class.auth.php 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. <?php
  2. # ***** BEGIN LICENSE BLOCK *****
  3. # This file is part of DotClear.
  4. # Copyright (c) 2004 Olivier Meunier and contributors. All rights
  5. # reserved.
  6. #
  7. # DotClear is free software; you can redistribute it and/or modify
  8. # it under the terms of the GNU General Public License as published by
  9. # the Free Software Foundation; either version 2 of the License, or
  10. # (at your option) any later version.
  11. #
  12. # DotClear is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License
  18. # along with DotClear; if not, write to the Free Software
  19. # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  20. #
  21. # ***** END LICENSE BLOCK *****
  22. class auth
  23. {
  24. var $con;
  25. var $failed_redirect;
  26. function auth(&$con,$failed_redirect='auth.php')
  27. {
  28. $this->con = $con;
  29. $this->failed_redirect = $failed_redirect;
  30. }
  31. function check($level)
  32. {
  33. $failed = true;
  34. if (empty($_SESSION['sess_user_id']))
  35. {
  36. if (!empty($_COOKIE['dc_admin']))
  37. {
  38. $cookie = unserialize($_COOKIE['dc_admin']);
  39. $failed = !$this->perform($cookie['user_id'],
  40. $cookie['user_pwd'],$level,false,$cookie['remember']);
  41. if (!$failed) {
  42. $_SESSION['sess_user_id'] = $cookie['user_id'];
  43. }
  44. }
  45. else
  46. {
  47. $failed = true;
  48. $_SESSION['sess_auth_from'] = $_SERVER['REQUEST_URI'];
  49. }
  50. }
  51. else
  52. {
  53. $blog = new blog($this->con,DB_PREFIX,NULL,dc_encoding);
  54. $failed = !$blog->checkUser($_SESSION['sess_user_id'],NULL,$level);
  55. unset($blog);
  56. }
  57. if ($failed) {
  58. header('Location: '.$this->failed_redirect);
  59. exit;
  60. }
  61. }
  62. function perform($user_id,$user_pwd,$level,$md5=true,$remember=false)
  63. {
  64. $blog = new blog($this->con,DB_PREFIX,NULL,dc_encoding);
  65. $res = false;
  66. if($blog->checkUser($user_id,$user_pwd,$level,$md5) !== false)
  67. {
  68. $rs = $blog->getUser($user_id);
  69. $_SESSION['sess_user_level'] = $rs->f('user_level');
  70. $_SESSION['sess_user_format']= $rs->f('user_post_format');
  71. $_SESSION['sess_user_nom'] = $rs->f('user_nom');
  72. $_SESSION['sess_user_prenom'] = $rs->f('user_prenom');
  73. $_SESSION['sess_user_pseudo'] = $rs->f('user_pseudo');
  74. $_SESSION['sess_user_email'] = $rs->f('user_email');
  75. $_SESSION['sess_user_edit_size'] = $rs->f('user_edit_size');
  76. $_SESSION['sess_user_pref_cat'] = (integer) $rs->f('user_pref_cat');
  77. $_SESSION['sess_user_lang'] = $rs->f('user_lang');
  78. $_SESSION['sess_user_delta'] = $rs->f('user_delta');
  79. $_SESSION['sess_user_post_pub'] = $rs->f('user_post_pub');
  80. if($_SESSION['sess_user_pseudo'] != '')
  81. $_SESSION['sess_user_cn'] = $_SESSION['sess_user_pseudo'];
  82. else
  83. $_SESSION['sess_user_cn'] = trim($_SESSION['sess_user_prenom'].' '.$_SESSION['sess_user_nom']);
  84. # Création du cookie (10 jours)
  85. $user_pwd = ($md5) ? md5($user_pwd) : $user_pwd;
  86. $cookie = array('user_id' => $user_id, 'user_pwd' => $user_pwd, 'remember' => $remember);
  87. $cookie_ttl = ($remember) ? strtotime('+15 days') : 0;
  88. setcookie('dc_admin',serialize($cookie),$cookie_ttl,dc_app_url);
  89. $res = true;
  90. $blog->tiggerLog('','','Login',$rs->f('user_id'));
  91. }
  92. unset($blog);
  93. return $res;
  94. }
  95. function userLevel($level)
  96. {
  97. return $_SESSION['sess_user_level'] >= $level;
  98. }
  99. }
  100. ?>