From 30aea4ec8cfee1ffc8786955ecb012ef73a68b73 Mon Sep 17 00:00:00 2001 From: eric Date: Sat, 19 Jun 2004 20:19:42 +0000 Subject: started working on the login --- web/lib/aur.inc | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) (limited to 'web/lib/aur.inc') diff --git a/web/lib/aur.inc b/web/lib/aur.inc index d809ace7..a333576d 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -11,6 +11,84 @@ $SUPPORTED_LANGS = array( "fr" => 1, # Français ); +# see if the visitor is already logged in +# +function check_sid() { + global $_COOKIE; + + if (isset($_COOKIE["AURSID"])) { + $failed = 0; + # the visitor is logged in, try and update the session + # + $dbh = db_connect(); + $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; + $q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + $failed = 1; + } else { + if ($row[0] + 10 >= $row[1]) { + $failed = 1; + } + } + if ($failed) { + # visitor's session id either doesn't exist, or the timeout + # was reached and they must login again, send them back to + # the main page where they can log in again. + # + $q = "DELETE FROM Sessions WHERE SessionID = '"; + $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; + mysql_query($q, $dbh); + + setcookie("AURSID", "", time() - (60*60*24*30), "/"); + header("Location: /timeout.php"); + } + } + + return; +} + +# a new seed value for mt_srand() +# +function make_seed() { + list($usec, $sec) = explode(' ', microtime()); + return (float) $sec + ((float) $usec * 10000); +} + +# generate a (hopefully) unique session id +# +function new_sid() { + mt_srand(make_seed()); + $ts = time(); + $pid = getmypid(); + + $rand_num = mt_rand(); + mt_srand(make_seed()); + $rand_str = substr(md5(mt_rand()),2, 20); + + $id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num; + return strtoupper(md5($id)); +} + +# obtain the username if given their current SID +# +function username_from_sid($sid="") { + if (!$sid) { + return ""; + } + $dbh = db_connect(); + $q = "SELECT Email "; + $q.= "FROM Users, Sessions "; + $q.= "WHERE Users.ID = Sessions.UsersID "; + $q.= "AND SessionID = '" . mysql_escape_string($sid) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + return ""; + } + $row = mysql_fetch_row($result); + + return $row[0]; +} # connect to the database # @@ -155,7 +233,7 @@ function html_footer($ver="") { print "\n"; print "

\n"; if ($ver) { - print "\n"; + print "
\n"; print "\n"; print "
".$ver."
\n"; } -- cgit v1.2.3-24-g4f1b