platform . $objBrowser->parent; } else { $strIdentity = $_SERVER['HTTP_USER_AGENT']; } return md5($intUserId . $strIdentity . getConfigVar('LoginKeySalt')); } function flushExpiredUserLogins($intUserId) { if ($intMaxConcurrentLogins = getConfigVar('MaxConcurrentLogins')) { if ($arrUserLogins = loadAllUserLoginsByAccessedDesc($intUserId)) { if (count($arrUserLogins) > $intMaxConcurrentLogins) { deleteUserLoginsById(array_slice($arrUserLogins, $intMaxConcurrentLogins)); } } } } class Password { const HASH_ALGORITHM = 'SHA-1'; const SALT_LENGTH = 6; const SALT_CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; const FIELD_SEPARATOR = ':'; static public function validate($strEncryptedPassword, $strRawPassword) { list($strAlgorithm, $strSalt, $strHashedPassword) = explode(self::FIELD_SEPARATOR, $strEncryptedPassword); return $strHashedPassword == self::hash($strAlgorithm, $strSalt, $strRawPassword); } static public function encrypt($strRawPassword) { $strSalt = substr(str_shuffle(self::SALT_CHARS), 0, self::SALT_LENGTH); return self::HASH_ALGORITHM . self::FIELD_SEPARATOR . $strSalt . self::FIELD_SEPARATOR . self::hash(self::HASH_ALGORITHM, $strSalt, $strRawPassword) ; } static protected function hash($strAlgorithm, $strSalt, $strRawPassword) { $strAlgorithm = strtolower(preg_replace('/\W/', '', $strAlgorithm)); return hash($strAlgorithm, $strSalt . $strRawPassword); } } ?> CREATE TABLE `users` ( `userid` int(10) unsigned NOT NULL AUTO_INCREMENT, `username` varchar(15) NOT NULL, `password` varchar(255) NOT NULL, `email` varchar(80) NOT NULL, `created` datetime NOT NULL, `updated` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`userid`), KEY `username` (`username`) ); CREATE TABLE `user_login` ( `userloginid` int(10) unsigned NOT NULL AUTO_INCREMENT, `userid` int(10) unsigned NOT NULL, `publickey` char(32) NOT NULL, `privatekey` char(32) NOT NULL, `created` datetime NOT NULL, `accessed` datetime NOT NULL, PRIMARY KEY (`userloginid`), UNIQUE KEY `user` (`userid`,`privatekey`) );