kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Session using cookie

Browse Source
This commit is contained in:
Ibnu Maksum 2024-02-12 09:45:44 +07:00
parent 66432eda56
commit 9543ee6e34
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
7 changed files with 80 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
system/autoload/Admin.php
View File

@ -6,8 +6,40 @@
Class Admin{ Class Admin{
public static function getID(){
global $db_password;
if(isset($_SESSION['aid'])){
return $_SESSION['aid'];
}else if(isset($_COOKIE['aid'])){
// id.time.sha1
$tmp = explode('.',$_COOKIE['aid']);
if(sha1($tmp[0].$tmp[1].$db_password)==$tmp[2]){
if($tmp[1] < 86400*7){
$_SESSION['aid'] = $tmp[0];
return $tmp[0];
}
}
}
return 0;
}
public static function setCookie($aid){
global $db_password;
if(isset($aid)){
$time = time();
setcookie('aid', $aid.'.'.$time.'.'.sha1($aid.'.'.$time.'.'.$db_password), time()+86400*7);
}
}
public static function removeCookie(){
if(isset($_COOKIE['aid'])){
setcookie('aid', '', time()-86400);
}
}
public static function _info(){ public static function _info(){
$id = $_SESSION['aid']; $id = Admin::getID();
$d = ORM::for_table('tbl_users')->find_one($id); $d = ORM::for_table('tbl_users')->find_one($id);
return $d; return $d;
} }

35
system/autoload/User.php
View File

@ -8,9 +8,40 @@
class User class User
{ {
public static function getID(){
global $db_password;
if(isset($_SESSION['uid'])){
return $_SESSION['uid'];
}else if(isset($_COOKIE['uid'])){
// id.time.sha1
$tmp = explode('.',$_COOKIE['uid']);
if(sha1($tmp[0].$tmp[1].$db_password)==$tmp[2]){
if($tmp[1] < 86400*30){
$_SESSION['uid'] = $tmp[0];
return $tmp[0];
}
}
}
return 0;
}
public static function setCookie($uid){
global $db_password;
if(isset($uid)){
$time = time();
setcookie('uid', $uid.'.'.$time.'.'.sha1($uid.'.'.$time.'.'.$db_password), time()+86400*30);
}
}
public static function removeCookie(){
if(isset($_COOKIE['uid'])){
setcookie('uid', '', time()-86400);
}
}
public static function _info() public static function _info()
{ {
$id = $_SESSION['uid']; $id = User::getID();
$d = ORM::for_table('tbl_customers')->find_one($id); $d = ORM::for_table('tbl_customers')->find_one($id);
if(empty($d['username'])){ if(empty($d['username'])){
@ -21,7 +52,7 @@ class User
public static function _billing() public static function _billing()
{ {
$id = $_SESSION['uid']; $id = User::getID();
$d = ORM::for_table('tbl_user_recharges')->where('customer_id', $id)->find_many(); $d = ORM::for_table('tbl_user_recharges')->where('customer_id', $id)->find_many();
return $d; return $d;
} }

12
system/boot.php
View File

@ -116,7 +116,7 @@ try {
$ui->setConfigDir(File::pathFixer('ui/conf/')); $ui->setConfigDir(File::pathFixer('ui/conf/'));
$ui->setCacheDir(File::pathFixer('ui/cache/')); $ui->setCacheDir(File::pathFixer('ui/cache/'));
$ui->assign("error_title", "PHPNuxBill Crash"); $ui->assign("error_title", "PHPNuxBill Crash");
if (isset($_SESSION['uid'])) { if (_auth()) {
$ui->assign("error_message", $e->getMessage() . '<br>'); $ui->assign("error_message", $e->getMessage() . '<br>');
} else { } else {
$ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>'); $ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>');
@ -131,7 +131,7 @@ try {
$ui->setConfigDir(File::pathFixer('ui/conf/')); $ui->setConfigDir(File::pathFixer('ui/conf/'));
$ui->setCacheDir(File::pathFixer('ui/cache/')); $ui->setCacheDir(File::pathFixer('ui/cache/'));
$ui->assign("error_title", "PHPNuxBill Crash"); $ui->assign("error_title", "PHPNuxBill Crash");
if (isset($_SESSION['uid'])) { if (_auth()) {
$ui->assign("error_message", $e->getMessage() . '<br>'); $ui->assign("error_message", $e->getMessage() . '<br>');
} else { } else {
$ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>'); $ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>');
@ -215,7 +215,7 @@ foreach (glob(File::pathFixer("system/plugin/*.php")) as $filename) {
function _auth($login = true) function _auth($login = true)
{ {
if (isset($_SESSION['uid'])) { if (User::getID()) {
return true; return true;
} else { } else {
if ($login) { if ($login) {
@ -228,7 +228,7 @@ function _auth($login = true)
function _admin($login = true) function _admin($login = true)
{ {
if (isset($_SESSION['aid'])) { if (Admin::getID()) {
return true; return true;
} else { } else {
if ($login) { if ($login) {
@ -372,7 +372,7 @@ try {
r2(U . 'dashboard', 'e', 'not found'); r2(U . 'dashboard', 'e', 'not found');
} }
} catch (Throwable $e) { } catch (Throwable $e) {
if (!isset($_SESSION['aid']) || empty($_SESSION['aid'])) { if (Admin::getID()) {
r2(U . 'home', 'e', $e->getMessage()); r2(U . 'home', 'e', $e->getMessage());
} }
$ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>'); $ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>');
@ -380,7 +380,7 @@ try {
$ui->display('router-error.tpl'); $ui->display('router-error.tpl');
die(); die();
} catch (Exception $e) { } catch (Exception $e) {
if (!isset($_SESSION['aid']) || empty($_SESSION['aid'])) { if (Admin::getID()) {
r2(U . 'home', 'e', $e->getMessage()); r2(U . 'home', 'e', $e->getMessage());
} }
$ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>'); $ui->assign("error_message", $e->getMessage() . '<br><pre>' . $e->getTraceAsString() . '</pre>');

