function session_check($redirect = false, $showErrorMsg = false)
{
$valid = false;
if (defined("SITENAME")) {
if (isset($_SESSION['SESS_USER_ID']) && isset($_SESSION['SESS_PRIVILEGE_ID']) && isset($_SESSION['SESS_ACCESS_ID']) && isset($_SESSION['SESS_TOKEN']) && isset($_SESSION['SESS_SITEID']) && isset($_SESSION['SESS_LOGIN_SITE']) && isset($_SESSION['SESS_ACCESS_SITES']) && isset($_SESSION['SESS_SITEID']) && $_SESSION['SESS_SITEID'] == SiteID) {
if ($_SESSION['SESS_TOKEN'] == session_id() || $_SESSION['MAUTH_KEY'] == generateMAuthKey()) {
if (is_numeric($_SESSION['SESS_PRIVILEGE_ID']) && $_SESSION['SESS_PRIVILEGE_ID'] > 0) {
if ($_SESSION['SESS_LOGIN_SITE'] == $_REQUEST['site']) {
$valid = true;
} elseif (is_array($_SESSION['SESS_ACCESS_SITES']) && in_array(SITENAME, $_SESSION['SESS_ACCESS_SITES'])) {
$valid = true;
}
}
}
}
}
if ($valid) {
return true;
} else {
if ($redirect) {
$relink = SiteLocation . "login";
redirectTo($relink, "SESSION Expired. Going To Login Page");
session_destroy();
exit;
} else {
if ($showErrorMsg) {
trigger_logikserror("Accessing Forbidden Page", E_USER_ERROR, 401);
}
return false;
}
}
}
function startNewSession($userid, $domain, $dbLink, $params = array())
{
session_regenerate_id();
$data = $_ENV['AUTH-DATA'];
//printArray($data);exit();
$_SESSION['SESS_USER_ID'] = $data['userid'];
$_SESSION['SESS_PRIVILEGE_ID'] = $data['privilege'];
$_SESSION['SESS_ACCESS_ID'] = $data['access'];
$_SESSION['SESS_GUID'] = $data['guid'];
$_SESSION['SESS_PRIVILEGE_NAME'] = $data['privilege_name'];
$_SESSION['SESS_ACCESS_NAME'] = $data['master'];
$_SESSION['SESS_ACCESS_SITES'] = $data['sitelist'];
$_SESSION['SESS_USER_NAME'] = $data['name'];
$_SESSION['SESS_USER_EMAIL'] = $data['email'];
$_SESSION['SESS_USER_CELL'] = $data['mobile'];
$_SESSION['SESS_USER_AVATAR'] = $data['avatar_type'] . "::" . $data['avatar'];
$_SESSION['SESS_LOGIN_SITE'] = $domain;
$_SESSION['SESS_ACTIVE_SITE'] = $domain;
_envData("SESSION", 'SESS_ACTIVE_SITE', $domain);
$_SESSION['SESS_TOKEN'] = session_id();
$_SESSION['SESS_SITEID'] = SiteID;
$_SESSION['SESS_LOGIN_TIME'] = time();
$_SESSION['MAUTH_KEY'] = generateMAuthKey();
if ($data['privilege'] <= 3) {
$_SESSION["SESS_FS_FOLDER"] = ROOT;
$_SESSION["SESS_FS_URL"] = SiteLocation;
} else {
$_SESSION["SESS_FS_FOLDER"] = ROOT . APPS_FOLDER . $domain . "/";
$_SESSION["SESS_FS_URL"] = SiteLocation . APPS_FOLDER . $domain . "/";
}
if (strlen($_SESSION['SESS_USER_NAME']) <= 0) {
$_SESSION['SESS_USER_NAME'] = $_SESSION['SESS_USER_ID'];
}
header_remove("SESSION-KEY");
header("SESSION-KEY:" . session_id(), false);
$q1 = $dbLink->_insertQ1(_dbTable("log_login", true), array("date" => date("Y-m-d"), "user" => $userid, "site" => $domain, "login_time" => date('H:i:s'), "sys_spec" => _server('REMOTE_ADDR'), "token" => $_SESSION['SESS_TOKEN'], "mauth_key" => $_SESSION['MAUTH_KEY'], "status" => 'LOGGED IN', "msg" => '', "persistant" => $data['persistant'], "client" => _server('REMOTE_ADDR'), "user_agent" => _server('HTTP_USER_AGENT'), "device" => $data['device']));
$dbLink->executeQuery($q1);
setcookie("LOGIN", "true", time() + 36000);
setcookie("USER", $_SESSION['SESS_USER_ID'], time() + 36000);
setcookie("TOKEN", $_SESSION['SESS_TOKEN'], time() + 36000);
setcookie("SITE", $_SESSION['SESS_LOGIN_SITE'], time() + 36000);
if ($data['persistant'] == "true") {
