Login   Register  
PHP Classes
elePHPant
Icontem

File: adminpro_class.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Giorgos  >  AdminPro class  >  adminpro_class.php  >  Download  
File: adminpro_class.php
Role: Class source
Content type: text/plain
Description: The main AdminPro Class file
Class: AdminPro class
MySQL/Session based user authentication/management
Author: By
Last change:
Date: 10 years ago
Size: 13,289 bytes
 

Contents

Class file image Download
<?php
class protect{
/***
**** @class: protect
**** @project: AdminPro Class
**** @version: 1.3;
**** @author: Giorgos Tsiledakis;
**** @date: 2004-09-04;
**** @license: GNU GENERAL PUBLIC LICENSE;
****
**** This class protects your php pages using a MySQL Database and the PHP session functions
**** Please read the readme.html file (included in this package) first
****/
var $errorMsg="";
var $showPage=false;

/*
**** @function: protect; Class Constructor
**** @include: the class configuration file: adminpro_config.php
**** @include: the class to access MySQL: mysql_dialog.php
**** if some var is passed, it will be an administrator page
**** makes the configuration vars public, starts a session and goes to checkSession()
*/
function protect($isAdmin=false,$userGroup=false){
include("adminpro_config.php");
include("mysql_dialog.php");
$this->accNoCookies=$globalConfig['acceptNoCookies'];
$this->dbhost=$globalConfig['dbhost'];
$this->dbuser=$globalConfig['dbuser'];
$this->dbpass=$globalConfig['dbpass'];
$this->dbase=$globalConfig['dbase'];
$this->tbl=$globalConfig['tbl'];
$this->tblID=$globalConfig['tblID'];
$this->tblUserName=$globalConfig['tblUserName'];
$this->tblUserPass=$globalConfig['tblUserPass'];
$this->tblIsAdmin=$globalConfig['tblIsAdmin'];
$this->tblUserGroup=$globalConfig['tblUserGroup'];
$this->tblSessionID=$globalConfig['tblSessionID'];
$this->tblLastLog=$globalConfig['tblLastLog'];
$this->tblUserRemark=$globalConfig['tblUserRemark'];
$this->inactiveMin=$globalConfig['inactiveMin'];
$this->loginUrl=$globalConfig['loginUrl'];
$this->logoutUrl=$globalConfig['logoutUrl'];
$this->enblRemember=$globalConfig['enblRemember'];
$this->cookieRemName=$globalConfig['cookieRemName'];
$this->cookieRemPass=$globalConfig['cookieRemPass'];
$this->cookieExpDays=$globalConfig['cookieExpDays'];
$this->isMd5=$globalConfig['isMd5'];
$this->errorPageTitle=$globalConfig['errorPageTitle'];
$this->errorPageH1=$globalConfig['errorPageH1'];
$this->errorPageLink=$globalConfig['errorPageLink'];
$this->errorNoCookies=$globalConfig['errorNoCookies'];
$this->errorNoLogin=$globalConfig['errorNoLogin'];
$this->errorInvalid=$globalConfig['errorInvalid'];
$this->errorDelay=$globalConfig['errorDelay'];
$this->errorNoAdmin=$globalConfig['errorNoAdmin'];
$this->errorNoGroup=$globalConfig['errorNoGroup'];
$this->errorCssUrl=$globalConfig['errorCssUrl'];
