Gestire gli utenti: login,logout,sessioni

[Japogi]

allora per prima cosa ho settato il file config.php nella cartella include:

<?php
$_CONFIG['host'] = "";
$_CONFIG['user'] = "";
$_CONFIG['pass'] = "";
$_CONFIG['dbname'] = "";

$_CONFIG['table_sessioni'] = "sessioni";
$_CONFIG['table_utenti'] = "utenti";

$_CONFIG['expire'] = 60;


//--------------
define('AUTH_LOGGED', 99);
define('AUTH_NOT_LOGGED', 100);

define('AUTH_USE_COOKIE', 101);
define('AUTH_USE_LINK', 103);
define('AUTH_INVALID_PARAMS', 104);
define('AUTH_LOGEDD_IN', 105);
define('AUTH_FAILED', 106);

$conn = mysql_connect($_CONFIG['host'], $_CONFIG['user'], $_CONFIG['pass']) or die('Impossibile stabilire una connessione');
mysql_select_db($_CONFIG['dbname']);
?>

l'altro file nella cartella include è auth.lib.php :

<?php

$_AUTH = array(
"TRANSICTION METHOD" => AUTH_USE_COOKIE
);

function auth_set_option($opt_name, $opt_value){
global $_AUTH;

$_AUTH[$opt_name] = $opt_value;
}

function auth_get_option($opt_name){
global $_AUTH;

return is_null($_AUTH[$opt_name])
? NULL
: $_AUTH[$opt_name];
}

function auth_clean_expired(){
global $_CONFIG;

$result = mysql_query("SELECT creation_date FROM ".$_CONFIG['table_sessioni']." WHERE uid='".auth_get_uid()."'");
if($result){
$data = mysql_fetch_array($result);
if($data['creation_date']){
if($data['creation_date'] + $_CONFIG['expire'] <= time()){
switch(auth_get_option("TRANSICTION METHOD")){
case AUTH_USE_COOKIE:
setcookie('uid');
break;
case AUTH_USE_LINK:
global $_GET;
$_GET['uid'] = NULL;
break;
}
}
}
}

mysql_query("
DELETE FROM ".$_CONFIG['table_sessioni']."
WHERE creation_date + ".$_CONFIG['expire']." <= ".time()
);
}

function auth_get_uid(){

$uid = NULL;

switch(auth_get_option("TRANSICTION METHOD")){
case AUTH_USE_COOKIE:
global $_COOKIE;
$uid = $_COOKIE['uid'];
break;
case AUTH_USE_LINK:
global $_GET;
$uid = $_GET['uid'];
break;
}

return $uid ? $uid : NULL;
}

function auth_get_status(){
global $_CONFIG;

auth_clean_expired();
$uid = auth_get_uid();
if(is_null($uid))
return array(100, NULL);

$result = mysql_query("SELECT U.name as name, U.surname as surname, U.username as username
FROM ".$_CONFIG['table_sessioni']." S,".$_CONFIG['table_utenti']." U
WHERE S.user_id = U.id and S.uid = '".$uid."'");

if(mysql_num_rows($result) != 1)
return array(100, NULL);
else{
$user_data = mysql_fetch_assoc($result);
return array(99, array_merge($user_data, array('uid' => $uid)));
}
}

function auth_login($uname, $passw){
global $_CONFIG;

$result = mysql_query("
SELECT *
FROM ".$_CONFIG['table_utenti']."
WHERE username='".$uname."' and password=MD5('".$passw."')"
);

if(mysql_num_rows($result) != 1){
return array(AUTH_INVALID_PARAMS, NULL);
}else{
$data = mysql_fetch_array($result);
return array(AUTH_LOGEDD_IN, $data);
}
}

function auth_generate_uid(){

list($usec, $sec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
return md5(uniqid(mt_rand(), true));
}

function auth_register_session($udata){
global $_CONFIG;

$uid = auth_generate_uid();

mysql_query("
INSERT INTO ".$_CONFIG['table_sessioni']."
(uid, user_id, creation_date)
VALUES
('".$uid."', '".$udata['id']."', ".time().")
"
);
if(!mysql_insert_id()){
return array(AUTH_LOGEDD_IN, $uid);
}else{
return array(AUTH_FAILED, NULL);
}
}

function auth_logout(){
global $_CONFIG;

$uid = auth_get_uid();

if(is_null($uid)){
return false;
}else{
mysql_query("
DELETE FROM ".$_CONFIG['table_sessioni']."
WHERE uid = '".$uid."'"
);
return true;
}
}
?>

e qui sn finiti i file include.Adesso nel file login.php :

<?php
include_once("include/config.php");
include_once("include/auth.lib.php");

list($status, $user) = auth_get_status();

if($status == AUTH_NOT_LOGGED){
$uname = strtolower(trim($_POST['uname']));
$passw = strtolower(trim($_POST['passw']));

if($uname == "" or $passw == ""){
$status = AUTH_INVALID_PARAMS;
}else{
list($status, $user) = auth_login($uname, $passw);
if(!is_null($user)){
list($status, $uid) = auth_register_session($user);
}
}
}

switch($status){
case AUTH_LOGGED:
header("Refresh: 5;URL=home.php");
echo '<div align="center">Sei gia connesso ... attendi il reindirizzamento</div>';
break;
case AUTH_INVALID_PARAMS:
header("Refresh: 5;URL=home.php");
echo '<div align="center">Hai inserito dati non corretti ... attendi il reindirizzamento</div>';
break;
case AUTH_LOGEDD_IN:
switch(auth_get_option("TRANSICTION METHOD")){
case AUTH_USE_LINK:
header("Refresh: 5;URL=home.php?uid=".$uid);
break;
case AUTH_USE_COOKIE:
header("Refresh: 5;URL=home.php");
setcookie('uid', $uid, time()+3600*365);
break;
case AUTH_USE_SESSION:
header("Refresh: 5;URL=home.php");
$_SESSION['uid'] = $uid;
break;
}
echo '<div align="center">Ciao '.$user['name'].' ... attendi il reindirizzamento</div>';
break;
case AUTH_FAILED:
header("Refresh: 5;URL=home.php");
echo '<div align="center">Fallimento durante il tentativo di connessione ... attendi il reindirizzamento</div>';
break;
}
?>

dal login va all'indirizzamento del file home.php (ke nn mi avviene):

<?php
include_once("include/config.php");
include_once("include/auth.lib.php");

list($status, $user) = auth_get_status();

if($status == AUTH_LOGGED & auth_get_option("TRANSICTION METHOD") == AUTH_USE_LINK){
$link = "?uid=".$_GET['uid'];
}else $link = '';
?>
<html>
<head>
<title>Home Page</title>
</head>
<body>
<div align="center">
<table cellspacing="2">
<tr>
<td>Home Page</td>
<td>Prima Pagina (pubblica)</td>
<td>Seconda Pagina (privata)</td>
<td>Terza Pagina (privata)</td>
<td>Quarta Pagina (privata)</td>
</tr>
</table>
<?php
switch($status){
case AUTH_LOGGED:
?>
Sei loggato con il nome di <?=$user["name"];?> Logout
<?php
break;
case AUTH_NOT_LOGGED:
?>
<form action="login.php<?=$link?>" method="post">
<table cellspacing="2">
<tr>
<td>Nome Utente:</td>
<td><input type="text" name="uname"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="passw"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="action" value="login"></td>
</tr>
</table>
</form>
<?php
break;
}
?>
</div>
</body>
</html>


DEVO MODIFICARE QUALKE SETTAGGIO ?