Skip to content

Instantly share code, notes, and snippets.

@DaveRandom

DaveRandom/login.php

Forked from rahuldottech/login.php
Created August 19, 2018 16:59
Show Gist options
  • Save DaveRandom/74499285b9e166cc3c2638e6e1748392 to your computer and use it in GitHub Desktop.
Save DaveRandom/74499285b9e166cc3c2638e6e1748392 to your computer and use it in GitHub Desktop.
Download ZIP
PHP session management
Raw
login.php
<?php
require 'secsesh.php';
session_start();
if(/*credentials check out*/){
s_start();
}
header( 'Location: somePage.php' );
}
Raw
logout.php
<?php
require 'secsesh.php';
session_start();
s_end();
Raw
otherFiles.php
<?php
require 'secsesh.php';
session_start();
if(s_check()){
//do stuff
} else {
header( 'Location: login.php' );
}
Raw
secsesh.php
<?php
//===CONFIGURATION===
// Name of the session id cookie
$GLOBALS['sessionName'] = "secID";
// How long should a session remain valid for?
// (in seconds)
$GLOBALS['sessionTimeout'] = 60*60*24;
// --Fingerprint Settings--
// - Use fingerprints?
$GLOBALS['useFingerprint'] = true;
// - Use user agent in fingerprint?
$GLOBALS['f_useUserAgent'] = true;
// - Use IP address in fingerprint?
$GLOBALS['f_useIPaddress'] = true;
// --END Fingerprint Settings--
//===END CONFIGURATION===
ini_set( 'session.use_only_cookies', TRUE );
ini_set( 'session.use_trans_sid', FALSE );
ini_set( 'session.cookie_httponly', TRUE );
// ini_set( 'session.gc_maxlifetime', $sessionTimeout );
// ini_set( 'session.cookie_lifetime', $sessionTimeout );
ini_set( 'session.name', $sessionName );
session_name($sessionName);
function s_end(){
if($_SESSION["loggedIn"]){
$_SESSION["loggedIn"]=false;
session_destroy();
}
}
function s_start(){
if(!$_SESSION["loggedIn"]){
session_regenerate_id();
$_SESSION["loggedIn"] = true;
$_SESSION["lastActivity"] = time();
if($GLOBALS['useFingerprint']){
$_SESSION["fingerprint"] = generateFingerprint();
}
}
}
function generateFingerprint(){
$fingerprint = "";
if($GLOBALS['f_useUserAgent']){
$fingerprint .= $_SERVER['HTTP_USER_AGENT'];
}
$fingerprint .= '_._'; //separator
if($GLOBALS['f_useIPaddress']){
$fingerprint .= $_SERVER['REMOTE_ADDR'];
}
$fingerprint = md5($fingerprint);
return $fingerprint;
}
function s_check(){
if($_SESSION["loggedIn"]){
if($GLOBALS['useFingerprint'] && generateFingerprint() !== $_SESSION["fingerprint"]){
return false;
}
if((time() - $_SESSION['lastActivity']) > $GLOBALS['sessionTimeout']){
$_SESSION["loggedIn"]=false;
session_destroy();
return false;
} else {
$_SESSION['lastActivity'] = time();
return true;
}
} else {
return false;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment