Commit 1574b84411cc67ec8ed50747980904f17f516c9d
1 parent
551a12e2
When removing stale sessions, add a "timeout" entry in the user_history
table with the time at which the session would have expired. Also, track the session_id for all transactions for later use. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5279 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
4 changed files
with
54 additions
and
10 deletions
lib/documentmanagement/DocumentTransaction.inc
| @@ -74,6 +74,7 @@ class DocumentTransaction { | @@ -74,6 +74,7 @@ class DocumentTransaction { | ||
| 74 | } | 74 | } |
| 75 | 75 | ||
| 76 | $this->iUserID = $_SESSION["userID"]; | 76 | $this->iUserID = $_SESSION["userID"]; |
| 77 | + $this->iSessionId = $_SESSION["sessionID"]; | ||
| 77 | $oUser = KTUtil::arrayGet($aOptions, 'user'); | 78 | $oUser = KTUtil::arrayGet($aOptions, 'user'); |
| 78 | 79 | ||
| 79 | if (!(PEAR::isError($oUser) || ($oUser == false))) { | 80 | if (!(PEAR::isError($oUser) || ($oUser == false))) { |
| @@ -119,6 +120,7 @@ class DocumentTransaction { | @@ -119,6 +120,7 @@ class DocumentTransaction { | ||
| 119 | 'filename' => $this->sFileName, | 120 | 'filename' => $this->sFileName, |
| 120 | 'comment' => $this->sComment, | 121 | 'comment' => $this->sComment, |
| 121 | 'transaction_namespace' => $this->sTransactionNS, | 122 | 'transaction_namespace' => $this->sTransactionNS, |
| 123 | + 'session_id' => $this->iSessionId, | ||
| 122 | ); | 124 | ); |
| 123 | $id =& DBUtil::autoInsert($this->_table(), $aFieldValues); | 125 | $id =& DBUtil::autoInsert($this->_table(), $aFieldValues); |
| 124 | 126 |
lib/foldermanagement/foldertransaction.inc.php
| @@ -37,6 +37,7 @@ class KTFolderTransaction extends KTEntity { | @@ -37,6 +37,7 @@ class KTFolderTransaction extends KTEntity { | ||
| 37 | 'sIp' => 'ip', | 37 | 'sIp' => 'ip', |
| 38 | 'sComment' => 'comment', | 38 | 'sComment' => 'comment', |
| 39 | 'sTransactionNS' => 'transaction_namespace', | 39 | 'sTransactionNS' => 'transaction_namespace', |
| 40 | + 'iSessionId' => 'session_id', | ||
| 40 | ); | 41 | ); |
| 41 | 42 | ||
| 42 | var $_bUsePearError = true; | 43 | var $_bUsePearError = true; |
| @@ -49,6 +50,9 @@ class KTFolderTransaction extends KTEntity { | @@ -49,6 +50,9 @@ class KTFolderTransaction extends KTEntity { | ||
| 49 | if (empty($this->dDateTime)) { | 50 | if (empty($this->dDateTime)) { |
| 50 | $this->dDateTime = getCurrentDateTime(); | 51 | $this->dDateTime = getCurrentDateTime(); |
| 51 | } | 52 | } |
| 53 | + if (empty($this->iSessionId)) { | ||
| 54 | + $this->iSessionId = $_SESSION['sessionID']; | ||
| 55 | + } | ||
| 52 | return parent::_fieldValues(); | 56 | return parent::_fieldValues(); |
| 53 | } | 57 | } |
| 54 | 58 |
lib/session/Session.inc
| @@ -61,12 +61,14 @@ class Session { | @@ -61,12 +61,14 @@ class Session { | ||
| 61 | if (PEAR::isError($result)) { | 61 | if (PEAR::isError($result)) { |
| 62 | die("Error creating session: " . $result->toString()); | 62 | die("Error creating session: " . $result->toString()); |
| 63 | } | 63 | } |
| 64 | + $_SESSION['sessionID'] = $result; | ||
| 64 | 65 | ||
| 65 | $aParams = array( | 66 | $aParams = array( |
