include_once('config.php'); //fichier de conf
class bdd
{
public function __construct() //connection a la base de donnée dans la classe
{
$this->_data=array();
$this->_cache=array();
$this->_result=array();
$this->_pdo = new PDO('mysql:host='.HOST_BDD.';dbname='.BASE_BDD,USER_BDD,PASS_BDD);
}
public function cache($requete,$data){
$this->_cache[]=$requete;
$this->_data[]=$data;
}
public function exec()
{
for($r=0;$r<count($this->_cache);$r++)
{
$i=0;
if(isset($this->_data[$r]) and !empty($this->_data[$r]))
{
$stmt = $this->_pdo->prepare($this->_cache[$r]);
$taille=count($this->_data[$r]);
for($s=0;$s<$taille;$s++)
{
$i++;
$stmt->bindParam($i, $this->_data[$r][$s], PDO::PARAM_STR);
}
$stmt->execute();
$result[$r]=$stmt->fetchAll();
$this->_result=$result;
}else{
$stmt = $this->_pdo->prepare($this->_cache[$r]);
$stmt->execute();
$result[$r]=$stmt->fetchAll();
$this->_result=$result;
}
}
$result=$this->_result;
$this->clear_cache();
return $result;
}
public function clear_cache(){
unset($this->_cache);
unset($this->_result);
}
}
class user
{
public function __construct(){
user::session();
$this->_bdd=new bdd;
$this->_colusername='username'; //username colonne
$this->_colpassword='password'; //password colonne
$this->_coluserid='id'; //user id colonne
$this->_tabuser='users'; //user table
if(isset($_SESSION['id']) and $_SESSION['id']!='')$this->_userid=$_SESSION['id'];
else $this->_userid='';
$this->_userid=''; //id de l'utilisateur il sera initaliser après l'auth
$this->_password_type='sha512'; //type d'encodage du password user dans la bdd
}
public static function ip(){
$ip = $_SERVER["REMOTE_ADDR"];
// empechement du hijaking de session
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; }
if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; }
return $ip;
}
public function auth($user,$password){
$password=hash($this->_password_type, $password);
$this->_bdd->cache('SELECT '.$this->_coluserid.' as nb FROM '.$this->_tabuser.' where '.$this->_colusername.'=? and '.$this->_colpassword.'=?',array($user,$password));
$var=$this->_bdd->exec();
if(isset($var[0][0]['nb']) and $var[0][0]['nb']!=''){
$_SESSION['id']=$var[0][0]['nb'];
$_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // générer un numero unique different du php id // which can be used to hmac forms and form token (to prevent XSRF)
$_SESSION['ip']=$this->ip(); // stockage de l'ip deu visiteur
$_SESSION['username']=$user;
$_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration.
return True;
}
else{
return False;
}
}
public function inscription($username,$password){
$this->_bdd->cache('INSERT INTO '.$this->_tabuser.' set '.$this->_colpassword.'=?, '.$this->_colusername.'=?',array($username,$password));
$this->_bdd->exec();
}
public function getinfo(){
$this->_bdd->cache('select * from '.$this->_tabuser.' where '.$this->_coluserid.' = '.$this->_userid,'');
$var=$this->_bdd->exec();
return $var;
}
public static function check_login(){
// si la session n'existe pas ou qu l'ip a changer -> logout
if (!isset ($_SESSION['uid']) || !$_SESSION['uid'] || $_SESSION['ip']!=user::ip() || time()>=$_SESSION['expires_on'])
{
user::logout();
}
$_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // mise a jour de la dte d'expiration
}
public static function logout()
// forcer la deconnexion
{
user::session();
session_destroy();
header('Location: login.php');
exit();
}
public static function session(){
if(!isset($_SESSION)) session_start();
}
{{tag> php sql bind }}