Peter M. Groen / knowledgetree

Commit 4c929724acd56d1528ac763a69a1074607126a4b

Authored by michael
1 parent dfcbb4dd

completed adding php session handling 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@57 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 49 additions and 48 deletions
lib/Session.inc
  View file @4c92972
... ... @@ -21,12 +21,21 @@ class Session {
21 21 function create($userID) {
22 22 global $default;
23 23  
24   - // create the session id from a md5 of the current time
25   - $current = time();
26   - //$random = $this->sessionID . $current;
27   - $sessionID = md5($current);
28   - $sql = new Owl_DB;
  24 + session_start();
  25 +
  26 + // bind userID to session
  27 + $_SESSION['userID'] = $userID;
  28 + // lookup user class and add to session
  29 + //$_SESSION['userClass'] = lookupUserClass($userID);
29 30  
  31 + // lookup group id and add to session
  32 + //$_SESSION['groupID'] = lookupGroupID($userID);
  33 + $_SESSION['groupID'] = owlusergroup($userID);
  34 +
  35 + // use the PHP generated session id
  36 + $sessionID = session_id();
  37 +
  38 +
30 39 // retrieve client ip
31 40 if(getenv("HTTP_CLIENT_IP")) {
32 41 $ip = getenv("HTTP_CLIENT_IP");
... ... @@ -36,9 +45,11 @@ class Session {
36 45 } else {
37 46 $ip = getenv("REMOTE_ADDR");
38 47 }
39   -
  48 +
  49 + $current = time();
40 50 // insert session information into db
41   - $result = $sql->query("insert into $default->owl_sessions_table values ('$sessionID', '$userID', '$current', '$ip')");
  51 + $sql = new Owl_DB;
  52 + $result = $sql->query("insert into $default->owl_sessions_table (sessid, uid, lastused, ip) values ('$sessionID', '$userID', '$current', '$ip')");
42 53  
43 54 if(!'result') {
44 55 die("$lang_err_sess_write");
... ... @@ -48,14 +59,20 @@ class Session {
48 59 }
49 60  
50 61 /**
51   - * Removes the specified session from the application.
52   - *
53   - * @param sessionID
54   - * the session to remove
  62 + * Destroys the current session.
55 63 */
56   - function remove($sessionID) {
  64 + function destroy() {
  65 + global $default;
  66 +
  67 + session_start();
  68 + // remove the session information from the database
57 69 $sql = new Owl_DB;
58   - $sql->query("delete from $default->owl_sessions_table where sessid = '$sessionID'");
  70 + $query = "delete from $default->owl_sessions_table where sessid = '" . session_id() . "'";
  71 + $sql->query($query);
  72 +
  73 + // remove the php4 session
  74 + session_unset();
  75 + session_destroy();
59 76 }
60 77  
61 78 /**
... ... @@ -64,25 +81,27 @@ class Session {
64 81 * @param userID
65 82 * the userID to remove stale sessions for
66 83 */
67   - function removeStateSessions($userID) {
  84 + function removeStaleSessions($userID) {
  85 + global $default;
  86 + // deletes any sessions for this userID where the default timeout has elapsed.
68 87 $time = time() - $default->owl_timeout;
69 88 $sql = new Owl_DB;
70 89 $sql->query("delete from $default->owl_sessions_table where uid = '" . $userID . "' and lastused <= $time ");
71 90 }
72 91  
73 92 /**
74   - * Used to verify a users session
  93 + * Used to verify the current user's session.
75 94 *
76   - * @param $sessionID
77   - * The session id to verify
78 95 * @return
79   - * array containing the userID, groupID and session verifiction status
  96 + * array containing the userID, groupID and session verification status
80 97 */
81   - function verify($sessionID) {
82   -
  98 + function verify() {
83 99 getprefs();
84 100 global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;
85   - $sess = ltrim($sessionID);
  101 + session_start();
  102 +
  103 + $sessionID = session_id();
  104 +
86 105 // initialise return status
87 106 $verified["status"] = 0;
88 107  
... ... @@ -108,46 +127,28 @@ class Session {
108 127 if ($ip == $sql->f("ip")) {
109 128 // if timeout not exceeded
110 129 if(($time - $sql->f("lastused")) <= $default->owl_timeout) {
  130 + // set verified status
111 131 $verified["status"] = 1;
  132 + // update userID? this should be the same value on the session
112 133 $verified["userID"] = $sql->f("uid");
113 134 $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");
114 135 while($sql->next_record()) {
115 136 $verified["groupID"] = $sql->f("groupid");
116 137 }
  138 + // session verified, so update last user time
  139 + $lastused = time();
  140 + $userID = $sessionStatus["userID"];
  141 + $sql->query("update $default->owl_sessions_table set lastused = '$lastused' where uid = '$userID'");
  142 +
117 143 } else {
118   - // TODO: don't want html here
119 144 // session time out status
120 145 $verified["status"] = 2;
121   - /*
122   - // Bozz Bug Fix begin
123   - if (file_exists("./lib/header.inc")) {
124   - include("./lib/header.inc");
125   - } else {
126   - include("../lib/header.inc");
127   - }
128   - // Bozz Bug Fix End
129   - print("<BR><BR><CENTER>".$lang_sesstimeout);
130   - if ($parent == "" || $fileid == "") {
131   - print("<A HREF='$default->owl_root_url/index.php'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
132   - } else {
133   - print("<A HREF='$default->owl_root_url/index.php?parent=$parent&fileid=$fileid'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
134   - }
135   - exit();*/
  146 + $verified["errorMessage"] = $lang_sesstimeout;
136 147 }
137 148 } else {
138 149 // session in use status
139 150 $verified["status"] = 3;
140   - /*
141   - // Bozz Bug Fix begin
142   - if (file_exists("./lib/header.inc")) {
143   - include("./lib/header.inc");
144   - } else {
145   - include("../lib/header.inc");
146   - }
147   - // Bozz Bug Fix End
148   - print("<BR><BR><CENTER>".$lang_sessinuse);
149   - exit;
150   - */
  151 + $verified["errorMessage"] = $lang_sessinuse;
151 152 }
152 153 }
153 154 }
... ...