building sessions

libs/includes/Session.class.php

@@ -14,6 +14,9 @@ class Session
     public static function destroy()
     {
         session_destroy();
+        /*
+        If UserSession is active, set it to inactive.
+        */
     }
 
     public static function set($key, $value)

libs/includes/User.class.php

@@ -14,6 +14,8 @@ class User
             return $this->_get_data($property);
         } elseif (substr($name, 0, 3) == "set") {
             return $this->_set_data($property, $arguments[0]);
+        } else {
+            throw new Exception("User::__call() -> $name, function unavailable.");
         }
     }
     
@@ -47,6 +49,11 @@ class User
             $row = $result->fetch_assoc();
             //if ($row['password'] == $pass) {
             if (password_verify($pass, $row['password'])) {
+                /*
+                1. Generate Session Token
+                2. Insert Session Token
+                3. Build session and give session to user.
+                */
                 return $row['username'];
             } else {
                 return false;
@@ -56,13 +63,14 @@ class User
         }
     }
 
+    //User object can be constructed with both UserID and Username.
     public function __construct($username)
     {
         //TODO: Write the code to fetch user data from Database for the given username. If username is not present, throw Exception.
         $this->conn = Database::getConnection();
         $this->username = $username;
         $this->id = null;
-        $sql = "SELECT `id` FROM `auth` WHERE `username`= '$username' LIMIT 1";
+        $sql = "SELECT `id` FROM `auth` WHERE `username`= '$username' OR `id` = '$username' LIMIT 1";
         $result = $this->conn->query($sql);
         if ($result->num_rows) {
             $row = $result->fetch_assoc();

libs/includes/UserSession.class.php

+<?php
+
+class UserSession
+{
+    /**
+     * This function will return a session ID if username and password is correct.
+     *
+     * @return SessionID
+     */
+    public static function authenticate($user, $pass)
+    {
+        $username = User::login($user, $pass);
+        $user = new User($username);
+        if ($username) {
+            $conn = Database::getConnection();
+            $ip = $_SERVER['REMOTE_ADDR'];
+            $agent = $_SERVER['HTTP_USER_AGENT'];
+            $token = md5(rand(0, 9999999) .$ip.$agent.time());
+            $sql = "INSERT INTO `session` (`uid`, `token`, `login_time`, `ip`, `user_agent`, `active`)
+            VALUES ('$user->id', '$token', now(), '$ip', '$agent', '1')";
+            if ($conn->query($sql)) {
+                Session::set('session_token', $token);
+                return $token;
+            } else {
+                return false;
+            }
+        } else {
+            return false;
+        }
+    }
+
+    public static function authorize($token)
+    {
+        $sess = new UserSession($token);
+    }
+
+    public function __construct($token)
+    {
+        $this->conn = Database::getConnection();
+        $this->token = $token;
+        $this->data = null;
+        $sql = "SELECT * FROM `session` WHERE `token`=$token LIMIT 1";
+        $result = $this->conn->query($sql);
+        if ($result->num_rows) {
+            $row = $result->fetch_assoc();
+            $this->data = $row;
+            $this->uid = $row['uid']; //Updating this from database
+        } else {
+            throw new Exception("Session is invalid.");
+        }
+    }
+
+    public function getUser()
+    {
+        return new User($this->uid);
+    }
+
+    /**
+     * Check if the validity of the session is within one hour, else it inactive.
+     *
+     * @return boolean
+     */
+    public function isValid()
+    {
+    }
+
+    public function getIP()
+    {
+    }
+
+    public function getUserAgent()
+    {
+    }
+
+    public function deactivate()
+    {
+    }
+}

libs/load.php

@@ -3,6 +3,7 @@ include_once 'includes/Session.class.php';
 include_once 'includes/Mic.class.php';
 include_once 'includes/User.class.php';
 include_once 'includes/Database.class.php';
+include_once 'includes/UserSession.class.php';
 
 global $__site_config;
 //Note: Change this path if you run this code outside lab.

logintest.php

@@ -10,13 +10,22 @@ if (isset($_GET['logout'])) {
     die("Session destroyed, <a href='logintest.php'>Login Again</a>");
 }
 
+/*
+1. Check if session_token in PHP session is available
+2. If yes, construct UserSession and see if its successful.
+3. Check if the session is valid one
+4. If valid, print "Session validated"
+5. Else, print "Invlaid Session" and ask user to login.
+*/
 if (Session::get('is_loggedin')) {
     $username = Session::get('session_username');
     $userobj = new User($username);
     print("Welcome Back ".$userobj->getFirstname());
-    print("<br>".$userobj->getBio());
+    //print("<br>".$userobj->getBio());
     $userobj->setBio("Making new things...");
-    print("<br>".$userobj->getBio());
+    $userobj->setModel("Human");
+//$userobj->thisIsNotAFunction();
+//print("<br>".$userobj->getBio());
 } else {
     printf("No session found, trying to login now. <br>");
     $result = User::login($user, $pass);

sg.php

@@ -8,22 +8,22 @@ print_r($_SESSION);
 print("_SERVER \n");
 print_r($_SERVER);
 
-if (isset($_GET['clear'])) {
-    printf("Clearing...\n");
-    Session::unset();
-}
-
-if (Session::isset('a')) {
-    printf("A already exists... Value: ".Session::get('a')."\n");
-} else {
-    Session::set('a', time());
-    printf("Assigning new value... Value: $_SESSION[a]\n");
-}
-
-if (isset($_GET['destroy'])) {
-    printf("Destroying...\n");
-    Session::destroy();
-}
+// if (isset($_GET['clear'])) {
+//     printf("Clearing...\n");
+//     Session::unset();
+// }
+
+// if (Session::isset('a')) {
+//     printf("A already exists... Value: ".Session::get('a')."\n");
+// } else {
+//     Session::set('a', time());
+//     printf("Assigning new value... Value: $_SESSION[a]\n");
+// }
+
+// if (isset($_GET['destroy'])) {
+//     printf("Destroying...\n");
+//     Session::destroy();
+// }