Methods summary
public
|
#
Session( string $sid = "" )
Create a new Session object.
Create a new Session object.
If a session identifier is supplied, or we can find one in a cookie, we
validate it and consider the person logged in. We read some useful session and
user data in passing as we do this.
The session identifier contains a random value, hashed, to provide
validation. This could be hijacked if the traffic was sniffable so sites who are
paranoid about security should only do this across SSL.
A worthwhile enhancement would be to add some degree of external
configurability to that read.
Parameters
- $sid
string $sid A session identifier.
|
public
|
#
Log( string $whatever )
DEPRECATED Utility function to log stuff with printf expansion.
DEPRECATED Utility function to log stuff with printf expansion.
This function could be expanded to log something identifying the session, but
somewhat strangely this has not yet been done.
Deprecated
Parameters
- $whatever
string $whatever A log string
|
public
|
#
Dbg( string $whatever )
DEPRECATED Utility function to log debug stuff with printf expansion, and the
ability to enable it selectively.
DEPRECATED Utility function to log debug stuff with printf expansion, and the
ability to enable it selectively.
The enabling is done by setting a variable "$debuggroups[$group] = 1"
Deprecated
Parameters
- $whatever
string $group The name of an arbitrary debug group.
|
public
boolean
|
#
AllowedTo( string $whatever )
Checks whether a user is allowed to do something.
Checks whether a user is allowed to do something.
The check is performed to see if the user has that role.
Parameters
- $whatever
string $whatever The role we want to know if the user has.
Returns
boolean Whether or not the user has the specified role.
|
public
|
#
GetRoles( )
Internal function used to get the user's roles from the database.
Internal function used to get the user's roles from the database.
|
public
|
#
AssignSessionDetails( object $u )
Internal function used to assign the session details to a user's new
session.
Internal function used to assign the session details to a user's new
session.
Parameters
- $u
object $u The user+session object we (probably) read from the database.
|
public
boolean
|
#
Login( string $username, string $password, string $authenticated = false )
Attempt to perform a login action.
Attempt to perform a login action.
This will validate the user's username and password. If they are OK then a
new session id will be created and the user will be cookied with it for
subsequent pages. A logged in session will be created, and the $_POST array will
be cleared of the username, password and submit values. submit will also be
cleared from $_GET and $GLOBALS, just in case.
Parameters
- $username
string $username The user's login name, or at least what they entered it as.
- $password
string $password The user's password, or at least what they entered it as.
- $authenticated
string $authenticated If true, then authentication has already happened and the
password is not checked, though the user must still exist.
Returns
boolean Whether or not the user correctly guessed a temporary password within the
necessary window of opportunity.
|
public
boolean
|
#
LSIDLogin( string $lsid )
Attempts to logs in using a long-term session ID
Attempts to logs in using a long-term session ID
This is all horribly insecure, but its hard not to be.
Parameters
- $lsid
string $lsid The user's value of the lsid cookie.
Returns
boolean Whether or not the user's lsid cookie got them in the door.
|
public
string
|
#
RenderLoginPanel( )
Renders some HTML for a basic login panel
Renders some HTML for a basic login panel
Returns
string The HTML to display a login panel.
|
public
boolean
|
#
LoginRequired( string $groups = "" )
Checks that this user is logged in, and presents a login screen if they
aren't.
Checks that this user is logged in, and presents a login screen if they
aren't.
The function can optionally confirm whether they are a member of one of a
list of groups, and deny access if they are not a member of any of them.
Parameters
- $groups
string $groups The list of groups that the user must be a member of one of to be
allowed to proceed.
Returns
boolean Whether or not the user is logged in and is a member of one of the required
groups.
|
public
|
#
EmailTemporaryPassword( mixed $username, mixed $email_address, mixed $body_template = "" )
E-mails a temporary password in response to a request from a user.
E-mails a temporary password in response to a request from a user.
This could be called from somewhere within the application that allows
someone to set up a user and invite them.
This function includes EMail.php to actually send the password.
|
public
|
#
SendTemporaryPassword( )
Sends a temporary password in response to a request from a user.
Sends a temporary password in response to a request from a user.
This is probably only going to be called from somewhere internal. An external
caller will probably just want the e-mail, without the HTML that this
displays.
|
public static
|
|
public
|
|
public
string
|
#
FormattedDate( string $indate, string $type = 'date' )
Function to reformat an ISO date to something nicer and possibly more
localised
Function to reformat an ISO date to something nicer and possibly more
localised
Parameters
- $indate
string $indate The ISO date to be formatted.
- $type
string $type If 'timestamp' then the time will also be shown.
Returns
string The nicely formatted date.
|
public
string
|
#
BuildConfirmationHash( string $method, string $varname )
Build a hash which we can use for confirmation that we didn't get e-mailed a
bogus link by someone, and that we actually got here by traversing the
website.
Build a hash which we can use for confirmation that we didn't get e-mailed a
bogus link by someone, and that we actually got here by traversing the
website.
Parameters
- $method
string $method Either 'GET' or 'POST' depending on the way we will use this.
- $varname
string $varname The name of the variable which we will confirm
Returns
string A string we can use as either a GET or POST value (i.e. a hidden field, or a
varname=hash pair.
|
public
string
|
#
CheckConfirmationHash( string $method, string $varname )
Check a hash which we created through BuildConfirmationHash
Check a hash which we created through BuildConfirmationHash
Parameters
- $method
string $method Either 'GET' or 'POST' depending on the way we will use this.
- $varname
string $varname The name of the variable which we will confirm
Returns
string A string we can use as either a GET or POST value (i.e. a hidden field, or a
varname=hash pair.
|
Properties summary
public
mixed
|
$roles
|
|
|
public
string
|
$cause
|
'' |
|
public
integer
|
$user_no
|
|
#
The user_no of the logged in user.
The user_no of the logged in user.
|
public
integer
|
$session_id
|
0 |
#
A unique id for this user's logged-in session.
A unique id for this user's logged-in session.
|
public
integer
|
$username
|
'guest' |
#
The user's username used to log in.
The user's username used to log in.
|
public
integer
|
$fullname
|
'Guest' |
#
The user's full name from their usr record.
The user's full name from their usr record.
|
public
integer
|
$email
|
'' |
#
The user's email address from their usr record.
The user's email address from their usr record.
|
public
integer
|
$logged_in
|
false |
#
Whether this user has actually logged in.
Whether this user has actually logged in.
|
public
boolean
|
$just_logged_in
|
false |
#
Whether the user logged in to view the current page. Perhaps some details on
the login form might pollute an editable form and result in an unplanned submit.
This can be used to program around such a problem.
Whether the user logged in to view the current page. Perhaps some details on
the login form might pollute an editable form and result in an unplanned submit.
This can be used to program around such a problem.
|
public
string
|
$last_session_start
|
|
#
The date and time that the user logged on during their last session.
The date and time that the user logged on during their last session.
|
public
string
|
$last_session_end
|
|
#
The date and time that the user requested their last page during their last
session.
The date and time that the user requested their last page during their last
session.
|