Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/webtools/addons/shared/lib/auth.class.php
bugzilla%micropipes.com 386e7598b1 fixed bug 332839 
git-svn-id: svn://10.0.0.236/trunk@193672 18797224-902f-48f8-a5cc-f745e15eee43
2006-04-06 06:38:27 +00:00

361 lines
9.8 KiB
PHP
Raw Blame History

<?php
/**
* Authentication class. Will handle all session functions. Note that database
* layout is hardcoded into this class. If this class is used anywhere but AMO, it
* will need that pulled out and put into class variables (for example, column names,
* etc.)
*
* Class is roughly based on some examples from php.net
*
* @package amo
* @subpackage lib
*
*/
require_once 'amo.class.php';
class AMO_Auth extends AMO_Object{
/**
* How long the sessions should be.
* @access private
* @var int;
*/
var $_expires = 0;
/**
* UserID of the person logging in
* @access private
* @var int;
*/
var $_user_id = null;
/**
* Name of the user table
* @access private
* @var string;
*/
var $_user_table = 'userprofiles';
/**
* Name of the sessions table to store data in.
* @access private
* @var string;
*/
var $_session_table = 'session_data';
/**
* Constructor for the AMO Authentication object
* @access public
*/
function AMO_Auth()
{
parent::AMO_Object();
$this->_expires = get_cfg_var('session.gc_maxlifetime');
}
/**
* Dummy function, we don't need it but session_set_save_handler() requires it
* @access private
* @param string path to save files (NOT USED)
* @param string name of file (NOT USED)
* @return bool true
*/
function _openSession($path, $name)
{
return true;
}
/**
* This function will actually create the row in the database for the function.
* session_start() needs to be called before this function.
* @access private
* @return bool true
*/
function createSession()
{
if (is_null($this->_user_id)) {
// We're storing the userid in this object (it get's put in there when
// the person authenticates. If the field is empty, there isn't really
// any point to starting a session, so we just return.
return false;
}
// technically, none of these should need escaping, but hey...
$_id = mysql_real_escape_string(session_id());
$_user_id = mysql_real_escape_string($this->_user_id);
$_expires = mysql_real_escape_string(time() + $this->_expires);
$_sql = "INSERT INTO `{$this->_session_table}`
( `sess_id`,
`sess_user_id`,
`sess_expires`,
`sess_data`
) VALUES (
'{$_id}',
'{$_user_id}',
'{$_expires}',
''
)";
$this->db->query($_sql);
$this->setUsernameCookie();
return true;
}
/**
* Dummy function, we don't need it but session_set_save_handler() requires it
* @access private
* @return bool true
*/
function _closeSession()
{
return true;
}
/**
* Pulls data from the session (database in our case)
* @access private
* @param string session id
* @return string with data from session, or empty on empty session or failure
*/
function _readSession($id)
{
$_id = mysql_real_escape_string($id);
$_sql = "SELECT
`sess_data`
FROM
`{$this->_session_table}`
WHERE
`sess_id`={$_id}
AND
`sess_expires` > CURRENT_TIMESTAMP()";
$this->db->query($_sql, SQL_INIT, SQL_ASSOC);
if (!empty($this->db->record)){
return $this->db->record;
} else {
return '';
}
}
/**
* Push data into the session (into the database)
* @access private
* @param string session id
* @param string data to store
* @return bool true on success, false on failure
*/
function _writeSession($id, $data)
{
if (is_null($this->_user_id)) {
// We're storing the userid in this object (it get's put in there when
// the person authenticates. If the field is empty, there isn't really
// any point to starting a session, so we just return.
return false;
}
// An extra check, otherwise session_start() would start valid sessions
if ($this->validSession()){
$_id = mysql_real_escape_string($id);
$_user_id = mysql_real_escape_string($this->_user_id);
$_data = mysql_real_escape_string($data);
$_expires = mysql_real_escape_string(time() + $this->_expires);
$_sql = "REPLACE INTO
`{$this->_session_table}`
( `sess_id`,
`sess_user_id`,
`sess_expires`,
`sess_data`
) VALUES (
'{$_id}',
'{$_user_id},
'{$_expires}',
'{$_data}'
)";
$this->db->query($_sql, SQL_INIT, SQL_ASSOC);
return true;
}
return false;
}
/**
* Checks if the current session is valid or not. session_start() needs to be
* called before this.
