Methods summary
public
|
#
Session( string $sid = "" )
Create a new Session object.
Create a new Session object.
If a session identifier is supplied, or we can find one in a cookie, we validate it
and consider the person logged in. We read some useful session and user data in
passing as we do this.
The session identifier contains a random value, hashed, to provide validation. This
could be hijacked if the traffic was sniffable so sites who are paranoid about security
should only do this across SSL.
A worthwhile enhancement would be to add some degree of external configurability to
that read.
Parameters
- $sid
- A session identifier.
|
public
|
#
Log( string $whatever )
DEPRECATED Utility function to log stuff with printf expansion.
DEPRECATED Utility function to log stuff with printf expansion.
This function could be expanded to log something identifying the session, but
somewhat strangely this has not yet been done.
Parameters
|
public
|
#
Dbg( string $whatever, string $whatever,… )
DEPRECATED Utility function to log debug stuff with printf expansion, and the ability to
enable it selectively.
DEPRECATED Utility function to log debug stuff with printf expansion, and the ability to
enable it selectively.
The enabling is done by setting a variable "$debuggroups[$group] = 1"
Parameters
- $whatever
- $group The name of an arbitrary debug group.
- $whatever,…
- A log string
|
public
boolean
|
#
AllowedTo( string $whatever )
Checks whether a user is allowed to do something.
Checks whether a user is allowed to do something.
The check is performed to see if the user has that role.
Parameters
- $whatever
- The role we want to know if the user has.
Returns
boolean
Whether or not the user has the specified role.
|
public
|
#
GetRoles( )
Internal function used to get the user's roles from the database.
Internal function used to get the user's roles from the database.
|
public
|
#
AssignSessionDetails( object $u )
Internal function used to assign the session details to a user's new session.
Internal function used to assign the session details to a user's new session.
Parameters
- $u
- The user+session object we (probably) read from the database.
|
public
boolean
|
#
Login( string $username, string $password, string $authenticated = false )
Attempt to perform a login action.
Attempt to perform a login action.
This will validate the user's username and password. If they are OK then a new
session id will be created and the user will be cookied with it for subsequent
pages. A logged in session will be created, and the $_POST array will be cleared
of the username, password and submit values. submit will also be cleared from
$_GET and $GLOBALS, just in case.
Parameters
- $username
- The user's login name, or at least what they entered it as.
- $password
- The user's password, or at least what they entered it as.
- $authenticated
- If true, then authentication has already happened and the password is not checked, though the user must still exist.
Returns
boolean
Whether or not the user correctly guessed a temporary password within the necessary window of opportunity.
|
public
boolean
|
#
LSIDLogin( string $lsid )
Attempts to logs in using a long-term session ID
Attempts to logs in using a long-term session ID
This is all horribly insecure, but its hard not to be.
Parameters
- $lsid
- The user's value of the lsid cookie.
Returns
boolean
Whether or not the user's lsid cookie got them in the door.
|
public
string
|
#
RenderLoginPanel( )
Renders some HTML for a basic login panel
Renders some HTML for a basic login panel
Returns
string
The HTML to display a login panel.
|
public
boolean
|
#
LoginRequired( string $groups = "" )
Checks that this user is logged in, and presents a login screen if they aren't.
Checks that this user is logged in, and presents a login screen if they aren't.
The function can optionally confirm whether they are a member of one of a list
of groups, and deny access if they are not a member of any of them.
Parameters
- $groups
- The list of groups that the user must be a member of one of to be allowed to proceed.
Returns
boolean
Whether or not the user is logged in and is a member of one of the required groups.
|
public
|
#
EmailTemporaryPassword( $username, $email_address, $body_template = "" )
E-mails a temporary password in response to a request from a user.
E-mails a temporary password in response to a request from a user.
This could be called from somewhere within the application that allows
someone to set up a user and invite them.
This function includes EMail.php to actually send the password.
|
public
|
#
SendTemporaryPassword( )
Sends a temporary password in response to a request from a user.
Sends a temporary password in response to a request from a user.
This is probably only going to be called from somewhere internal. An external
caller will probably just want the e-mail, without the HTML that this displays.
|
public static
|
|
public
|
|
public
string
|
#
FormattedDate( string $indate, string $type = 'date' )
Function to reformat an ISO date to something nicer and possibly more localised
Function to reformat an ISO date to something nicer and possibly more localised
Parameters
- $indate
- The ISO date to be formatted.
- $type
- If 'timestamp' then the time will also be shown.
Returns
string
The nicely formatted date.
|
public
string
|
#
BuildConfirmationHash( string $method, string $varname )
Build a hash which we can use for confirmation that we didn't get e-mailed
a bogus link by someone, and that we actually got here by traversing the
website.
Build a hash which we can use for confirmation that we didn't get e-mailed
a bogus link by someone, and that we actually got here by traversing the
website.
Parameters
- $method
- Either 'GET' or 'POST' depending on the way we will use this.
- $varname
- The name of the variable which we will confirm
Returns
string
A string we can use as either a GET or POST value (i.e. a hidden field, or a varname=hash pair.
|
public
string
|
#
CheckConfirmationHash( string $method, string $varname )
Check a hash which we created through BuildConfirmationHash
Check a hash which we created through BuildConfirmationHash
Parameters
- $method
- Either 'GET' or 'POST' depending on the way we will use this.
- $varname
- The name of the variable which we will confirm
Returns
string
A string we can use as either a GET or POST value (i.e. a hidden field, or a varname=hash pair.
|
Properties summary
public
|
$roles
|
|
public
string
|
$cause
|
|
public
integer
|
$user_no
The user_no of the logged in user.
The user_no of the logged in user.
|
|
public
integer
|
$session_id
A unique id for this user's logged-in session.
A unique id for this user's logged-in session.
|
|
public
integer
|
$username
The user's username used to log in.
The user's username used to log in.
|
|
public
integer
|
$fullname
The user's full name from their usr record.
The user's full name from their usr record.
|
|
public
integer
|
$email
The user's email address from their usr record.
The user's email address from their usr record.
|
|
public
integer
|
$logged_in
Whether this user has actually logged in.
Whether this user has actually logged in.
|
|
public
boolean
|
$just_logged_in
Whether the user logged in to view the current page. Perhaps some details on the
login form might pollute an editable form and result in an unplanned submit. This
can be used to program around such a problem.
Whether the user logged in to view the current page. Perhaps some details on the
login form might pollute an editable form and result in an unplanned submit. This
can be used to program around such a problem.
|
|
public
string
|
$last_session_start
The date and time that the user logged on during their last session.
The date and time that the user logged on during their last session.
|
|
public
string
|
$last_session_end
The date and time that the user requested their last page during their last
session.
The date and time that the user requested their last page during their last
session.
|
|