From 9543ee6e34c7e90317eb3ca4bbbf5436e617f7a4 Mon Sep 17 00:00:00 2001 From: Ibnu Maksum Date: Mon, 12 Feb 2024 09:45:44 +0700 Subject: [PATCH] Session using cookie --- system/autoload/Admin.php | 34 ++++++++++++++++++++++++++++++- system/autoload/User.php | 35 ++++++++++++++++++++++++++++++-- system/boot.php | 12 +++++------ system/controllers/admin.php | 1 + system/controllers/customers.php | 8 ++++---- system/controllers/login.php | 1 + system/controllers/logout.php | 2 ++ 7 files changed, 80 insertions(+), 13 deletions(-) diff --git a/system/autoload/Admin.php b/system/autoload/Admin.php index 1d9edcb4..3c8ca0ee 100644 --- a/system/autoload/Admin.php +++ b/system/autoload/Admin.php @@ -6,8 +6,40 @@ Class Admin{ + + public static function getID(){ + global $db_password; + if(isset($_SESSION['aid'])){ + return $_SESSION['aid']; + }else if(isset($_COOKIE['aid'])){ + // id.time.sha1 + $tmp = explode('.',$_COOKIE['aid']); + if(sha1($tmp[0].$tmp[1].$db_password)==$tmp[2]){ + if($tmp[1] < 86400*7){ + $_SESSION['aid'] = $tmp[0]; + return $tmp[0]; + } + } + } + return 0; + } + + public static function setCookie($aid){ + global $db_password; + if(isset($aid)){ + $time = time(); + setcookie('aid', $aid.'.'.$time.'.'.sha1($aid.'.'.$time.'.'.$db_password), time()+86400*7); + } + } + + public static function removeCookie(){ + if(isset($_COOKIE['aid'])){ + setcookie('aid', '', time()-86400); + } + } + public static function _info(){ - $id = $_SESSION['aid']; + $id = Admin::getID(); $d = ORM::for_table('tbl_users')->find_one($id); return $d; } diff --git a/system/autoload/User.php b/system/autoload/User.php index 85d9a73d..b06b7260 100644 --- a/system/autoload/User.php +++ b/system/autoload/User.php @@ -8,9 +8,40 @@ class User { + public static function getID(){ + global $db_password; + if(isset($_SESSION['uid'])){ + return $_SESSION['uid']; + }else if(isset($_COOKIE['uid'])){ + // id.time.sha1 + $tmp = explode('.',$_COOKIE['uid']); + if(sha1($tmp[0].$tmp[1].$db_password)==$tmp[2]){ + if($tmp[1] < 86400*30){ + $_SESSION['uid'] = $tmp[0]; + return $tmp[0]; + } + } + } + return 0; + } + + public static function setCookie($uid){ + global $db_password; + if(isset($uid)){ + $time = time(); + setcookie('uid', $uid.'.'.$time.'.'.sha1($uid.'.'.$time.'.'.$db_password), time()+86400*30); + } + } + + public static function removeCookie(){ + if(isset($_COOKIE['uid'])){ + setcookie('uid', '', time()-86400); + } + } + public static function _info() { - $id = $_SESSION['uid']; + $id = User::getID(); $d = ORM::for_table('tbl_customers')->find_one($id); if(empty($d['username'])){ @@ -21,7 +52,7 @@ class User public static function _billing() { - $id = $_SESSION['uid']; + $id = User::getID(); $d = ORM::for_table('tbl_user_recharges')->where('customer_id', $id)->find_many(); return $d; } diff --git a/system/boot.php b/system/boot.php index 51193ade..e3eb4664 100644 --- a/system/boot.php +++ b/system/boot.php @@ -116,7 +116,7 @@ try { $ui->setConfigDir(File::pathFixer('ui/conf/')); $ui->setCacheDir(File::pathFixer('ui/cache/')); $ui->assign("error_title", "PHPNuxBill Crash"); - if (isset($_SESSION['uid'])) { + if (_auth()) { $ui->assign("error_message", $e->getMessage() . '
'); } else { $ui->assign("error_message", $e->getMessage() . '
' . $e->getTraceAsString() . '
'); @@ -131,7 +131,7 @@ try { $ui->setConfigDir(File::pathFixer('ui/conf/')); $ui->setCacheDir(File::pathFixer('ui/cache/')); $ui->assign("error_title", "PHPNuxBill Crash"); - if (isset($_SESSION['uid'])) { + if (_auth()) { $ui->assign("error_message", $e->getMessage() . '
