* Licensed under the GNU General Public License v3.0 */ session_start(); define(’ROOT’, ’../../’); require_once(ROOT.’core/scr/scr.connect.php’); /** * USER AUTHENTICATION * @param int $idnow * @uses _SESSION thesis-session * @uses _SESSION group * @uses _SESSION start * @uses _SESSION expire * @uses _COOKIE thesis-cookie * @uses _COOKIE thesis-token * @uses _DB usercheck * @uses _DB dbact * @var arr $pieces * @var string $cookiedec * @var string $time * @var string $date * @var string $username * @var string $group * @var string $now * @var string $activityen * @var string $activityde * @var string $cookietoken * @return void */ $idnow = $_SESSION[’user’]; $time = date(’H:i:s’); $date = date(’Y-m-d’); if(!isset($_COOKIE[’thesis-cookie’])) { if (!isset($_SESSION[’thesis-session’]) || !$_SESSION[’thesis-session’]) { echo ’’; else { $usercheck = ’SELECT username, groups FROM thesis_users WHERE id=\’’.$idnow.’\’;’; $dbconnect->real_escape_string($usercheck); $query = mysqli_query($dbconnect, $usercheck); $fetch = mysqli_fetch_object($query); $username = $fetch->username; $group = $fetch->groups; $now = time(); if ($now > $_SESSION[’expire’]) { session_unset(); session_destroy(); echo ’’; } else { $_SESSION[’group’] = $group; $_SESSION[’start’] = time(); $_SESSION[’expire’] = $_SESSION[’start’] + (30 * 60); } } } if(isset($_COOKIE[’thesis-cookie’])) { $cookiedec = base64_decode($_COOKIE["thesis-cookie"]); $pieces = explode(’-’, $cookiedec); $id = $pieces[0]; $group = $pieces[1]; $usercheck = ’SELECT username, password, groups FROM thesis_users WHERE id=\’’.$id.’\’;’; $dbconnect->real_escape_string($usercheck); $query = mysqli_query($dbconnect, $usercheck); $fetch = mysqli_fetch_object($query); $cookietoken = sha1(’’.$id.’-’.$group.’-’.substr($fetch->password, 7, 5).’-’.substr($fetch->username, 0, 5).’’); $username = $fetch->username; if(password_verify($cookietoken, $_COOKIE[’thesis-token’])) { $_SESSION[’thesis-session’] = true; $_SESSION[’user’] = $id; $_SESSION[’group’] = $group; } else { $_SESSION[’thesis-session’] = false; setcookie(’thesis-cookie’, ’’, time() - (86400 * 5000), "/"); setcookie(’thesis-token’, ’’, time() - (86400 * 5000), "/"); session_unset(); session_destroy(); echo ’’; } } ?>