code/user.inc.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

<?PHP
  if(!defined('USER_INC')) {
    define('USER_INC', 1);
    
    require_once('code/db.inc.php');
    
    class User {
      var $uid = 0, $gid = 0;
      var $key = '', $type = '';
      
      function User() {
      	if($_COOKIE['login']) {
      	  $res = $GLOBALS['db']->Execute('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?',
                         array(substr($_COOKIE['login'], 32),
                               substr($_COOKIE['login'], 0, 32)));
          
          if($res->RecordCount() && $res->fields[2]) {
          	$this->uid = $res->fields[0];
          	$this->gid = $res->fields[1];
          	
          	$this->type = 'cookie';
          	$this->key = $_COOKIE['login'];
          }
      	}
      	
      	if($this->uid == 0 && $_GET['login']) {
          $res = $GLOBALS['db']->Execute('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?',
                         array(substr($_GET['login'], 32),
                               substr($_GET['login'], 0, 32)));
          
          if($res->RecordCount() && $res->fields[2]) {
          	$this->uid = $res->fields[0];
          	$this->gid = $res->fields[1];
          	
          	$this->type = 'url';
          	$this->key = $_GET['login'];
          }
        }
      }
      
      function Login($name, $pass) {
      	$res = $GLOBALS['db']->Execute('SELECT id, gid FROM users WHERE user = ? AND password = ?', array($name, $pass));
    
        if($res->RecordCount()) {
          $id = $res->fields[0];
          $sid = md5(uniqid($name . " * " . $pass . " * " . rand()));
          
          $GLOBALS['db']->Execute('UPDATE users SET sid = ? WHERE id = ?', array($sid, $id));
          
          $this->uid = $id;
          $this->gid = $res->fields[1];
          
          $this->type = 'url';
          $this->key = $sid . $id;
          
          setcookie('login', $this->key);
          
          return $id;
        }
        
        return 0;
      }
      
      function Logout() {
        $GLOBALS['db']->Execute('UPDATE users SET sid = \'\' WHERE id = ?', $this->uid);
        
        $this->uid = 0;
        $this->gid = 0;
        
        $this->type = '';
        $this->key = '';
        
        setcookie('login');
      }
      
      function IsAdmin() {
      	return ($this->uid != 0 && $this->gid == 0);
      }
      
      function GetUid() {
      	return $this->uid;
      }
      
      function GetGid() {
      	return $this->gid;
      }
      
      function GetLoginType() {
        return $this->type;
      }
      
      function GetLoginKey() {
        return $this->key;
      }
    }
    
    $user = new User;
  }
?>