$q1 = $dbLink->_insertQ1(_dbTable("log_sessions", true), array("sessionid" => $_SESSION['SESS_TOKEN'], "timestamp" => date("Y-m-d H:i:s"), "last_updated" => date("Y-m-d H:i:s"), "user" => $userid, "site" => $domain, "session_data" => json_encode($_SESSION), "global_data" => json_encode($GLOBALS), "client" => _server('REMOTE_ADDR'), "user_agent" => _server('HTTP_USER_AGENT'), "device" => $data['device']));
$dbLink->executeQuery($q1);
}
gotoSuccessLink();
}
function startNewSession($userid, $domain, $params = array())
{
session_regenerate_id();
$data = $_ENV['AUTH-DATA'];
//printArray($data);exit();
$_SESSION['SESS_GUID'] = $data['guid'];
$_SESSION['SESS_USER_ID'] = $data['userid'];
$_SESSION['SESS_PRIVILEGE_ID'] = $data['privilegeid'];
$_SESSION['SESS_ACCESS_ID'] = $data['accessid'];
$_SESSION['SESS_PRIVILEGE_NAME'] = $data['privilege_name'];
$_SESSION['SESS_ACCESS_NAME'] = $data['access_name'];
$_SESSION['SESS_ACCESS_SITES'] = $data['sitelist'];
if (empty($data['groups'])) {
$data['groups'] = ["id" => 0, "group_name" => "", "group_manager" => "", "group_descs" => ""];
}
$_SESSION['SESS_GROUP_ID'] = $data['groups']['id'];
$_SESSION['SESS_GROUP_NAME'] = $data['groups']['group_name'];
$_SESSION['SESS_GROUP_MANAGER'] = $data['groups']['group_manager'];
$_SESSION['SESS_GROUP_DESCS'] = $data['groups']['group_descs'];
$_SESSION["SESS_PRIVILEGE_HASH"] = md5($_SESSION["SESS_PRIVILEGE_ID"] . $_SESSION["SESS_PRIVILEGE_NAME"]);
$_SESSION['SESS_USER_NAME'] = $data['name'];
$_SESSION['SESS_USER_EMAIL'] = $data['email'];
$_SESSION['SESS_USER_CELL'] = $data['mobile'];
$_SESSION['SESS_USER_COUNTRY'] = $data['country'];
$_SESSION['SESS_USER_AVATAR'] = $data['avatar_type'] . "::" . $data['avatar'];
$_SESSION['SESS_LOGIN_SITE'] = $domain;
$_SESSION['SESS_ACTIVE_SITE'] = $domain;
$_SESSION['SESS_TOKEN'] = session_id();
$_SESSION['SESS_SITEID'] = SiteID;
$_SESSION['SESS_LOGIN_TIME'] = time();
$_SESSION['MAUTH_KEY'] = generateMAuthKey();
if ($data['privilegeid'] <= 1) {
$_SESSION["SESS_FS_FOLDER"] = ROOT;
$_SESSION["SESS_FS_URL"] = SiteLocation;
} else {
$_SESSION["SESS_FS_FOLDER"] = ROOT . APPS_FOLDER . $domain . "/";
$_SESSION["SESS_FS_URL"] = SiteLocation . APPS_FOLDER . $domain . "/";
}
if (strlen($_SESSION['SESS_USER_NAME']) <= 0) {
$_SESSION['SESS_USER_NAME'] = $_SESSION['SESS_USER_ID'];
}
LogiksSession::getInstance(true);
header_remove("SESSION-KEY");
header("SESSION-KEY:" . $_SESSION['SESS_TOKEN'], false);
header("SESSION-MAUTH:" . $_SESSION['MAUTH_KEY'], false);
setcookie("LOGIN", "true", time() + 36000);
setcookie("USER", $_SESSION['SESS_USER_ID'], time() + 36000);
setcookie("TOKEN", $_SESSION['SESS_TOKEN'], time() + 36000);
setcookie("SITE", $_SESSION['SESS_LOGIN_SITE'], time() + 36000);
if ($data['persistant'] || ALLOW_MAUTH && isset($_POST['mauth'])) {
_db(true)->_deleteQ(_dbTable("cache_sessions", true), "edited_on< DATE_SUB(NOW(), INTERVAL 10 DAY)")->_where(["guid" => $_SESSION['SESS_GUID'], "userid" => $_SESSION['SESS_USER_ID'], "site" => $domain])->_run();
_db(true)->_insertQ1(_dbTable("cache_sessions", true), ["guid" => $_SESSION['SESS_GUID'], "userid" => $_SESSION['SESS_USER_ID'], "site" => $domain, "device" => $_ENV['AUTH-DATA']['device'], "session_key" => $_SESSION['SESS_TOKEN'], "auth_key" => $_SESSION['MAUTH_KEY'], "session_data" => json_encode($_SESSION), "global_data" => json_encode($GLOBALS), "client_ip" => $_SERVER['REMOTE_ADDR'], "creator" => $_SESSION['SESS_USER_ID']])->_run();
}
}
