* @access public * * A session class for the CC AF (Reseller) Web * */ require_once("classes/SessionWrapper.php"); require_once("classes/DBConnection.php"); require_once("include/settings.php"); require_once("include/debug.php"); class AFSession extends SessionWrapper { var $login_failed; var $db; /** * Constructor * * @author Andreas Kling * @access public */ function AFSession() { global $db_settings; $this->db = new DBConnection( $db_settings ); parent::sessionWrapper(); /* Check for changes in remote address */ /*if ( $this->hasValue( "ip" ) && ( $this->getValue( "ip" ) != $_SERVER["REMOTE_ADDR"] ) ) { die( "Remote address changed. Please re-authenticate." ); $this->logout(); }*/ if ( $this->isOk() && isset( $_SERVER["REQUEST_URI"] ) ) { $this->db->query( "UPDATE afweb_users SET last_request_time='".date( "Y-m-d H:i:s" )."', last_request_uri='".$_SERVER["REQUEST_URI"]."' WHERE id='".$this->getValue( "userid" )."';" ); } /* End session if user has been inactive for 4 hours */ if ( $this->hasValue( "lastactive" ) ) { if ( time() > ( $this->getValue( "lastactive" ) + 18000 ) ) { $this->logout(); return false; } } /* Update activity timestamp */ $this->setValue( "lastactive", time() ); } /** * Returns true if we are authenticated & active. * * @author Andreas Kling * @access public */ function isOk () { // FIXME: Should verify u/p here with authenticate() // FIXME: Authentication does incur a certain database cost, and since // FIXME: this system is alone on the domain, it's not _really_ necessary. return ( $this->hasValue( "username" ) && $this->hasValue( "userid" ) ); } /** * Checks a username/password pair against the database. * * @author Andreas Kling * @access public */ function authenticate( $username, $password ) { $result = $this->db->query( "SELECT id FROM afweb_users WHERE username='$username' AND password='".$password."'" ) or debug_fatal( "AFSession::authenticate() couldn't execute database query" ); return ( $result->numRows() == 1 ); } /** * Attempts to log in. * If successful, some session variables are set up. * * @author Andreas Kling * @access public */ function login( $username, $password ) { $authenticated = $this->authenticate( $username, md5( $password ) ); $this->db->query( "INSERT INTO afweb_logins (ip, username, date, time, success) VALUES ('".$_SERVER["REMOTE_ADDR"]."', '$username', '".date("Y-m-d")."', '".date("H:i:s")."', '".( $authenticated ? "1" : "0" )."');" ); if ( $authenticated ) { $result = $this->db->query( "SELECT * FROM afweb_users WHERE username='$username' AND password='".md5( $password )."'" ); $row = $result->getArray(); $this->SetValue( "username", $row["username"] ); $this->SetValue( "fullname", $row["fullname"] ); $this->SetValue( "userid", $row["id"] ); $this->SetValue( "ip", $_SERVER["REMOTE_ADDR"] ); $this->SetValue( "logintime", time() ); $this->db->query( "UPDATE afweb_users SET last_login_time='".date( "Y-m-d H:i:s" )."', last_login_ip='".$_SERVER["REMOTE_ADDR"]."' WHERE id='".$row["id"]."';" ); return true; } else { $this->login_failed = true; $this->logout(); return false; } } /** * Attempts to switch user. * If successful, some session variables are set up. * * @access public */ function switchUser( $username ) { $result = $this->db->query( "SELECT * FROM afweb_users WHERE username='$username'" ); $row = $result->getArray(); $this->SetValue( "username", $row["username"] ); $this->SetValue( "fullname", $row["fullname"] ); $this->SetValue( "userid", $row["id"] ); $this->SetValue( "ip", $_SERVER["REMOTE_ADDR"] ); $this->SetValue( "logintime", time() ); return true; } /** * Returns true if a login attempt just failed. * * @author Andreas Kling * @access public * */ function loginFailed() { return ( $this->login_failed ); } /** * Ends the session. * * @author Andreas Kling * @access public */ function logout() { $this->endSession(); } /** * Returns the DBConnection object used by this AFSession. * This is somewhat hack-y, but setting up DBC's everywhere would * be much worse. * * @author Andreas Kling * @access public */ function db() { return $this->db; } } ?> dbQuery( "SELECT * FROM afweb_users WHERE id='$id';" ) or debug_fatal( "AFUser::AFUser(): Query failed for $id" ); if ( $result->numRows() == 0 ) debug_fatal( "AFUser::AFUser(): No rows returned for $id" ); $this->data = $result->getArray(); } function isOk () { return ( $this->data != false ); } function id() { return $this->data["id"]; } function username() { return $this->data["username"]; } function lastLoginTime() { return $this->data["last_login_time"]; } function lastLoginIP() { return $this->data["last_login_ip"]; } function lastRequestTime() { return $this->data["last_request_time"]; } function lastRequestURI() { return $this->data["last_request_uri"]; } function customerNumber() { return $this->data["customer_number"]; } function email() { return $this->data["email"]; } function news_by_email() { return $this->data["news_by_email"]; } function setSessionEmail($email) { $this->data["email"] = $email; } function isAdmin() { return ( $this->data["is_admin"] == 1 ); } function isCustomer() { return ( $this->data["is_customer"] == 1 ); } function isOnline() { if ( $this->data["last_request_time"] == 0 || $this->data["last_login_time"] == 0 ) return false; if ( strtotime( $this->data["last_request_time"] ) < ( time() - 3600 ) ) return false; if ( basename( $this->data["last_request_uri"], ".php" ) == "logout" ) return false; return true; } function updateLastRequest($id, $page) { $result = $this->dbQuery( "UPDATE afweb_users SET last_request_time=NOW(), last_request_uri='$page' WHERE id='$id';" ) or debug_fatal( "AFUser::AFUser(): Query failed for $id" ); } } ?>
Fatal error: Uncaught Error: Class "AFSession" not found in /home/syncifys/capricollection.com/include/check_login.php:5 Stack trace: #0 /home/syncifys/capricollection.com/header.php(3): require_once() #1 {main} thrown in /home/syncifys/capricollection.com/include/check_login.php on line 5