ini_set('session.save_path', $_SERVER['DOCUMENT_ROOT'] .'/sessions/');
ini_set('session.gc_maxlifetime', 604800);
session_start();
может кто увидит в этих файлах то что может затереть сессию или каким образом они пропадают
файл ajax.php
<?php
include './classes/Auth.class.php';
include './classes/AjaxRequest.class.php';
if (!empty($_COOKIE['sid'])) {
// check session id in cookies
session_id($_COOKIE['sid']);
}
session_start();
class AuthorizationAjaxRequest extends AjaxRequest
{
public $actions = array(
"login" => "login",
"logout" => "logout",
"register" => "register",
);
public function login()
{
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
// Method Not Allowed
http_response_code(405);
header("Allow: POST");
$this->setFieldError("main", "Method Not Allowed");
return;
}
setcookie("sid", "");
$username = $this->getRequestParam("username");
$password = $this->getRequestParam("password");
$remember = !!$this->getRequestParam("remember-me");
if (empty($username)) {
$this->setFieldError("username", "Enter the username");
return;
}
if (empty($password)) {
$this->setFieldError("password", "Enter the password");
return;
}
$user = new Auth\User();
$auth_result = $user->authorize($username, $password, $remember);
if (!$auth_result) {
$this->setFieldError("password", "Invalid username or password");
return;
}
$this->status = "ok";
$this->setResponse("redirect", ".");
$this->message = sprintf("Hello, %s! Access granted.", $username);
}
public function logout()
{
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
// Method Not Allowed
http_response_code(405);
header("Allow: POST");
$this->setFieldError("main", "Method Not Allowed");
return;
}
setcookie("sid", "");
$user = new Auth\User();
$user->logout();
$this->setResponse("redirect", ".");
$this->status = "ok";
}
public function register()
{
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
// Method Not Allowed
http_response_code(405);
header("Allow: POST");
$this->setFieldError("main", "Method Not Allowed");
return;
}
setcookie("sid", "");
$username = $this->getRequestParam("username");
$password1 = $this->getRequestParam("password1");
$password2 = $this->getRequestParam("password2");
if (empty($username)) {
$this->setFieldError("username", "Enter the username");
return;
}
if (empty($password1)) {
$this->setFieldError("password1", "Enter the password");
return;
}
if (empty($password2)) {
$this->setFieldError("password2", "Confirm the password");
return;
}
if ($password1 !== $password2) {
$this->setFieldError("password2", "Confirm password is not match");
return;
}
$user = new Auth\User();
try {
$new_user_id = $user->create($username, $password1);
} catch (\Exception $e) {
$this->setFieldError("username", $e->getMessage());
return;
}
$user->authorize($username, $password1);
$this->message = sprintf("Hello, %s! Thank you for registration.", $username);
$this->setResponse("redirect", "/");
$this->status = "ok";
}
}
$ajaxRequest = new AuthorizationAjaxRequest($_REQUEST);
$ajaxRequest->showResponse();
файл Auth.class.php
<?php
namespace Auth;
class User
{
private $id;
private $username;
private $db;
private $user_id;
private $db_host = "localhost";
private $db_name = "testdb";
private $db_user = "testdb";
private $db_pass = "testdb";
private $is_authorized = false;
public function __construct($username = null, $password = null)
{
$this->username = $username;
$this->connectDb($this->db_name, $this->db_user, $this->db_pass, $this->db_host);
}
public function __destruct()
{
$this->db = null;
}
public static function isAuthorized()
{
if (!empty($_SESSION["user_id"])) {
return (bool) $_SESSION["user_id"];
}
return false;
}
public function passwordHash($password, $salt = null, $iterations = 10)
{
$salt || $salt = uniqid();
$hash = md5(md5($password . md5(sha1($salt))));
for ($i = 0; $i < $iterations; ++$i) {
$hash = md5(md5(sha1($hash)));
}
return array('hash' => $hash, 'salt' => $salt);
}
public function getSalt($username) {
$query = "select salt from users where username = :username limit 1";
$sth = $this->db->prepare($query);
$sth->execute(
array(
":username" => $username
)
);
$row = $sth->fetch();
if (!$row) {
return false;
}
return $row["salt"];
}
public function authorize($username, $password, $remember=false)
{
$query = "select id, username from users where
username = :username and password = :password limit 1";
$sth = $this->db->prepare($query);
$salt = $this->getSalt($username);
if (!$salt) {
return false;
}
$hashes = $this->passwordHash($password, $salt);
$sth->execute(
array(
":username" => $username,
":password" => $hashes['hash'],
)
);
$this->user = $sth->fetch();
if (!$this->user) {
$this->is_authorized = false;
} else {
$this->is_authorized = true;
$this->user_id = $this->user['id'];
$this->saveSession($remember);
}
return $this->is_authorized;
}
public function logout()
{
if (!empty($_SESSION["user_id"])) {
unset($_SESSION["user_id"]);
}
}
public function saveSession($remember = false, $http_only = true, $days = 7)
{
$_SESSION["user_id"] = $this->user_id;
if ($remember) {
// Save session id in cookies
$sid = session_id();
$expire = time() + $days * 24 * 3600;
$domain = ""; // default domain
$secure = false;
$path = "/";
$cookie = setcookie("sid", $sid, $expire, $path, $domain, $secure, $http_only);
}
}
public function create($username, $password) {
$user_exists = $this->getSalt($username);
if ($user_exists) {
throw new \Exception("User exists: " . $username, 1);
}
$query = "insert into users (username, password, salt)
values (:username, :password, :salt)";
$hashes = $this->passwordHash($password);
$sth = $this->db->prepare($query);
try {
$this->db->beginTransaction();
$result = $sth->execute(
array(
':username' => $username,
':password' => $hashes['hash'],
':salt' => $hashes['salt'],
)
);
$this->db->commit();
} catch (\PDOException $e) {
$this->db->rollback();
echo "Database error: " . $e->getMessage();
die();
}
if (!$result) {
$info = $sth->errorInfo();
printf("Database error %d %s", $info[1], $info[2]);
die();
}
return $result;
}
public function connectdb($db_name, $db_user, $db_pass, $db_host = "localhost")
{
try {
$this->db = new \pdo("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pass);
} catch (\pdoexception $e) {
echo "database error: " . $e->getmessage();
die();
}
$this->db->query('set names utf8');
return $this;
}
}