESSION['SESS_SITEID'] = SiteID; $_SESSION['SESS_LOGIN_TIME'] = time(); $_SESSION['MAUTH_KEY'] = generateMAuthKey(); if ($data['privilege'] <= 3) { $_SESSION["SESS_FS_FOLDER"] = ROOT; $_SESSION["SESS_FS_URL"] = SiteLocation; } else { $_SESSION["SESS_FS_FOLDER"] = ROOT . APPS_FOLDER . $domain . "/"; $_SESSION["SESS_FS_URL"] = SiteLocation . APPS_FOLDER . $domain . "/"; } if (strlen($_SESSION['SESS_USER_NAME']) <= 0) { $_SESSION['SESS_USER_NAME'] = $_SESSION['SESS_USER_ID']; } header_remove("SESSION-KEY"); header("SESSION-KEY:" . session_id(), false); $q1 = $dbLink->_insertQ1(_dbTable("log_login", true), array("date" => date("Y-m-d"), "user" => $userid, "site" => $domain, "login_time" => date('H:i:s'), "sys_spec" => _server('REMOTE_ADDR'), "token" => $_SESSION['SESS_TOKEN'], "mauth_key" => $_SESSION['MAUTH_KEY'], "status" => 'LOGGED IN', "msg" => '', "persistant" => $data['persistant'], "client" => _server('REMOTE_ADDR'), "user_agent" => _server('HTTP_USER_AGENT'), "device" => $data['device'])); $dbLink->executeQuery($q1); setcookie("LOGIN", "true", time() + 36000); setcookie("USER", $_SESSION['SESS_USER_ID'], time() + 36000); setcookie("TOKEN", $_SESSION['SESS_TOKEN'], time() + 36000); setcookie("SITE", $_SESSION['SESS_LOGIN_SITE'], time() + 36000); if ($data['persistant'] == "true") { $q1 = $dbLink->_insertQ1(_dbTable("log_sessions", true), array("sessionid" => $_SESSION['SESS_TOKEN'], "timestamp" => date("Y-m-d H:i:s"), "last_updated" => date("Y-m-d H:i:s"), "user" => $userid, "site" => $domain, "session_data" => json_encode($_SESSION), "global_data" => json_encode($GLOBALS), "client" => _server('REMOTE_ADDR'), "user_agent" => _server('HTTP_USER_AGENT'), "device" => $data['device'])); $dbLink->executeQuery($q1); } gotoSuccessLink(); }
function startNewSession($userid, $domain, $params = array()) { session_regenerate_id(); $data = $_ENV['AUTH-DATA']; //printArray($data);exit(); $_SESSION['SESS_GUID'] = $data['guid']; $_SESSION['SESS_USER_ID'] = $data['userid']; $_SESSION['SESS_PRIVILEGE_ID'] = $data['privilegeid']; $_SESSION['SESS_ACCESS_ID'] = $data['accessid']; $_SESSION['SESS_PRIVILEGE_NAME'] = $data['privilege_name']; $_SESSION['SESS_ACCESS_NAME'] = $data['access_name']; $_SESSION['SESS_ACCESS_SITES'] = $data['sitelist']; if (empty($data['groups'])) { $data['groups'] = ["id" => 0, "group_name" => "", "group_manager" => "", "group_descs" => ""]; } $_SESSION['SESS_GROUP_ID'] = $data['groups']['id']; $_SESSION['SESS_GROUP_NAME'] = $data['groups']['group_name']; $_SESSION['SESS_GROUP_MANAGER'] = $data['groups']['group_manager']; $_SESSION['SESS_GROUP_DESCS'] = $data['groups']['group_descs']; $_SESSION["SESS_PRIVILEGE_HASH"] = md5($_SESSION["SESS_PRIVILEGE_ID"] . $_SESSION["SESS_PRIVILEGE_NAME"]); $_SESSION['SESS_USER_NAME'] = $data['name']; $_SESSION['SESS_USER_EMAIL'] = $data['email']; $_SESSION['SESS_USER_CELL'] = $data['mobile']; $_SESSION['SESS_USER_COUNTRY'] = $data['country']; $_SESSION['SESS_USER_AVATAR'] = $data['avatar_type'] . "::" . $data['avatar']; $_SESSION['SESS_LOGIN_SITE'] = $domain; $_SESSION['SESS_ACTIVE_SITE'] = $domain; $_SESSION['SESS_TOKEN'] = session_id(); $_SESSION['SESS_SITEID'] = SiteID; $_SESSION['SESS_LOGIN_TIME'] = time(); $_SESSION['MAUTH_KEY'] = generateMAuthKey(); if ($data['privilegeid'] <= 1) { $_SESSION["SESS_FS_FOLDER"] = ROOT; $_SESSION["SESS_FS_URL"] = SiteLocation; } else { $_SESSION["SESS_FS_FOLDER"] = ROOT . APPS_FOLDER . $domain . "/"; $_SESSION["SESS_FS_URL"] = SiteLocation . APPS_FOLDER . $domain . "/"; } if (strlen($_SESSION['SESS_USER_NAME']) <= 0) { $_SESSION['SESS_USER_NAME'] = $_SESSION['SESS_USER_ID']; } LogiksSession::getInstance(true); header_remove("SESSION-KEY"); header("SESSION-KEY:" . $_SESSION['SESS_TOKEN'], false); header("SESSION-MAUTH:" . $_SESSION['MAUTH_KEY'], false); setcookie("LOGIN", "true", time() + 36000); setcookie("USER", $_SESSION['SESS_USER_ID'], time() + 36000); setcookie("TOKEN", $_SESSION['SESS_TOKEN'], time() + 36000); setcookie("SITE", $_SESSION['SESS_LOGIN_SITE'], time() + 36000); if ($data['persistant'] || ALLOW_MAUTH && isset($_POST['mauth'])) { _db(true)->_deleteQ(_dbTable("cache_sessions", true), "edited_on< DATE_SUB(NOW(), INTERVAL 10 DAY)")->_where(["guid" => $_SESSION['SESS_GUID'], "userid" => $_SESSION['SESS_USER_ID'], "site" => $domain])->_run(); _db(true)->_insertQ1(_dbTable("cache_sessions", true), ["guid" => $_SESSION['SESS_GUID'], "userid" => $_SESSION['SESS_USER_ID'], "site" => $domain, "device" => $_ENV['AUTH-DATA']['device'], "session_key" => $_SESSION['SESS_TOKEN'], "auth_key" => $_SESSION['MAUTH_KEY'], "session_data" => json_encode($_SESSION), "global_data" => json_encode($GLOBALS), "client_ip" => $_SERVER['REMOTE_ADDR'], "creator" => $_SESSION['SESS_USER_ID']])->_run(); } }