1
system/controllers/admin.php
View File

@ -22,6 +22,7 @@ switch ($do) {
$d_pass = $d['password']; $d_pass = $d['password'];
if (Password::_verify($password, $d_pass) == true) { if (Password::_verify($password, $d_pass) == true) {
$_SESSION['aid'] = $d['id']; $_SESSION['aid'] = $d['id'];
Admin::setCookie($d['id']);
$d->last_login = date('Y-m-d H:i:s'); $d->last_login = date('Y-m-d H:i:s');
$d->save(); $d->save();
_log($username . ' ' . $_L['Login_Successful'], 'Admin', $d['id']); _log($username . ' ' . $_L['Login_Successful'], 'Admin', $d['id']);

8
system/controllers/customers.php
View File

@ -238,7 +238,7 @@ switch ($action) {
if (Validator::Length($fullname, 36, 2) == false) { if (Validator::Length($fullname, 36, 2) == false) {
$msg .= 'Full Name should be between 3 to 25 characters' . '<br>'; $msg .= 'Full Name should be between 3 to 25 characters' . '<br>';
} }
if (!Validator::Length($password, 35, 2)) { if (!Validator::Length($password, 36, 2)) {
$msg .= 'Password should be between 3 to 35 characters' . '<br>'; $msg .= 'Password should be between 3 to 35 characters' . '<br>';
} }
@ -275,14 +275,14 @@ switch ($action) {
$service_type = _post('service_type'); $service_type = _post('service_type');
run_hook('edit_customer'); #HOOK run_hook('edit_customer'); #HOOK
$msg = ''; $msg = '';
if (Validator::Length($username, 16, 2) == false) { if (Validator::Length($username, 35, 2) == false) {
$msg .= 'Username should be between 3 to 15 characters' . '<br>'; $msg .= 'Username should be between 3 to 15 characters' . '<br>';
} }
if (Validator::Length($fullname, 26, 1) == false) { if (Validator::Length($fullname, 36, 1) == false) {
$msg .= 'Full Name should be between 2 to 25 characters' . '<br>'; $msg .= 'Full Name should be between 2 to 25 characters' . '<br>';
} }
if ($password != '') { if ($password != '') {
if (!Validator::Length($password, 15, 2)) { if (!Validator::Length($password, 36, 2)) {
$msg .= 'Password should be between 3 to 15 characters' . '<br>'; $msg .= 'Password should be between 3 to 15 characters' . '<br>';
} }
} }

1
system/controllers/login.php
View File

@ -22,6 +22,7 @@ switch ($do) {
$d_pass = $d['password']; $d_pass = $d['password'];
if (Password::_uverify($password, $d_pass) == true) { if (Password::_uverify($password, $d_pass) == true) {
$_SESSION['uid'] = $d['id']; $_SESSION['uid'] = $d['id'];
User::setCookie($d['id']);
$d->last_login = date('Y-m-d H:i:s'); $d->last_login = date('Y-m-d H:i:s');
$d->save(); $d->save();
_log($username . ' ' . $_L['Login_Successful'], 'User', $d['id']); _log($username . ' ' . $_L['Login_Successful'], 'User', $d['id']);

2
system/controllers/logout.php
View File

@ -6,5 +6,7 @@
run_hook('customer_logout'); #HOOK run_hook('customer_logout'); #HOOK
if (session_status() == PHP_SESSION_NONE) session_start(); if (session_status() == PHP_SESSION_NONE) session_start();
Admin::removeCookie();
User::removeCookie();
session_destroy(); session_destroy();
header('location: index.php'); header('location: index.php');