Commit 1138ac612a0e83dd170ed33a9dce3519f854bc03
1 parent
ab04ff9a
almost done session handling- moved code from control.php to checkSession function
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@122 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
59 additions
and
20 deletions
lib/control.inc
| @@ -8,7 +8,7 @@ | @@ -8,7 +8,7 @@ | ||
| 8 | * Copyright (c) 1999-2002 The Owl Project Team | 8 | * Copyright (c) 1999-2002 The Owl Project Team |
| 9 | * Licensed under the GNU GPL. For full terms see the file COPYING. | 9 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
| 10 | * @version $Revision$ | 10 | * @version $Revision$ |
| 11 | - * @author jam dms team | 11 | + * @author <a href="mailto:michael@jamwarehouse.com>Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa |
| 12 | * @package dmslib | 12 | * @package dmslib |
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| @@ -20,39 +20,78 @@ | @@ -20,39 +20,78 @@ | ||
| 20 | function redirect($url) { | 20 | function redirect($url) { |
| 21 | // everything is relative to the root url | 21 | // everything is relative to the root url |
| 22 | $url = $default->owl_root_url . $url; | 22 | $url = $default->owl_root_url . $url; |
| 23 | + //echo "redirect:url = $url<br>"; | ||
| 23 | header("Location: $url"); | 24 | header("Location: $url"); |
| 24 | } | 25 | } |
| 25 | 26 | ||
| 26 | /** | 27 | /** |
| 28 | + * Performs a redirect through the controller. | ||
| 29 | + * Takes a controller action and queryString and builds url. | ||
| 30 | + * | ||
| 31 | + * @param $action the controller action | ||
| 32 | + * @param $queryString additional querystring vars | ||
| 33 | + */ | ||
| 34 | +function controllerRedirect($action, $queryString) { | ||
| 35 | + // generate url | ||
| 36 | + $ctlUrl = generateControllerUrl($action); | ||
| 37 | + // append the rest of the url | ||
| 38 | + $url = $ctlUrl . "&$queryString"; | ||
| 39 | + // now redirect | ||
| 40 | + redirect($url); | ||
| 41 | +} | ||
| 42 | + | ||
| 43 | +/** | ||
| 44 | + * Returns a controller url. | ||
| 45 | + * | ||
| 46 | + * @param $action the controller action to generate a url for | ||
| 47 | + * | ||
| 48 | + * @return the controller url | ||
| 49 | + */ | ||
| 50 | +function generateControllerUrl($action) { | ||
| 51 | + return "control.php?action=$action"; | ||
| 52 | +} | ||
| 53 | + | ||
| 54 | +/** | ||
| 27 | * Generates a link via the control page, with the passed action | 55 | * Generates a link via the control page, with the passed action |
| 28 | * | 56 | * |
| 29 | * @param $action | 57 | * @param $action |
| 30 | * the controller action to generate a link for | 58 | * the controller action to generate a link for |
| 31 | * @return the generated href | 59 | * @return the generated href |
| 32 | */ | 60 | */ |
| 33 | - //TODO: maybe this should just be the url? | ||
| 34 | function generateLink($action) { | 61 | function generateLink($action) { |
| 35 | - return "<a href=\"control.php?action=$action\">"; | 62 | + return "<a href=\"" . generateControllerUrl($action) . "\">"; |
| 36 | } | 63 | } |
| 37 | 64 | ||
| 38 | /** | 65 | /** |
| 39 | - * Validates the session. | ||
| 40 | - * | ||
| 41 | - * @param $sessionID | ||
| 42 | - * the session ID to validate | ||
| 43 | - * @return | ||
| 44 | - * true if the session is valid, else false. | 66 | + * Verifies the current session |
| 45 | */ | 67 | */ |
| 46 | function checkSession() { | 68 | function checkSession() { |
| 47 | - $sessionStatus = Session::verify(); | ||
| 48 | - // TODO: error handling in here with appropriate actions | ||
| 49 | - // error messages are in $sessionStatus["errorMessage"] | ||
| 50 | - switch ($sessionStatus["status"]) { | ||
| 51 | - case 1 : // session verified, update lastused time | ||
| 52 | - return true; | ||
| 53 | - break; | ||
| 54 | - case 2 : // session timed out | ||
| 55 | - case 3 : // session already in use | ||
| 56 | - return false; | ||
| 57 | - } | 69 | + session_start(); |
| 70 | + $session = new Session(); | ||
| 71 | + $sessionStatus = $session->verify(); | ||
| 72 | + if ($sessionStatus["status"] != 1) { | ||
| 73 | + // verification failed, redirect to login with error message | ||
| 74 | + $url = "login.php?loginAction=loginForm"; | ||
| 75 | + if (isset($default->errorMessage) && (strlen($default->errorMessage) > 0) ) { | ||
| 76 | + $url = $url . "&errorMessage=$default->errorMessage"; | ||
| 77 | + } | ||
| 78 | + $qs = $_SERVER[QUERY_STRING]; | ||
| 79 | + // redirect to login page with original uri unless the original uri is the login page, | ||
| 80 | + // which means that the login attempt failed | ||
| 81 | + if (strstr($qs, "action=LOGIN_FORM")) { | ||
| 82 | + // redirecting to login- ensure error message is set | ||
| 83 | + // FIXME: is this presumptious? more rigor? use $default? | ||
| 84 | + $url = $url . "&errorMessage=" . urlencode($errorMessage); | ||
| 85 | + } else if (strlen($_SERVER[QUERY_STRING]) > 1) { | ||
| 86 | + // not redirecting to login, so this session verification failure | ||
| 87 | + // represents either the first visit to the site | ||
| 88 | + // OR a session timeout etc. (in which case we still want to bounce | ||
| 89 | + // the user to the login page, and then back to whatever page they're on now) | ||
| 90 | + $originalRequest = $_SERVER[QUERY_STRING]; | ||
| 91 | + $url = $url . "&redirect=" . $originalRequest; | ||
| 92 | + } | ||
| 93 | + | ||
| 94 | + redirect($url); | ||
| 95 | + | ||
| 96 | + } | ||
| 58 | } | 97 | } |