$this->errorCharset=$globalConfig['errorCharset'];
session_start();
$this->isAdmin=$isAdmin;
$this->userGroup=$userGroup;
$this->checkSession();
}
/*
**** @function: checkSession(called by class constructor or by checkLogin)
**** calls hasCookie() and checks if the $globalConfig['acceptNoCookies'] is true;
**** if no cookie was set and we do not accept that -> makes an error message; else:
**** checks if a session is active: if not -> checkPost() (checks if some post was sent);
**** if session exists, it checks if some $_POST['action']==logout -> makeLogout();
**** if not -> checkTime();
*/
function checkSession(){
if (!$this->hasCookie() && $this->accNoCookies && (@$_POST['action']!="login" || @$_GET)){
$this->errorMsg=$this->errorNoCookies;
$this->makeErrorHtml();
}
else{
if (!@$_SESSION['userID'] || !@$_SESSION['sessionID']) {
$this->checkRemember();
}
elseif (@$_SESSION['userID'] && @$_SESSION['sessionID']) {
if (@$_POST['action']=="logout") {
$this->makeLogout();
}
else{
$this->checkTime();
}
}
}
}
/*
**** @function: hasCookie(called by checkSession())
**** checks if the client's browser has accepted the cookie of the active session;
**** if yes, it returns true;
**** if not -> it returns false;
*/
function hasCookie(){
if ( isset($_COOKIE[session_name()])) {
return true;
}
else {
return false;
}
}
/*
**** @function: makeLogout(called by checkSession())
**** sets MySQL Time Field=0 and SessionID Field='';
**** closes the session and goes to logout page, if some $_POST['action']="logout" was sent;
*/
function makeLogout(){
$db=new mysql_dialog();
$db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase);
$SQL="UPDATE ".$this->tbl." SET ";
$SQL.=$this->tblLastLog."= 0, ";
$SQL.=$this->tblSessionID."='' ";
$SQL.="WHERE ".$this->tblID."='".$_SESSION['userID']."'";
$db->speak($SQL);
if ($this->enblRemember && isset($_COOKIE[$this->cookieRemName]) && isset($_COOKIE[$this->cookieRemPass])){
setcookie($this->cookieRemName,$_COOKIE[$this->cookieRemName],time());
setcookie($this->cookieRemPass,$_COOKIE[$this->cookieRemPass],time());
}
session_destroy();
header ("Location: ".$this->logoutUrl);
}
/*
**** @function: checkTime(called by checkSession())
**** gets the time of the last page access from the database;
**** compares this time with the time now. If the elapsed minutes>inactiveMin (configuration);
**** or the session ID has changed (by some second login) -> it creates an error page
**** if not -> sets the time now in the MySQL Time Field and goes to checkAdmin();
*/
function checkTime(){
$db=new mysql_dialog();
$db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase);
$SQL="SELECT UNIX_TIMESTAMP(".$this->tblLastLog.") as lastLog FROM ".$this->tbl;
$SQL.=" WHERE ".$this->tblID."=".$_SESSION['userID']." AND ".$this->tblSessionID."='".$_SESSION['sessionID']."'";
$db->speak($SQL);
