Commit 11d3d8adfe81ded29824d7105b6c658780107e8f
1 parent
87805f21
almost done session handling- moved code from control.php to checkSession function
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@122 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
59 additions
and
20 deletions
lib/control.inc
| ... | ... | @@ -8,7 +8,7 @@ |
| 8 | 8 | * Copyright (c) 1999-2002 The Owl Project Team |
| 9 | 9 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
| 10 | 10 | * @version $Revision$ |
| 11 | - * @author jam dms team | |
| 11 | + * @author <a href="mailto:michael@jamwarehouse.com>Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa | |
| 12 | 12 | * @package dmslib |
| 13 | 13 | */ |
| 14 | 14 | |
| ... | ... | @@ -20,39 +20,78 @@ |
| 20 | 20 | function redirect($url) { |
| 21 | 21 | // everything is relative to the root url |
| 22 | 22 | $url = $default->owl_root_url . $url; |
| 23 | + //echo "redirect:url = $url<br>"; | |
| 23 | 24 | header("Location: $url"); |
| 24 | 25 | } |
| 25 | 26 | |
| 26 | 27 | /** |
| 28 | + * Performs a redirect through the controller. | |
| 29 | + * Takes a controller action and queryString and builds url. | |
| 30 | + * | |
| 31 | + * @param $action the controller action | |
| 32 | + * @param $queryString additional querystring vars | |
| 33 | + */ | |
| 34 | +function controllerRedirect($action, $queryString) { | |
| 35 | + // generate url | |
| 36 | + $ctlUrl = generateControllerUrl($action); | |
| 37 | + // append the rest of the url | |
| 38 | + $url = $ctlUrl . "&$queryString"; | |
| 39 | + // now redirect | |
| 40 | + redirect($url); | |
| 41 | +} | |
| 42 | + | |
| 43 | +/** | |
| 44 | + * Returns a controller url. | |
| 45 | + * | |
| 46 | + * @param $action the controller action to generate a url for | |
| 47 | + * | |
| 48 | + * @return the controller url | |
| 49 | + */ | |
| 50 | +function generateControllerUrl($action) { | |
| 51 | + return "control.php?action=$action"; | |
| 52 | +} | |
| 53 | + | |
| 54 | +/** | |
| 27 | 55 | * Generates a link via the control page, with the passed action |
| 28 | 56 | * |
| 29 | 57 | * @param $action |
| 30 | 58 | * the controller action to generate a link for |
| 31 | 59 | * @return the generated href |
| 32 | 60 | */ |
| 33 | - //TODO: maybe this should just be the url? | |
| 34 | 61 | function generateLink($action) { |
| 35 | - return "<a href=\"control.php?action=$action\">"; | |
| 62 | + return "<a href=\"" . generateControllerUrl($action) . "\">"; | |
| 36 | 63 | } |
| 37 | 64 | |
| 38 | 65 | /** |
| 39 | - * Validates the session. | |
| 40 | - * | |
| 41 | - * @param $sessionID | |
| 42 | - * the session ID to validate | |
| 43 | - * @return | |
| 44 | - * true if the session is valid, else false. | |
| 66 | + * Verifies the current session | |
| 45 | 67 | */ |
| 46 | 68 | function checkSession() { |
| 47 | - $sessionStatus = Session::verify(); | |
| 48 | - // TODO: error handling in here with appropriate actions | |
| 49 | - // error messages are in $sessionStatus["errorMessage"] | |
| 50 | - switch ($sessionStatus["status"]) { | |
| 51 | - case 1 : // session verified, update lastused time | |
| 52 | - return true; | |
| 53 | - break; | |
| 54 | - case 2 : // session timed out | |
| 55 | - case 3 : // session already in use | |
| 56 | - return false; | |
| 57 | - } | |
| 69 | + session_start(); | |
| 70 | + $session = new Session(); | |
| 71 | + $sessionStatus = $session->verify(); | |
| 72 | + if ($sessionStatus["status"] != 1) { | |
| 73 | + // verification failed, redirect to login with error message | |
| 74 | + $url = "login.php?loginAction=loginForm"; | |
| 75 | + if (isset($default->errorMessage) && (strlen($default->errorMessage) > 0) ) { | |
| 76 | + $url = $url . "&errorMessage=$default->errorMessage"; | |
| 77 | + } | |
| 78 | + $qs = $_SERVER[QUERY_STRING]; | |
| 79 | + // redirect to login page with original uri unless the original uri is the login page, | |
| 80 | + // which means that the login attempt failed | |
| 81 | + if (strstr($qs, "action=LOGIN_FORM")) { | |
| 82 | + // redirecting to login- ensure error message is set | |
| 83 | + // FIXME: is this presumptious? more rigor? use $default? | |
| 84 | + $url = $url . "&errorMessage=" . urlencode($errorMessage); | |
| 85 | + } else if (strlen($_SERVER[QUERY_STRING]) > 1) { | |
| 86 | + // not redirecting to login, so this session verification failure | |
| 87 | + // represents either the first visit to the site | |
| 88 | + // OR a session timeout etc. (in which case we still want to bounce | |
| 89 | + // the user to the login page, and then back to whatever page they're on now) | |
| 90 | + $originalRequest = $_SERVER[QUERY_STRING]; | |
| 91 | + $url = $url . "&redirect=" . $originalRequest; | |
| 92 | + } | |
| 93 | + | |
| 94 | + redirect($url); | |
| 95 | + | |
| 96 | + } | |
| 58 | 97 | } | ... | ... |