__ */ function login_clientid($userid = 0) { return($userid . '_' . $_SERVER['REMOTE_ADDR'] . '_' . $_SERVER['HTTP_USER_AGENT']); } /** * Set login cookie to hashed Client ID, prepend plain text User ID for later retrieval */ function login_set($userid = 0) { $value = $userid . '_' . password_hash(login_clientid($userid)); $expire = time() + LOGIN_EXPIRE; // set cookie for a certain time setcookie('login', $value, $expire); } /** * Delete the login cookie (= log out) */ function login_del() { if (isset($_COOKIE['login'])) { $expire = time() - YEAR_IN_SECONDS; // expire a year ago setcookie('login', '', $expire); unset($_COOKIE['login']); } } /** * Check the login cookie, return User ID from cookie if not zero, log out and return FALSE on fail */ function login_chk($userid = 0) { if (isset($_COOKIE['login'])) { $parts = explode('_', $_COOKIE['login'], 2); if (is_array($parts) && count($parts) == 2) { $cookieid = max(0, (int)$parts[0]); if ($cookieid == $userid || !$userid) if (password_isok(login_clientid($cookieid), $parts[1])) return($cookieid ? $cookieid : TRUE); } login_del(); } return(FALSE); } /** * Get the logged in user, update last visit, return user array or FALSE on fail */ function login_get() { if ($userid = login_chk()) if (is_int($userid)) { $sql = sprintf('select * from `user` where `id` = %u limit 1', $userid); if ($res = @mysql_query($sql)) if (@mysql_num_rows($res)) if ($user = @mysql_fetch_assoc($res)) { //update last visit time if (array_key_exists('lastvisit', $user)) { $sql = sprintf('update `user` set `lastvisit` = NOW() where `id` = %u limit 1', $user['id']); @mysql_query($sql); } //return complete user tuple except the password hash if (array_key_exists('hash', $user)) unset($user['hash']); return($user); } } return(FALSE); } /** * Validate username/password, log in and return user array on success, log out and return FALSE on fail */ function login_val($username, $password) { $sql = sprintf('select * from `user` where `username` = "%s" and `banned` = 0 limit 1', @mysql_real_escape_string($username)); if ($res = @mysql_query($sql)) if (@mysql_num_rows($res)) if ($user = @mysql_fetch_assoc($res)) if (array_key_exists('id', $user) && array_key_exists('hash', $user)) if (password_isok($password, $user['hash'])) { //set login cookie login_set($user['id']); //update last login time if (array_key_exists('lastlogin', $user)) { $sql = sprintf('update `user` set `lastlogin` = NOW() where `id` = %u limit 1', $user['id']); @mysql_query($sql); } //return complete user tuple except the password hash unset($user['hash']); return($user); } login_del(); return(FALSE); } ?>