$data=$db->listen();
$nowtime=time();
$inactiveSec=$nowtime-$data['lastLog'];
if ($inactiveSec/60>$this->inactiveMin) {
$this->errorMsg=$this->errorDelay;
$this->makeErrorHtml();
}
else {
$SQ="UPDATE ".$this->tbl." SET ";
$SQ.=$this->tblLastLog."= now() ";
$SQ.="WHERE ".$this->tblID."='".$_SESSION['userID']."'";
$db->speak($SQ);
$this->checkAdmin();
}
}
/*
**** @function: checkAdmin (called by checkTime())
**** checks if the page is an administrator page. If not -> checkGroup();
**** if yes -> gets the value from the MySQL Admin Field (1=admin,-1=normal user);
**** if the value==1 -> showPage() else -> it creates an error page;
*/
function checkAdmin(){
if ($this->isAdmin!="1") {
$this->checkGroup();
}
else{
$db=new mysql_dialog();
$db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase);
$SQL="SELECT ".$this->tblIsAdmin." as isAdmin FROM ".$this->tbl;
$SQL.=" WHERE ".$this->tblID."=".$_SESSION['userID']." AND ";
$SQL.=$this->tblSessionID."='".$_SESSION['sessionID']."'";
$db->speak($SQL);
$data=$db->listen();
if ($data['isAdmin']==-1){
$this->errorMsg=$this->errorNoAdmin;
$this->makeErrorHtml();
}
elseif ($data['isAdmin']==1){
$this->showPage();
}
}
}
/*
**** @function: checkGroup (called by checkAdmin())
**** checks if the page is belongs only to some user group. If not -> showPage();
**** if yes -> gets the user's group number from the MySQL User Group Field;
**** if the group is the same-> showPage() else -> it creates an error page;
*/
function checkGroup(){
if (!$this->userGroup){
$this->showPage();
}
else {
$db=new mysql_dialog();
$db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase);
$SQL="SELECT ".$this->tblUserGroup." as userGroup, ";
$SQL.=$this->tblIsAdmin." as isAdmin";
$SQL.=" FROM ".$this->tbl;
$SQL.=" WHERE ".$this->tblID."=".$_SESSION['userID']." AND ";
$SQL.=$this->tblSessionID."='".$_SESSION['sessionID']."'";
$db->speak($SQL);
$data=$db->listen();
if ($data['userGroup']!=$this->userGroup && $data['isAdmin']!=1){
$this->errorMsg=$this->errorNoGroup;
$this->makeErrorHtml();
}
else{
$this->showPage();
}
}
}
/*
**** @function: checkRemember (called by checkSession() if no session is active)
**** checks if some username + password cookies were set and if we have this function enabled;
**** If not -> checkPost()
**** if yes -> it updates the MySQL table, registers the Session vars -> checkSession()
*/
function checkRemember(){
if ($this->enblRemember && isset($_COOKIE[$this->cookieRemName]) && isset($_COOKIE[$this->cookieRemPass])){
$db=new mysql_dialog();
$db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase);
$SQL="SELECT ".$this->tblID." as ID, ";
$SQL.=$this->tblUserName." as userName, ";
$SQL.=$this->tblUserPass." as userPass ";
$SQL.="FROM ".$this->tbl;
$SQL.=" WHERE ".$this->tblUserName."='".$_COOKIE[$this->cookieRemName]."'";
$db->speak($SQL);
$data=$db->listen();

