diff --git a/lib/Session.inc b/lib/Session.inc
index e0ca9cf..042b4a5 100644
--- a/lib/Session.inc
+++ b/lib/Session.inc
@@ -21,12 +21,21 @@ class Session {
function create($userID) {
global $default;
- // create the session id from a md5 of the current time
- $current = time();
- //$random = $this->sessionID . $current;
- $sessionID = md5($current);
- $sql = new Owl_DB;
+ session_start();
+
+ // bind userID to session
+ $_SESSION['userID'] = $userID;
+ // lookup user class and add to session
+ //$_SESSION['userClass'] = lookupUserClass($userID);
+ // lookup group id and add to session
+ //$_SESSION['groupID'] = lookupGroupID($userID);
+ $_SESSION['groupID'] = owlusergroup($userID);
+
+ // use the PHP generated session id
+ $sessionID = session_id();
+
+
// retrieve client ip
if(getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
@@ -36,9 +45,11 @@ class Session {
} else {
$ip = getenv("REMOTE_ADDR");
}
-
+
+ $current = time();
// insert session information into db
- $result = $sql->query("insert into $default->owl_sessions_table values ('$sessionID', '$userID', '$current', '$ip')");
+ $sql = new Owl_DB;
+ $result = $sql->query("insert into $default->owl_sessions_table (sessid, uid, lastused, ip) values ('$sessionID', '$userID', '$current', '$ip')");
if(!'result') {
die("$lang_err_sess_write");
@@ -48,14 +59,20 @@ class Session {
}
/**
- * Removes the specified session from the application.
- *
- * @param sessionID
- * the session to remove
+ * Destroys the current session.
*/
- function remove($sessionID) {
+ function destroy() {
+ global $default;
+
+ session_start();
+ // remove the session information from the database
$sql = new Owl_DB;
- $sql->query("delete from $default->owl_sessions_table where sessid = '$sessionID'");
+ $query = "delete from $default->owl_sessions_table where sessid = '" . session_id() . "'";
+ $sql->query($query);
+
+ // remove the php4 session
+ session_unset();
+ session_destroy();
}
/**
@@ -64,25 +81,27 @@ class Session {
* @param userID
* the userID to remove stale sessions for
*/
- function removeStateSessions($userID) {
+ function removeStaleSessions($userID) {
+ global $default;
+ // deletes any sessions for this userID where the default timeout has elapsed.
$time = time() - $default->owl_timeout;
$sql = new Owl_DB;
$sql->query("delete from $default->owl_sessions_table where uid = '" . $userID . "' and lastused <= $time ");
}
/**
- * Used to verify a users session
+ * Used to verify the current user's session.
*
- * @param $sessionID
- * The session id to verify
* @return
- * array containing the userID, groupID and session verifiction status
+ * array containing the userID, groupID and session verification status
*/
- function verify($sessionID) {
-
+ function verify() {
getprefs();
global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;
- $sess = ltrim($sessionID);
+ session_start();
+
+ $sessionID = session_id();
+
// initialise return status
$verified["status"] = 0;
@@ -108,46 +127,28 @@ class Session {
if ($ip == $sql->f("ip")) {
// if timeout not exceeded
if(($time - $sql->f("lastused")) <= $default->owl_timeout) {
+ // set verified status
$verified["status"] = 1;
+ // update userID? this should be the same value on the session
$verified["userID"] = $sql->f("uid");
$sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");
while($sql->next_record()) {
$verified["groupID"] = $sql->f("groupid");
}
+ // session verified, so update last user time
+ $lastused = time();
+ $userID = $sessionStatus["userID"];
+ $sql->query("update $default->owl_sessions_table set lastused = '$lastused' where uid = '$userID'");
+
} else {
- // TODO: don't want html here
// session time out status
$verified["status"] = 2;
- /*
- // Bozz Bug Fix begin
- if (file_exists("./lib/header.inc")) {
- include("./lib/header.inc");
- } else {
- include("../lib/header.inc");
- }
- // Bozz Bug Fix End
- print("
".$lang_sesstimeout);
- if ($parent == "" || $fileid == "") {
- print("
");
- } else {
- print("");
- }
- exit();*/
+ $verified["errorMessage"] = $lang_sesstimeout;
}
} else {
// session in use status
$verified["status"] = 3;
- /*
- // Bozz Bug Fix begin
- if (file_exists("./lib/header.inc")) {
- include("./lib/header.inc");
- } else {
- include("../lib/header.inc");
- }
- // Bozz Bug Fix End
- print("
".$lang_sessinuse);
- exit;
- */
+ $verified["errorMessage"] = $lang_sessinuse;
}
}
}