Location: PHPKode > projects > Absolut Engine > absolut-engine-33870/admin/classauth.php
<?

// Authetication class for login and session purposes
class CAuth extends CDatabase
{

   function CAuth()
   {
   $this->CDatabase();
   }

// Logins user
   function UserLogin($user="",$pass="")
   {
   if (!$this->user OR !$this->pass)
      {
      header("location: http://".$this->server."/".$this->path."admin/index.php");
      exit;
      }
   $this->DBQuery("SELECT * FROM ".$this->table[5]." WHERE user='".$this->user."'");
   $this->DBGetRow();
   $currentuserID=$this->access["ID"];
   $username=$this->access["user"];
   if ($this->user==$this->access["user"] AND md5($this->pass)==$this->access["password"])
      {
      $this->DBQuery("SELECT * FROM ".$this->table[6]." WHERE userID='".$currentuserID."'");
      $this->DBGetRow();
      if ($this->access["userID"]==$currentuserID) $this->DBQuery("DELETE FROM ".$this->table[6]." WHERE userID='".$currentuserID."'");
      $loginID=md5(uniqid($username));
      $currenttime=time();
      $this->DBQuery("INSERT INTO ".$this->table[6]." VALUES (NULL,'".$currentuserID."','".$loginID."','".$currenttime."')");
      header("location: http://".$this->server."/".$this->path."admin/admin.php?username=$username&session=$loginID");
      }
   else $this->DisplayError(1,""," ".$this->emailwebmaster);
   }

   // Verifies user's session
   function UserVerifySession()
   {
   $currenttime=time();
   $this->DBQuery("SELECT ID,logtime FROM ".$this->table[6]); // checks users online
   while ($this->DBGetRow()) // deletes a user if he is no longer online and forgot to log out
         {
         $outcome2=$this->outcome;
         $logtime=$this->access["logtime"]+$this->timeout;
         if ($logtime<$currenttime)
            {
            $loginID=$this->access["ID"];
            $this->DBQuery("DELETE FROM ".$this->table[6]." WHERE ID='".$loginID."'");
            }
         $this->outcome=$outcome2;
         }
   unset($loginID);
   $this->DBQuery("SELECT ID,position FROM ".$this->table[5]." WHERE user='".$this->username."'");
   $this->DBGetRow();
   $this->currentuserID=$this->access["ID"];
   $this->currentuserposition=$this->access["position"];
   $this->DBQuery("SELECT userID,loginID FROM ".$this->table[6]." WHERE userID='".$this->currentuserID."'");
   $this->DBGetRow();
   if ($this->currentuserID==$this->access["userID"])
      {
      $loginID=$this->access["loginID"];
      }
   if ($this->session<>$loginID OR !$this->username) $this->DisplayError(1,""," ".$this->emailwebmaster);
   else
      {
      // writes current time to login table, so user won't be timed out
      $this->DBQuery("UPDATE ".$this->table[6]." SET logtime='".$currenttime."' WHERE userID='".$this->currentuserID."'");
      }
   }

   function UserVerifyLevel($level=1)
   {
   if ($level==1 AND $this->currentuserposition<>1) $this->DisplayError(12);
   if ($level==2 AND $this->currentuserposition>2) $this->DisplayError(13);
   }

   // Logouts user
   function UserLogout()
   {
   $this->DBQuery("DELETE FROM ".$this->table[6]." WHERE userID='".$this->currentuserID."'");
   header("location: http://".$this->server."/".$this->path."admin/index.php");
   }

}

?>
Return current item: Absolut Engine