From 573911735c1389290b1efb78d428839f9b5a6185 Mon Sep 17 00:00:00 2001
From: Sibidharan <sibidharan@icloud.com>
Date: Tue, 5 Apr 2022 16:26:54 +0000
Subject: [PATCH] building sessions
---
libs/includes/Session.class.php | 3 ++
libs/includes/User.class.php | 10 +++-
libs/includes/UserSession.class.php | 78 +++++++++++++++++++++++++++++
libs/load.php | 1 +
logintest.php | 13 ++++-
sg.php | 32 ++++++------
6 files changed, 118 insertions(+), 19 deletions(-)
create mode 100644 libs/includes/UserSession.class.php
diff --git a/libs/includes/Session.class.php b/libs/includes/Session.class.php
index 82048081..6f73174a 100644
--- a/libs/includes/Session.class.php
+++ b/libs/includes/Session.class.php
@@ -14,6 +14,9 @@ class Session
public static function destroy()
{
session_destroy();
+ /*
+ If UserSession is active, set it to inactive.
+ */
}
public static function set($key, $value)
diff --git a/libs/includes/User.class.php b/libs/includes/User.class.php
index 8434fbf6..864d497c 100644
--- a/libs/includes/User.class.php
+++ b/libs/includes/User.class.php
@@ -14,6 +14,8 @@ class User
return $this->_get_data($property);
} elseif (substr($name, 0, 3) == "set") {
return $this->_set_data($property, $arguments[0]);
+ } else {
+ throw new Exception("User::__call() -> $name, function unavailable.");
}
}
@@ -47,6 +49,11 @@ class User
$row = $result->fetch_assoc();
//if ($row['password'] == $pass) {
if (password_verify($pass, $row['password'])) {
+ /*
+ 1. Generate Session Token
+ 2. Insert Session Token
+ 3. Build session and give session to user.
+ */
return $row['username'];
} else {
return false;
@@ -56,13 +63,14 @@ class User
}
}
+ //User object can be constructed with both UserID and Username.
public function __construct($username)
{
//TODO: Write the code to fetch user data from Database for the given username. If username is not present, throw Exception.
$this->conn = Database::getConnection();
$this->username = $username;
$this->id = null;
- $sql = "SELECT `id` FROM `auth` WHERE `username`= '$username' LIMIT 1";
+ $sql = "SELECT `id` FROM `auth` WHERE `username`= '$username' OR `id` = '$username' LIMIT 1";
$result = $this->conn->query($sql);
if ($result->num_rows) {
$row = $result->fetch_assoc();
diff --git a/libs/includes/UserSession.class.php b/libs/includes/UserSession.class.php
new file mode 100644
index 00000000..4b582261
--- /dev/null
+++ b/libs/includes/UserSession.class.php
@@ -0,0 +1,78 @@
+<?php
+
+class UserSession
+{
+ /**
+ * This function will return a session ID if username and password is correct.
+ *
+ * @return SessionID
+ */
+ public static function authenticate($user, $pass)
+ {
+ $username = User::login($user, $pass);
+ $user = new User($username);
+ if ($username) {
+ $conn = Database::getConnection();
+ $ip = $_SERVER['REMOTE_ADDR'];
+ $agent = $_SERVER['HTTP_USER_AGENT'];
+ $token = md5(rand(0, 9999999) .$ip.$agent.time());
+ $sql = "INSERT INTO `session` (`uid`, `token`, `login_time`, `ip`, `user_agent`, `active`)
+ VALUES ('$user->id', '$token', now(), '$ip', '$agent', '1')";
+ if ($conn->query($sql)) {
+ Session::set('session_token', $token);
+ return $token;
+ } else {
+ return false;
+ }
+ } else {
+ return false;
+ }
+ }
+
+ public static function authorize($token)
+ {
+ $sess = new UserSession($token);
+ }
+
+ public function __construct($token)
+ {
+ $this->conn = Database::getConnection();
+ $this->token = $token;
+ $this->data = null;
+ $sql = "SELECT * FROM `session` WHERE `token`=$token LIMIT 1";
+ $result = $this->conn->query($sql);
+ if ($result->num_rows) {
+ $row = $result->fetch_assoc();
+ $this->data = $row;
+ $this->uid = $row['uid']; //Updating this from database
+ } else {
+ throw new Exception("Session is invalid.");
+ }
+ }
+
+ public function getUser()
+ {
+ return new User($this->uid);
+ }
+
+ /**
+ * Check if the validity of the session is within one hour, else it inactive.
+ *
+ * @return boolean
+ */
+ public function isValid()
+ {
+ }
+
+ public function getIP()
+ {
+ }
+
+ public function getUserAgent()
+ {
+ }
+
+ public function deactivate()
+ {
+ }
+}
diff --git a/libs/load.php b/libs/load.php
index 99d2effd..57130c16 100644
--- a/libs/load.php
+++ b/libs/load.php
@@ -3,6 +3,7 @@ include_once 'includes/Session.class.php';
include_once 'includes/Mic.class.php';
include_once 'includes/User.class.php';
include_once 'includes/Database.class.php';
+include_once 'includes/UserSession.class.php';
global $__site_config;
//Note: Change this path if you run this code outside lab.
diff --git a/logintest.php b/logintest.php
index c0b442c9..10fc1aca 100644
--- a/logintest.php
+++ b/logintest.php
@@ -10,13 +10,22 @@ if (isset($_GET['logout'])) {
die("Session destroyed, <a href='logintest.php'>Login Again</a>");
}
+/*
+1. Check if session_token in PHP session is available
+2. If yes, construct UserSession and see if its successful.
+3. Check if the session is valid one
+4. If valid, print "Session validated"
+5. Else, print "Invlaid Session" and ask user to login.
+*/
if (Session::get('is_loggedin')) {
$username = Session::get('session_username');
$userobj = new User($username);
print("Welcome Back ".$userobj->getFirstname());
- print("<br>".$userobj->getBio());
+ //print("<br>".$userobj->getBio());
$userobj->setBio("Making new things...");
- print("<br>".$userobj->getBio());
+ $userobj->setModel("Human");
+//$userobj->thisIsNotAFunction();
+//print("<br>".$userobj->getBio());
} else {
printf("No session found, trying to login now. <br>");
$result = User::login($user, $pass);
diff --git a/sg.php b/sg.php
index 75adc884..00bc9062 100644
--- a/sg.php
+++ b/sg.php
@@ -8,22 +8,22 @@ print_r($_SESSION);
print("_SERVER \n");
print_r($_SERVER);
-if (isset($_GET['clear'])) {
- printf("Clearing...\n");
- Session::unset();
-}
-
-if (Session::isset('a')) {
- printf("A already exists... Value: ".Session::get('a')."\n");
-} else {
- Session::set('a', time());
- printf("Assigning new value... Value: $_SESSION[a]\n");
-}
-
-if (isset($_GET['destroy'])) {
- printf("Destroying...\n");
- Session::destroy();
-}
+// if (isset($_GET['clear'])) {
+// printf("Clearing...\n");
+// Session::unset();
+// }
+
+// if (Session::isset('a')) {
+// printf("A already exists... Value: ".Session::get('a')."\n");
+// } else {
+// Session::set('a', time());
+// printf("Assigning new value... Value: $_SESSION[a]\n");
+// }
+
+// if (isset($_GET['destroy'])) {
+// printf("Destroying...\n");
+// Session::destroy();
+// }
--
GitLab