From 11d3d8adfe81ded29824d7105b6c658780107e8f Mon Sep 17 00:00:00 2001 From: Michael Joseph Date: Fri, 10 Jan 2003 16:55:43 +0000 Subject: [PATCH] almost done session handling- moved code from control.php to checkSession function --- lib/control.inc | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 59 insertions(+), 20 deletions(-) diff --git a/lib/control.inc b/lib/control.inc index d48967d..e85655b 100644 --- a/lib/control.inc +++ b/lib/control.inc @@ -8,7 +8,7 @@ * Copyright (c) 1999-2002 The Owl Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * @version $Revision$ - * @author jam dms team + * @author "; header("Location: $url"); } /** + * Performs a redirect through the controller. + * Takes a controller action and queryString and builds url. + * + * @param $action the controller action + * @param $queryString additional querystring vars + */ +function controllerRedirect($action, $queryString) { + // generate url + $ctlUrl = generateControllerUrl($action); + // append the rest of the url + $url = $ctlUrl . "&$queryString"; + // now redirect + redirect($url); +} + +/** + * Returns a controller url. + * + * @param $action the controller action to generate a url for + * + * @return the controller url + */ +function generateControllerUrl($action) { + return "control.php?action=$action"; +} + +/** * Generates a link via the control page, with the passed action * * @param $action * the controller action to generate a link for * @return the generated href */ - //TODO: maybe this should just be the url? function generateLink($action) { - return ""; + return ""; } /** - * Validates the session. - * - * @param $sessionID - * the session ID to validate - * @return - * true if the session is valid, else false. + * Verifies the current session */ function checkSession() { - $sessionStatus = Session::verify(); - // TODO: error handling in here with appropriate actions - // error messages are in $sessionStatus["errorMessage"] - switch ($sessionStatus["status"]) { - case 1 : // session verified, update lastused time - return true; - break; - case 2 : // session timed out - case 3 : // session already in use - return false; - } + session_start(); + $session = new Session(); + $sessionStatus = $session->verify(); + if ($sessionStatus["status"] != 1) { + // verification failed, redirect to login with error message + $url = "login.php?loginAction=loginForm"; + if (isset($default->errorMessage) && (strlen($default->errorMessage) > 0) ) { + $url = $url . "&errorMessage=$default->errorMessage"; + } + $qs = $_SERVER[QUERY_STRING]; + // redirect to login page with original uri unless the original uri is the login page, + // which means that the login attempt failed + if (strstr($qs, "action=LOGIN_FORM")) { + // redirecting to login- ensure error message is set + // FIXME: is this presumptious? more rigor? use $default? + $url = $url . "&errorMessage=" . urlencode($errorMessage); + } else if (strlen($_SERVER[QUERY_STRING]) > 1) { + // not redirecting to login, so this session verification failure + // represents either the first visit to the site + // OR a session timeout etc. (in which case we still want to bounce + // the user to the login page, and then back to whatever page they're on now) + $originalRequest = $_SERVER[QUERY_STRING]; + $url = $url . "&redirect=" . $originalRequest; + } + + redirect($url); + + } } -- libgit2 0.21.4