A class for creating and holding session information.
Located in /Session.php (line 58)
The user's email address from their usr record.
The user's full name from their usr record.
Whether the user logged in to view the current page. Perhaps some details on the login form might pollute an editable form and result in an unplanned submit. This can be used to program around such a problem.
The date and time that the user requested their last page during their last session.
The date and time that the user logged on during their last session.
Whether this user has actually logged in.
A unique id for this user's logged-in session.
The user's username used to log in.
The user_no of the logged in user.
Create a new Session object.
If a session identifier is supplied, or we can find one in a cookie, we validate it and consider the person logged in. We read some useful session and user data in passing as we do this.
The session identifier contains a random value, hashed, to provide validation. This could be hijacked if the traffic was sniffable so sites who are paranoid about security should only do this across SSL.
A worthwhile enhancement would be to add some degree of external configurability to that read.
Checks whether a user is allowed to do something.
The check is performed to see if the user has that role.
Internal function used to assign the session details to a user's new session.
Build a hash which we can use for confirmation that we didn't get e-mailed a bogus link by someone, and that we actually got here by traversing the website.
Check a hash which we created through BuildConfirmationHash
DEPRECATED Utility function to log debug stuff with printf expansion, and the ability to enable it selectively.
The enabling is done by setting a variable "$debuggroups[$group] = 1"
E-mails a temporary password in response to a request from a user.
This could be called from somewhere within the application that allows someone to set up a user and invite them.
This function includes EMail.php to actually send the password.
Function to reformat an ISO date to something nicer and possibly more localised
Internal function used to get the user's roles from the database.
DEPRECATED Utility function to log stuff with printf expansion.
This function could be expanded to log something identifying the session, but somewhat strangely this has not yet been done.
Attempt to perform a login action.
This will validate the user's username and password. If they are OK then a new session id will be created and the user will be cookied with it for subsequent pages. A logged in session will be created, and the $_POST array will be cleared of the username, password and submit values. submit will also be cleared from $_GET and $GLOBALS, just in case.
Checks that this user is logged in, and presents a login screen if they aren't.
The function can optionally confirm whether they are a member of one of a list of groups, and deny access if they are not a member of any of them.
Attempts to logs in using a long-term session ID
This is all horribly insecure, but its hard not to be.
Renders some HTML for a basic login panel
Sends a temporary password in response to a request from a user.
This is probably only going to be called from somewhere internal. An external caller will probably just want the e-mail, without the HTML that this displays.
Documentation generated on Thu, 15 Apr 2010 20:23:06 +1200 by phpDocumentor 1.3.2