'); } else { $ui->assign("error_message", $e->getMessage() . '
' . $e->getTraceAsString() . '
'); @@ -215,7 +215,7 @@ foreach (glob(File::pathFixer("system/plugin/*.php")) as $filename) { function _auth($login = true) { - if (isset($_SESSION['uid'])) { + if (User::getID()) { return true; } else { if ($login) { @@ -228,7 +228,7 @@ function _auth($login = true) function _admin($login = true) { - if (isset($_SESSION['aid'])) { + if (Admin::getID()) { return true; } else { if ($login) { @@ -372,7 +372,7 @@ try { r2(U . 'dashboard', 'e', 'not found'); } } catch (Throwable $e) { - if (!isset($_SESSION['aid']) || empty($_SESSION['aid'])) { + if (Admin::getID()) { r2(U . 'home', 'e', $e->getMessage()); } $ui->assign("error_message", $e->getMessage() . '
' . $e->getTraceAsString() . '
'); @@ -380,7 +380,7 @@ try { $ui->display('router-error.tpl'); die(); } catch (Exception $e) { - if (!isset($_SESSION['aid']) || empty($_SESSION['aid'])) { + if (Admin::getID()) { r2(U . 'home', 'e', $e->getMessage()); } $ui->assign("error_message", $e->getMessage() . '
' . $e->getTraceAsString() . '
'); diff --git a/system/controllers/admin.php b/system/controllers/admin.php index 599f2987..dbdca380 100644 --- a/system/controllers/admin.php +++ b/system/controllers/admin.php @@ -22,6 +22,7 @@ switch ($do) { $d_pass = $d['password']; if (Password::_verify($password, $d_pass) == true) { $_SESSION['aid'] = $d['id']; + Admin::setCookie($d['id']); $d->last_login = date('Y-m-d H:i:s'); $d->save(); _log($username . ' ' . $_L['Login_Successful'], 'Admin', $d['id']); diff --git a/system/controllers/customers.php b/system/controllers/customers.php index 74e8440b..f383f4f8 100644 --- a/system/controllers/customers.php +++ b/system/controllers/customers.php @@ -238,7 +238,7 @@ switch ($action) { if (Validator::Length($fullname, 36, 2) == false) { $msg .= 'Full Name should be between 3 to 25 characters' . '
'; } - if (!Validator::Length($password, 35, 2)) { + if (!Validator::Length($password, 36, 2)) { $msg .= 'Password should be between 3 to 35 characters' . '
'; } @@ -275,14 +275,14 @@ switch ($action) { $service_type = _post('service_type'); run_hook('edit_customer'); #HOOK $msg = ''; - if (Validator::Length($username, 16, 2) == false) { + if (Validator::Length($username, 35, 2) == false) { $msg .= 'Username should be between 3 to 15 characters' . '
'; } - if (Validator::Length($fullname, 26, 1) == false) { + if (Validator::Length($fullname, 36, 1) == false) { $msg .= 'Full Name should be between 2 to 25 characters' . '
'; } if ($password != '') { - if (!Validator::Length($password, 15, 2)) { + if (!Validator::Length($password, 36, 2)) { $msg .= 'Password should be between 3 to 15 characters' . '
'; } } diff --git a/system/controllers/login.php b/system/controllers/login.php index e50eb9a9..8c97e22a 100644 --- a/system/controllers/login.php +++ b/system/controllers/login.php @@ -22,6 +22,7 @@ switch ($do) { $d_pass = $d['password']; if (Password::_uverify($password, $d_pass) == true) { $_SESSION['uid'] = $d['id']; + User::setCookie($d['id']); $d->last_login = date('Y-m-d H:i:s'); $d->save(); _log($username . ' ' . $_L['Login_Successful'], 'User', $d['id']); diff --git a/system/controllers/logout.php b/system/controllers/logout.php index 0b069673..af08d930 100644 --- a/system/controllers/logout.php +++ b/system/controllers/logout.php @@ -6,5 +6,7 @@ run_hook('customer_logout'); #HOOK if (session_status() == PHP_SESSION_NONE) session_start(); +Admin::removeCookie(); +User::removeCookie(); session_destroy(); header('location: index.php'); \ No newline at end of file