| 66 | 'userid' => $iUserId, | 67 | 'userid' => $iUserId, |
| 67 | 'datetime' => date("Y-m-d H:i:s", time()), | 68 | 'datetime' => date("Y-m-d H:i:s", time()), |
| 68 | 'actionnamespace' => 'ktcore.user_history.login', | 69 | 'actionnamespace' => 'ktcore.user_history.login', |
| 69 | 'comments' => sprintf('Logged in from %s', $ip), | 70 | 'comments' => sprintf('Logged in from %s', $ip), |
| 71 | + 'sessionid' => $_SESSION['sessionID'], | ||
| 70 | ); | 72 | ); |
| 71 | require_once(KT_LIB_DIR . '/users/userhistory.inc.php'); | 73 | require_once(KT_LIB_DIR . '/users/userhistory.inc.php'); |
| 72 | $res = KTUserHistory::createFromArray($aParams); | 74 | $res = KTUserHistory::createFromArray($aParams); |
| @@ -89,14 +91,22 @@ class Session { | @@ -89,14 +91,22 @@ class Session { | ||
| 89 | 91 | ||
| 90 | session_start(); | 92 | session_start(); |
| 91 | $sSessionID = session_id(); | 93 | $sSessionID = session_id(); |
| 92 | - $iUserID = $_SESSION["userID"]; | 94 | + $iUserId = $_SESSION["userID"]; |
| 93 | 95 | ||
| 94 | // remove the session information from the database | 96 | // remove the session information from the database |
| 95 | 97 | ||
| 96 | $sTable = KTUtil::getTableName('sessions'); | 98 | $sTable = KTUtil::getTableName('sessions'); |
| 97 | $res = DBUtil::whereDelete($sTable, array('session_id' => $sSessionID)); | 99 | $res = DBUtil::whereDelete($sTable, array('session_id' => $sSessionID)); |
| 98 | 100 | ||
| 99 | - | 101 | + $aParams = array( |
| 102 | + 'userid' => $iUserId, | ||
| 103 | + 'datetime' => date("Y-m-d H:i:s", time()), | ||
| 104 | + 'actionnamespace' => 'ktcore.user_history.logout', | ||
| 105 | + 'sessionid' => $_SESSION['sessonID'], | ||
| 106 | + ); | ||
| 107 | + require_once(KT_LIB_DIR . '/users/userhistory.inc.php'); | ||
| 108 | + $res = KTUserHistory::createFromArray($aParams); | ||
| 109 | + $default->log->info("saving user history - " . print_r($res, true)); | ||
| 100 | 110 | ||
| 101 | // remove the php4 session | 111 | // remove the php4 session |
| 102 | unset($_SESSION['userID']); | 112 | unset($_SESSION['userID']); |
| @@ -110,13 +120,37 @@ class Session { | @@ -110,13 +120,37 @@ class Session { | ||
| 110 | * | 120 | * |
| 111 | * @param int the userID to remove stale sessions for | 121 | * @param int the userID to remove stale sessions for |
| 112 | */ | 122 | */ |
| 113 | - function removeStaleSessions($userID = -1) { | 123 | + function removeStaleSessions() { |
| 114 | global $default; | 124 | global $default; |
| 115 | - // deletes any sessions for this userID where the default timeout has elapsed. | ||
| 116 | - $time = time() - $default->sessionTimeout; | ||
| 117 | - $sql = $default->db; | ||
| 118 | - $sQuery = "DELETE FROM $default->sessions_table WHERE " . (($userID != -1) ? "user_id=$userID AND " : "") . "lastused <= '" . formatDateTime($time) . "'"; | ||
| 119 | - $sql->query($sQuery); | 125 | + $time = time() - $default->sessionTimeout; |
| 126 | + | ||
| 127 | + $sTable = KTUtil::getTableName('sessions'); | ||
| 128 | + $aQuery = array( | ||
| 129 | + sprintf('SELECT id, lastused, user_id FROM %s WHERE lastused <= ?', $sTable), | ||
| 130 | + array(formatDateTime($time)), | ||