if ($this->isMd5!="1" && $data['userPass']){
$data['userPass']=md5($data['userPass']);
}

if ($_COOKIE[$this->cookieRemName]==$data['userName'] && $_COOKIE[$this->cookieRemPass]==$data['userPass']){
$SQL="UPDATE ".$this->tbl." SET ";
$SQL.=$this->tblLastLog."= now(), ";
$SQL.=$this->tblSessionID."='".session_id()."' ";
$SQL.="WHERE (".$this->tblID."='".$data['ID']."')";
$db->speak($SQL);
$_SESSION['sessionID']=session_id();
$_SESSION['userID']=$data['ID'];
setcookie($this->cookieRemName,$_COOKIE[$this->cookieRemName],time()+(60*60*24*$this->cookieExpDays));
setcookie($this->cookieRemPass,$_COOKIE[$this->cookieRemPass],time()+(60*60*24*$this->cookieExpDays));
$this->checkSession();
}

}
else {
$this->checkPost();
}
}

/*
**** @function: checkPost (called by checkRemember())
**** checks if some $_POST was sent. If not -> it creates an error page
**** if yes -> checkLogin()
*/
function checkPost(){
if (!$_POST) {
$this->errorMsg=$this->errorNoLogin;
$this->makeErrorHtml();
}
else {
$this->checkLogin();
}
}
/*
**** @function: checkLogin (called by checkPost())
**** checks if some $_POST['userName'] and $_POST['userPass'] and $_POST['action']="login" was sent;
**** If not -> it creates an error page;
**** if yes -> it compares the $_POST with the username and password on database;
**** if all ok -> showPage() else -> it creates an error page;
*/
function checkLogin(){
$db=new mysql_dialog();
$db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase);
$action=@$_POST['action'];
$userName=@$_POST['userName'];
if ($this->isMd5=="1"){
$userPass=md5(@$_POST['userPass']);
}
else {
$userPass=@$_POST['userPass'];
}
$SQL="SELECT ".$this->tblID." as ID, ";
$SQL.=$this->tblUserName." as userName, ";
$SQL.=$this->tblUserPass." as userPass ";
$SQL.="FROM ".$this->tbl;
$SQL.=" WHERE ".$this->tblUserName."='".$userName."' ";
$SQL.="and ".$this->tblUserPass."='".$userPass."'";
$db->speak($SQL);
$data=$db->listen();
if ($action=="login" && ($userName || $userPass)){
if ($userName==$data['userName'] && $userPass==$data['userPass']) {
$SQL="UPDATE ".$this->tbl." SET ";
$SQL.=$this->tblLastLog."= now(), ";
$SQL.=$this->tblSessionID."='".session_id()."' ";
$SQL.="WHERE (".$this->tblID."='".$data['ID']."')";
$db->speak($SQL);
$_SESSION['sessionID']=session_id();
$_SESSION['userID']=$data['ID'];
if ($this->enblRemember && @$_POST['userRemember']=="yes"){
setcookie($this->cookieRemName,@$_POST['userName'],time()+(60*60*24*$this->cookieExpDays));
setcookie($this->cookieRemPass,md5(@$_POST['userPass']),time()+(60*60*24*$this->cookieExpDays));
}
$this->checkSession();
}
}
if ($action=="login"){
if ($userName!=$data['userName'] || $userPass!=$data['userPass'] || $userName=="" || $userPass=="") {
$this->errorMsg=$this->errorInvalid;
$this->makeErrorHtml();
}
}
if ($action!="login") {
$this->errorMsg=$this->errorInvalid;
$this->makeErrorHtml();
}
}
/*
**** @function: makeErrorHtml
**** creates the error html page, if something went wrong;
**** sets MySQL Time Field=0 and SessionID Field='' and closes the session;
*/
function makeErrorHtml() {
if ($_SESSION){
$db=new mysql_dialog();
$db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase);
$SQL="UPDATE ".$this->tbl." SET ";
$SQL.=$this->tblLastLog."= 0, ";
$SQL.=$this->tblSessionID."='' ";
$SQL.="WHERE ".$this->tblID."='".$_SESSION['userID']."'";
$db->speak($SQL);
}
if ($this->enblRemember && isset($_COOKIE[$this->cookieRemName]) && isset($_COOKIE[$this->cookieRemPass])){
setcookie($this->cookieRemName,$_COOKIE[$this->cookieRemName],time());
setcookie($this->cookieRemPass,$_COOKIE[$this->cookieRemPass],time());
}
session_destroy();
$out="<html>\n<head><title>".$this->errorPageTitle."</title>\n";
if ($this->errorCssUrl!=""){
$out.="<link rel=\"stylesheet\" type=\"text/css\" href=\"".$this->errorCssUrl."\">\n";
}
if ($this->errorCharset!=""){
$out.="<meta http-equiv=\"content-type\" content=\"text/html;charset=".$this->errorCharset."\">\n";
}
$out.="</head>\n<body>\n";
$out.="<h1>".$this->errorPageH1."</h1>\n";
$out.="<p>".$this->errorMsg."</p>\n";
$out.="<p><a href=".$this->loginUrl.">".$this->errorPageLink."</a></p>\n";
$out.="</body>\n</html>";
print $out;
}
/*
**** @function: showPage
**** makes the public var $showPage true, if everything was ok;
*/
function showPage(){
$this->showPage=true;
}
/*
**** @function: getUser
**** call it in your protected page, if you would like to display the username;
*/
function getUser(){

if ($this->showPage){
$db=new mysql_dialog();
$db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase);
$SQL="SELECT ".$this->tblUserName." as userName";
$SQL.=" FROM ".$this->tbl;
$SQL.=" WHERE ".$this->tblID."='".$_SESSION['userID']."'";
$db->speak($SQL);
$data=$db->listen();
return $data['userName'];
}
else {return false;}
}

}
?>