db = $db; if ($_SESSION['logged']) { $this->_checkSession(); } elseif ( isset($_COOKIE['Login']) ) { $this->_checkRemembered($_COOKIE['Login']); } } function generateCookie() { $cookie = mt_rand(1, mt_getrandmax()); $cookie = md5(uniqid($cookie)); return $cookie; } function updateCookie($cookie, $force = false) { $_SESSION['cookie'] = $cookie; if ($_SESSION['remember'] or $force) { $cookie = serialize(array($_SESSION['username'], $cookie)); send_cookie('Login', $cookie); } } function _checkLogin($username, $password, $remember) { $md5pass = "'" . md5(substr($password, 1, -1)) . "'"; $sql = "SELECT * FROM member WHERE " . "(username = $username) AND " . "(password = $md5pass) AND " . "(permission != '00-deny')"; $result = $this->db->getRow($sql); if (is_object($result)) { $this->_setSession($result, $remember); return true; } else { $_SESSION['login']--; $this->_logout(); return false; } } function _checkSession() { $username = $this->db->quote($_SESSION['username']); $cookie = $this->db->quote($_SESSION['cookie']); $session = $this->db->quote(session_id()); $ip = $this->db->quote($_SERVER['REMOTE_ADDR']); $sql = "SELECT * FROM member WHERE " . "(username = $username) AND (cookie = $cookie) AND " . "(session = $session) AND (ip = $ip) AND (permission != '00-deny')"; $result = $this->db->getRow($sql); if (is_object($result)) { $this->_setSession($result, false, false); } else { $this->_logout(); } } function _checkRemembered($cookie) { list($username, $cookie) = @unserialize($cookie); if (!$username or !$cookie) return; $username = $this->db->quote($username); $cookie = $this->db->quote($cookie); $sql = "SELECT * FROM member WHERE " . "(username = $username) AND (cookie = $cookie) AND (permission != '00-deny')"; $result = $this->db->getRow($sql); if (is_object($result)) { $this->_setSession($result, true); } } function _logout() { require_once 'session_defaults.php'; session_defaults(); } function _setSession(&$values, $remember, $init = true) { $this->id = $values->id; $_SESSION['uid'] = $this->id; $_SESSION['username'] = htmlspecialchars($values->username); $_SESSION['cookie'] = $values->cookie; $_SESSION['logged'] = true; $_SESSION['permission'] = $values->permission; $_SESSION['registered'] = $values->registered; if (!$init) { $_SESSION['last_logged'] = $values->last_logged; } $_SESSION['email_priv'] = $values->email_priv; $_SESSION['style'] = unserialize($values->style); if (!isset($_SESSION['style']['date'])) { $_SESSION['style']['date'] = 'j M Y'; $_SESSION['style']['datetime'] = 'j M Y g:ia'; } if (!is_null($values->tz)) { $_SESSION['offset'] = $values->tz; set_timezone($values->tz); } elseif (isset($_SESSION['offset'])) { $this->setTZ($_SESSION['offset']); } $_SESSION['name'] = htmlspecialchars($values->name); $_SESSION['email'] = htmlspecialchars($values->email); if ($remember) { $_SESSION['remember'] = true; $this->updateCookie($values->cookie, true); } $session = $this->db->quote(session_id()); $ip = $this->db->quote($_SERVER['REMOTE_ADDR']); $sqlinit = ($init) ? ", session = $session, ip = $ip" : ''; $sql = "UPDATE member SET last_logged = CURRENT_DATE $sqlinit WHERE id = $this->id"; $this->db->query($sql); } function memberBar() { if ($_SESSION['logged']) { $html = '