public function check()
{
$this->parent->parent->debug($this::name_space . ': Checking for login token...');
if (!$this->parent->parent->config->config['core']['database']) {
return false;
}
// Check for token cookie
if (Cookie::get('ltkn') === NULL) {
$this->parent->parent->debug($this::name_space . ': Login token not found!');
return false;
}
$this->parent->parent->debug($this::name_space . ': Found token');
$token = Cookie::get('ltkn');
$sessID = Session::getID();
$userID = Session::get('WebApp.User', 'userID');
// It does exist so...
// Find token in database where userID = the userID in the token
$this->parent->parent->debug($this::name_space . ': Checking sessions table for:');
$this->parent->parent->debug('T: ' . $token . '/ S: ' . $sessID . '/ U: ' . $userID);
$token_query = $this->mySQL_r->prepare("SELECT INET_NTOA(`IP`), `auth` FROM `core_sessions` WHERE `token`=? AND `session`=? AND `user`=?");
$token_query->bind_param('ssi', $token, $sessID, $userID);
$token_query->execute();
$token_query->store_result();
if ($token_query->num_rows != 1) {
$this->parent->parent->debug($this::name_space . ': Failed to find session.');
return false;
}
$token_query->bind_result($ip, $auth);
$token_query->fetch();
if (Server::get('remote_addr') != $ip || $auth) {
$update_query = $this->mySQL_w->prepare("UPDATE `core_sessions` SET `auth`=1 WHERE `token`=?");
$update_query->bind_param('s', $token);
$update_query->execute();
WebApp::forceRedirect('/user/auth?r=' . urlencode(Server::get('request_uri')));
}
$this->parent->parent->debug($this::name_space . ': Found session. Token Check successful!');
return true;
}
function __construct($parent)
{
$this->parent = $parent;
$this->mySQL_r = $parent->mySQL_r;
$this->mySQL_w = $parent->mySQL_w;
$this->parent->debug('***** ' . $this::name_space . ' *****');
$this->parent->debug($this::name_space . ': Version ' . $this::version);
$this->session = new SessionTokeniser($this);
// Is a user logged in?
if (Session::get($this::name_space, 'loggedIn') !== true) {
$this->parent->debug($this::name_space . ': No user logged in, using anoymous');
$this->_fetchDetails();
return;
}
if ($this->session->check()) {
$this->parent->debug($this::name_space . ': User logged in');
$this->loggedIn = true;
$this->username = Session::get($this::name_space, 'username');
$this->userID = Session::get($this::name_space, 'userID');
$this->session->update();
} else {
Session::del($this::name_space, 'loggedIn');
Session::del($this::name_space, 'username');
Session::del($this::name_space, 'userID');
}
// Create user data
$this->_fetchDetails();
if ($this->enabled == false) {
$this->parent->debug($this::name_space . ': User disabled... logging out');
$this->logout();
header("Location: /user/login");
exit;
} elseif (Server::get('request_uri') != "/user/profile/password" && $this->changePwd == 1) {
$this->parent->debug($this::name_space . ': User must change password');
WebApp::forceRedirect('/user/profile/password');
}
}
