$_SESSION["SESSION_EXPIRY"] ) { $nRet = 3; }else if ( $MULTIPLE_LOGIN ) { // if allow multiple login $_SESSION["SESSION_EXPIRY"] = time() + SESSION_INACTIVE; $nRet = 1; }else { $db = new DB; $db->query("select count(*) as totalRec from " . SESSION_TABLE . " where LoginID='" . $_SESSION["SESSION_LOGINID"] . "' and LastLogin=" . $_SESSION["SESSION_LASTLOGIN"] . " and SessionKey=" . $_SESSION["SESSION_EXPIRY"]); $db->next_record(); $_SESSION["SESSION_EXPIRY"] = time() + SESSION_INACTIVE; if ($db->f("totalRec")) { $db->query("update " . SESSION_TABLE . " set LastLogin=" . $_SESSION["SESSION_LASTLOGIN"] . ", IP='" . $_SERVER['REMOTE_ADDR'] . "', SessionKey=" . $_SESSION["SESSION_EXPIRY"] . " where LoginID='" . $_SESSION["SESSION_LOGINID"] . "'"); } else { $db->query("insert into " . SESSION_TABLE . " (LoginID, LastLogin, IP, SessionKey) values ('" . $_SESSION["SESSION_LOGINID"] . "', " . $_SESSION["SESSION_LASTLOGIN"] . ", '" . $_SERVER['REMOTE_ADDR'] . "', " . $_SESSION["SESSION_EXPIRY"] . ")"); } $nRet = 1; } return $nRet; } // check is login and permission, if no $CurrentSession, it will only check islogin function SESSION_secure($CurrentSession = '0'){ global $SESSION_ALERT; $nSecure = SESSION_isLogin(); if($nSecure !=1){ SESSION_Logout(); echo ""; } if($CurrentSession)//if not set this will skip this step if (!($_SESSION["SESSION_SECTION"] & pow(2, intval($CurrentSession)))) { echo ""; echo ""; } } ## For record user log and store login session ## function SESSION_Login($login, $name, $section, $login_id=0) { $_SESSION["SESSION_LOGINID"] = $login_id; $_SESSION["SESSION_LOGIN"] = $login; $_SESSION["SESSION_NAME"] = $name; $_SESSION["SESSION_SECTION"] = $section; $_SESSION["SESSION_LASTLOGIN"] = time(); $_SESSION["SESSION_EXPIRY"] = time() + SESSION_INACTIVE; $db = new DB; $db->query("select * from " . SESSION_TABLE . " where LoginID='" . $_SESSION["SESSION_LOGINID"] . "'"); $_SESSION["SESSION_EXPIRY"] = time() + SESSION_INACTIVE; if ($db->next_record()) { $db->query("update " . SESSION_TABLE . " set LastLogin=" . $_SESSION["SESSION_LASTLOGIN"] . ", IP='" . $_SERVER['REMOTE_ADDR'] . "', SessionKey=" . $_SESSION["SESSION_EXPIRY"] . " where LoginID='" . $_SESSION["SESSION_LOGINID"] . "'"); } else { $db->query("insert into " . SESSION_TABLE . " (LoginID, LastLogin, IP, SessionKey) values ('" . $_SESSION["SESSION_LOGINID"] . "', " . $_SESSION["SESSION_LASTLOGIN"] . ", '" . $_SERVER['REMOTE_ADDR'] . "', " . $_SESSION["SESSION_EXPIRY"] . ")"); } } function SESSION_Logout() { $_SESSION["SESSION_NAME"] = ""; $_SESSION["SESSION_LOGINID"] = 0; $_SESSION["SESSION_LOGIN"] = ""; $_SESSION["SESSION_EXPIRY"] = ""; $_SESSION["SESSION_SECTION"] = 0; $_SESSION["YCC_TOKEN"] = 0; } /* // not used function SESSION_checkSession($CurrentSession) { global $SESSION_ALERT; if($CurrentSession)//if not set this will skip this step if (!($_SESSION["SESSION_SECTION"] & pow(2, intval($CurrentSession)))) { echo ""; echo ""; } return true; } */ ?>