| 131 | + ); | ||
| 132 | + | ||
| 133 | + $aSessions = DBUtil::getResultArray($aQuery); | ||
| 134 | + | ||
| 135 | + foreach ($aSessions as $aSessionData) { | ||
| 136 | + $iId = $aSessionData['id']; | ||
| 137 | + $dLastUsed = $aSessionData['lastused']; | ||
| 138 | + $iUserId = $aSessionData['user_id']; | ||
| 139 | + $iTime = strtotime($dLastUsed); | ||
| 140 | + $iTime = $iTime + $default->sessionTimeout; | ||
| 141 | + $aParams = array( | ||
| 142 | + 'userid' => $iUserId, | ||
| 143 | + 'datetime' => formatDateTime($iTime), | ||
| 144 | + 'actionnamespace' => 'ktcore.user_history.timeout', | ||
| 145 | + 'comments' => 'Session timed out', | ||
| 146 | + 'sessionid' => $_SESSION['sessionID'], | ||
| 147 | + ); | ||
| 148 | + require_once(KT_LIB_DIR . '/users/userhistory.inc.php'); | ||
| 149 | + $res = KTUserHistory::createFromArray($aParams); | ||
| 150 | + $default->log->info("saving user history - " . print_r($res, true)); | ||
| 151 | + | ||
| 152 | + DBUtil::whereDelete($sTable, array('id' => $iId)); | ||
| 153 | + } | ||
| 120 | } | 154 | } |
| 121 | 155 | ||
| 122 | /** | 156 | /** |
| @@ -190,11 +224,12 @@ class Session { | @@ -190,11 +224,12 @@ class Session { | ||
| 190 | 224 | ||
| 191 | return true; | 225 | return true; |
| 192 | } else { | 226 | } else { |
| 227 | + | ||
| 228 | + Session::removeStaleSessions(); | ||
| 229 | + | ||
| 193 | return PEAR::raiseError('Session timed out'); | 230 | return PEAR::raiseError('Session timed out'); |
| 194 | } | 231 | } |
| 195 | 232 | ||
| 196 | - // } | ||
| 197 | - | ||
| 198 | Session::removeStaleSessions(); | 233 | Session::removeStaleSessions(); |
| 199 | 234 | ||
| 200 | return false; | 235 | return false; |
lib/users/userhistory.inc.php
| @@ -35,6 +35,7 @@ class KTUserHistory extends KTEntity { | @@ -35,6 +35,7 @@ class KTUserHistory extends KTEntity { | ||
| 35 | 'iUserId' => 'user_id', | 35 | 'iUserId' => 'user_id', |
| 36 | 'sActionNamespace' => 'action_namespace', | 36 | 'sActionNamespace' => 'action_namespace', |
| 37 | 'sComments' => 'comments', | 37 | 'sComments' => 'comments', |
| 38 | + 'iSessionId' => 'session_id', | ||
| 38 | ); | 39 | ); |
| 39 | 40 | ||
| 40 | var $_bUsePearError = true; | 41 | var $_bUsePearError = true; |
| @@ -47,6 +48,8 @@ class KTUserHistory extends KTEntity { | @@ -47,6 +48,8 @@ class KTUserHistory extends KTEntity { | ||
| 47 | function setComments($mValue) { $this->sComments = $sComments; } | 48 | function setComments($mValue) { $this->sComments = $sComments; } |
| 48 | function getActionNamespace() { return $this->sActionNamespace; } | 49 | function getActionNamespace() { return $this->sActionNamespace; } |
| 49 | function setActionNamespace($mValue) { $this->sActionNamespace = $mValue; } | 50 | function setActionNamespace($mValue) { $this->sActionNamespace = $mValue; } |
| 51 | + function getSessionId() { return $this->iSessionId; } | ||
| 52 | + function setSessionId($mValue) { $this->iSessionId = $mValue; } | ||
| 50 | 53 | ||
| 51 | function _table () { | 54 | function _table () { |
| 52 | return KTUtil::getTableName('user_history'); | 55 | return KTUtil::getTableName('user_history'); |