forked from sethkontny/simplet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
is-auth.php
102 lines (69 loc) · 3.07 KB
/
is-auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
// Set a default timezone.
date_default_timezone_set('UTC');
// Note: GMT is deprecated. Use UTC instead.
// We will need the IP to handle logins. Catch it every time.
$User_IP = htmlentities($_SERVER['REMOTE_ADDR'], ENT_QUOTES, 'UTF-8');
if (isset($_COOKIE['l'])) { // If they might be logged in
// Make a note of their Cookie
$User_Cookie = htmlentities($_COOKIE['l'], ENT_QUOTES, 'UTF-8');
// Check if the Cookie and IP have an active session in the database
$Session_Check = mysqli_query($MySQL_Connection, "SELECT * FROM `Sessions` WHERE `Cookie`='$User_Cookie' AND `Active`='1' LIMIT 0, 1", MYSQLI_STORE_RESULT);
if (!$Session_Check) exit('Invalid Query (Session_Check): ' . mysqli_error($MySQL_Connection));
$Session_Count = mysqli_num_rows($Session_Check);
if ($Session_Count === 0) { // That Cookie doesn't exist or isn't active.
setcookie('l', '', 1); // Clear the Cookie
setcookie('l', false); // Definitely
unset($_COOKIE['l']); // Absolutely
$Member_Auth = false; // You shall not pass.
$Member_ID = false;
$Member_Name = false;
$Member_Admin = false;
} else { // Or maybe you are
$Session_Fetch = mysqli_fetch_assoc($Session_Check);
$Session_IP = $Session_Fetch['IP'];
if(empty($Session_IP) || $User_IP == $Session_IP) {
$Member_ID = $Session_Fetch['Member_ID'];
// Check their membership status
$Member_Check = mysqli_query($MySQL_Connection, "SELECT * FROM `Members` WHERE ID='$Member_ID' AND `Status`='Active' LIMIT 0, 1", MYSQLI_STORE_RESULT);
if (!$Member_Check) exit('Invalid Query (Member_Check): ' . mysqli_error($MySQL_Connection));
$Member_Count = mysqli_num_rows($Member_Check);
if ($Member_Count === 0) {
$Session_End = mysqli_query($MySQL_Connection, "UPDATE `Sessions` SET `Active`='0' WHERE `Member_ID`='$Member_ID' AND `Cookie`='$User_IP' AND IP='$User_IP'", MYSQLI_STORE_RESULT);
if (!$Session_End) exit('Invalid Query (Session_End): ' . mysqli_error($MySQL_Connection));
} else {
$Member_Fetch = mysqli_fetch_assoc($Member_Check);
$Member_Auth = true; // Truthful
$Member_Name = $Member_Fetch['Name']; // Do they have a name?
$Member_Mail = $Member_Fetch['Mail']; // No-one uses numbers anymore
$Member_Admin = $Member_Fetch['Admin']; // Are they a VIP?
}
} else { // Not even close
setcookie('l', '', 1);
setcookie('l', false);
unset($_COOKIE['l']);
$Member_Auth = false;
$Member_ID = false;
$Member_Name = false;
$Member_Admin = false;
}
}
} else { // Even they don't think they're logged in
$Member_Auth = false;
$Member_ID = false;
$Member_Name = false;
$Member_Admin = false;
}
function stringGenerator($n=64) {
$String_Characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
$String_Characters_Count = strlen( $String_Characters );
$String = '';
for( $i = 0; $i < $n; $i++ ) {
$String .= $String_Characters[ rand( 0, $String_Characters_Count - 1 ) ];
}
return $String;
}
function passHash($Pass, $Salt) {
$Hash_Method = 'sha512'; // Could also use sha1, sha512 etc, etc
return hash($Hash_Method, hash($Hash_Method, $Pass) . hash($Hash_Method, $Salt));
}