Skip to content

Instantly share code, notes, and snippets.

@millken

millken/function-session.php

Created December 1, 2010 06:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save millken/723065 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save millken/723065 to your computer and use it in GitHub Desktop.
Download ZIP
function-session.php
Raw
function-session.php
<?php
function user_login($postdata) {
if(!$db=mysql_pconnect(DB_HOSTNAME,DB_USERNAME,DB_PASSWORD)){
trigger_error("<li>MySql Error:".mysql_error()."<li>");
}
if(!mysql_select_db(DB_DATABASE,$db)){
trigger_error("<li>MySql Error:".mysql_error()."<li>");
}
$subdomain = $postdata['subdomain'];
$username = $postdata['username'];
$password = $postdata['password'];
$sql = "SELECT user_id FROM " . DB_PREFIX . "user WHERE username = '" . mysql_real_escape_string($username, $db) . "' AND password = '" . mysql_real_escape_string(md5($password), $db) . "' AND status = '1' ";
$query = mysql_query($sql, $db);
if(list($user_id) = mysql_fetch_row($query)){
$sql = "SELECT status FROM " . DB_PREFIX . "store WHERE url = '" . mysql_real_escape_string($subdomain, $db) ."'";
$query = mysql_query($sql, $db);
if (list($status) = mysql_fetch_row($query)) {
if($status == 'closed'){
$result = array(
'error' => 1,
'errorstr' => "This store has been closed",
);
return $result;
}else{
$errorstr = "login done!";
setcookie("MD_USERNAME",$username,time()+2592000);
setcookie("MD_SUBDOMAIN",$subdomain,time()+2592000);
/*checkUserIsActive*/
$sql = "SELECT status FROM " . DB_PREFIX . "user WHERE username = '" . mysql_real_escape_string($username, $db)."' ";
$query = mysql_query($sql, $db);
if (list($status) = mysql_fetch_row($query)) {
if(!$status){
$result = array(
'error' => 2,
'errorstr' => "Your is not activated! Please activate your account first.",
);
return $result;
}else{
$sess['user_id'] = $user_id;
$sess['subdomain'] = $subdomain;
$sess['username'] = $username;
$guid = GUID();
$sess['token'] = md5($_SERVER['REMOTE_ADDR'].$guid);
setcookie('token',$sess['token'],0,'/','.'.DOMAIN);
setcookie('guid',$guid,0,'/','.'.DOMAIN);
set_Session($sess['token'], $sess);
return $sess;
}
}else{
$result = array(
'error' => 3,
'errorstr' => "This E-mail address is not registered. Sign up now!",
);
return $result;
}
/**/
}
}else{
$result = array(
'error' => 4,
'errorstr' => "The Store Not Exists.",
);
return $result;
}
}else{
$result = array(
'error' => 5,
'errorstr' => "The login information you entered is incorrect, Please try again.",
);
return $result;
}
}
function set_Session($key,$val='') {
global $db;
if(!is_object($db)) {
$db = new DB(DB_DRIVER, DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
}
$expiry=time()+86400;
$value=serialize($val);
$user_id = (int)$val['user_id'];
if($user_id) {
$sql="delete from " . DB_PREFIX . "db_session where user_id = '$user_id'";
$db->query($sql);
}else{
return false;
}
$sql="insert into " . DB_PREFIX . "db_session (sesskey,user_id,expiry,value) values('$key',$user_id,$expiry,'$value') ON DUPLICATE KEY UPDATE user_id=$user_id,expiry='$expiry'";
$query = $db->query($sql);
// if(!$query->rows){
// $sql="update " . DB_PREFIX . "db_session set expiry=$expiry, user_id=$user_id,value='$value' where sesskey='$key' and expiry >".time();
// $db->query($sql);
// }
return true;
}
function GUID() {
$hash = md5(uniqid(mt_rand(), true));
return sprintf('%08s-%04s-%04x-%04x-%12s',
// 32 bits for "time_low"
substr($hash, 0, 8),
// 16 bits for "time_mid"
substr($hash, 8, 4),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 3
(hexdec(substr($hash, 12, 4)) & 0x0fff) | 0x3000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
(hexdec(substr($hash, 16, 4)) & 0x3fff) | 0x8000,
// 48 bits for "node"
substr($hash, 20, 12)
);
}
function check_Session() {
if(!$db=mysql_pconnect(DB_HOSTNAME,DB_USERNAME,DB_PASSWORD)){
trigger_error("<li>MySql Error:".mysql_error()."<li>");
}
if(!mysql_select_db(DB_DATABASE,$db)){
trigger_error("<li>MySql Error:".mysql_error()."<li>");
}
$token = isset($_COOKIE['token'])? $_COOKIE['token'] : (isset($_GET['token']) ? $_GET['token'] : '');
$sesskey = preg_replace("~\W~",'',$token);
//check token as session
if($token !== md5($_SERVER['REMOTE_ADDR'] . $_COOKIE['guid'])) return false;
$expiry=time();
$sql = "SELECT value FROM " . DB_PREFIX . "db_session WHERE sesskey='$sesskey' AND expiry>'$expiry'";
$query = mysql_query($sql, $db);
$session = array();
$expiry=time()+86400;
if(list($value) = mysql_fetch_row($query)){
$session = unserialize($value);
$sql = "UPDATE " . DB_PREFIX . "db_session SET expiry='$expiry' WHERE sesskey='$sesskey'";
$query = mysql_query($sql, $db);
}else{
unset($_SESSION['user_id']);
}
foreach((array) $session as $key => $val) {
$_SESSION[$key] = $val;
}
$expiry = time();
$sql = "DELETE FROM " . DB_PREFIX . "db_session WHERE expiry<'$expiry'";
$query = mysql_query($sql, $db);
return true;
}
function del_Session() {
if(!$db=mysql_pconnect(DB_HOSTNAME,DB_USERNAME,DB_PASSWORD)){
trigger_error("<li>MySql Error:".mysql_error()."<li>");
}
if(!mysql_select_db(DB_DATABASE,$db)){
trigger_error("<li>MySql Error:".mysql_error()."<li>");
}
$token = isset($_COOKIE['token'])? $_COOKIE['token'] : isset($_GET['token']) ? $_GET['token'] : '';
$sesskey = preg_replace("~\W~",'',$token);
//check token as session
$user_id = (int)$_SESSION['user_id'];
$sql = "DELETE FROM " . DB_PREFIX . "db_session WHERE user_id='$user_id'";
$query = mysql_query($sql, $db);
return true;
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment