1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
| <?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "acces-errone.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
function getUserInfo() {
global $db;
$sql = $db->prepare('SELECT u.id, u.active, u.date, u.last_modified, u.username
FROM site_session s
INNER JOIN site_user u
ON s.sid = :sid
AND s.userid = u.id ');
$sql->execute( array(':sid' => session_id()) );
$userdata = $sql->fetch(PDO::FETCH_ASSOC);
if (empty($userdata)) {
$userdata = FALSE;
}
return $userdata;
}
function dbClean() {
global $db;
$limit = date('Y-m-d H-i-s', mktime(0, 0, 0, date('m'), date('d') - 2, date('Y')));
$cleanSQL = $db->prepare('DELETE FROM '.PREFIX_DB_INSCRIPTION.'session
WHERE last_modified < :limit');
$cleanSQL->execute( array(':limit' => $limit) );
}
function closeSession() {
global $db;
$deleteSQL = $db->prepare('DELETE FROM '.PREFIX_DB_INSCRIPTION.'session
WHERE sid = :sid');
$deleteSQL->execute( array(':sid' => session_id()) );
echo '<meta http-equiv="Refresh" content="0;'.$_SERVER['PHP_SELF'].'">';
}
function openSession($userid) {
global $db;
// On supprime la session en cours
$deleteSQL = $db->prepare('DELETE FROM '.PREFIX_DB_INSCRIPTION.'session
WHERE userid = :userid');
$deleteSQL->execute(array(':userid' => $userid));
// Re-génération du sid
session_regenerate_id();
// On insère le nouvel id de session dans la db
$insertSQL = $db->prepare('INSERT INTO '.PREFIX_DB_INSCRIPTION.'session (sid, userid, ip, browser)
VALUES (:sid, :userid, :ip, :browser)');
$insertSQL->execute(array(':sid' => session_id(),
':userid' => $userid,
':ip' => getIP(),
':browser' => getBrowser(),
));
return TRUE;
}
?> |
Aide création espace membre
Répondre avec citation
Envoyé par guigouz
Partager