* @access public
* @return bool true if valid, false if not
*/
function validSession()
{
$_session_id = mysql_real_escape_string(session_id());
$_sql = "SELECT
`sess_user_id`
FROM
`{$this->_session_table}`
WHERE
`sess_id` = '{$_session_id}'
LIMIT 1";
$this->db->query($_sql, SQL_INIT, SQL_ASSOC);
if (!empty($this->db->record)){
$user = $this->db->record;
$this->_user_id = $user['sess_user_id'];
return true;
} else {
return false;
}
}
/**
* Checks if the user should be able to start a session with us (looks them up
* in the user table)
* @access public
* @param string $username
* @param string $password
* @return bool true on success, false on failure
*/
function authenticate($username,$password)
{
if (empty($username)||empty($password)) {
return false;
}
$_username = trim(mysql_real_escape_string($username));
$_password = trim(mysql_real_escape_string($password));
$_sql = "SELECT
`UserID`
FROM
`{$this->_user_table}`
WHERE
`UserEmail`='{$_username}'
AND
`UserPass`=MD5('{$_password}')
AND
`UserMode` != 'D'
LIMIT 1";
$this->db->query($_sql, SQL_INIT, SQL_ASSOC);
if (!empty($this->db->record)) {
$_record = $this->db->record;
$this->_user_id = $_record['UserID'];
return true;
} else {
return false;
}
}
/**
* Destroys the current session
* @access private
* @param string session id
* @return bool true
*/
function _destroySession($id)
{
$_id = mysql_real_escape_string($id);
$_sql = "DELETE FROM
`{$this->_session_table}`
WHERE
`sess_id` ='{$_id}'";
$this->db->query($_sql);
$this->_user_id = null;
$_COOKIE = array();
$_SESSION = array();
setcookie(session_name(), '', time()-42000, '/');
return true;
}
/**
* Clean out stale sessions
* @access public
* @return bool true
*/
function gcSession()
{
$_sql = "DELETE FROM
`{$this->_session_table}`
WHERE
`sess_expires` < CURRENT_TIMESTAMP()";
$this->db->query($_sql);
return true;
}
/**
* This is simply a conveinence function because pretty much everything is based
* off the ID.
*/
function getId()
{
return $this->_user_id;
}
/**
* Will return the username of the user_id in the user object or an empty string
* on failure.
* @access public
* @return string username
*/
function getUserName()
{
$_user_id = mysql_real_escape_string($this->_user_id);
$_sql = "SELECT
`UserName`
FROM
`{$this->_user_table}`
WHERE
`UserID` = '{$_user_id}'
LIMIT 1";
$this->db->query($_sql, SQL_INIT, SQL_ASSOC);
if (!empty($this->db->record)) {
$_record = $this->db->record;
return $_record['UserName'];
} else {
return '';
}
}
/**
* Because of the way caching is setup on AMO, we decided to use javascript to
* display the username in the headers of the page. This function will set a
* non-secure cookie that just holds that username. Do not read from this
* cookie assuming the username value is accurate - this is merely for aesthetic
* purposes.
*/
function setUsernameCookie()
{
$_username = $this->getUserName();
if (empty($_username)) {
return false;
}
setcookie('amo_user', $_username, time() + $this->_expires, '/', false);
return true;
}
/**
* This will remove the username cookie
*/
function removeUsernameCookie()
{
setcookie('amo_user', '', time() - 3600, '/', false);
return true;
}
}
?>
Reference in New Issue View Git Blame Copy Permalink