From 4c929724acd56d1528ac763a69a1074607126a4b Mon Sep 17 00:00:00 2001
From: michael <michael@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Tue, 7 Jan 2003 15:38:06 +0000
Subject: [PATCH] completed adding php session handling

---
 lib/Session.inc | 97 +++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------
 1 file changed, 49 insertions(+), 48 deletions(-)

diff --git a/lib/Session.inc b/lib/Session.inc
index e0ca9cf..042b4a5 100644
--- a/lib/Session.inc
+++ b/lib/Session.inc
@@ -21,12 +21,21 @@ class Session {
 	function create($userID) {
         global $default;
         
-		// create the session id from a md5 of the current time
-        $current = time();
-        //$random = $this->sessionID . $current;
-        $sessionID = md5($current);
-        $sql = new Owl_DB;
+        session_start();
+        
+        // bind userID to session
+        $_SESSION['userID'] = $userID;
+        // lookup user class and add to session
+        //$_SESSION['userClass'] = lookupUserClass($userID);
         
+        // lookup group id and add to session
+        //$_SESSION['groupID'] = lookupGroupID($userID);
+        $_SESSION['groupID'] = owlusergroup($userID);
+        
+        // use the PHP generated session id
+        $sessionID = session_id();
+        
+
         // retrieve client ip
         if(getenv("HTTP_CLIENT_IP")) {
             $ip = getenv("HTTP_CLIENT_IP");
@@ -36,9 +45,11 @@ class Session {
         } else {
             $ip = getenv("REMOTE_ADDR");
         }
-
+        
+        $current = time();
         // insert session information into db
-        $result = $sql->query("insert into $default->owl_sessions_table values ('$sessionID', '$userID', '$current', '$ip')");
+        $sql = new Owl_DB;
+        $result = $sql->query("insert into $default->owl_sessions_table (sessid, uid, lastused, ip) values ('$sessionID', '$userID', '$current', '$ip')");
         
         if(!'result') {
             die("$lang_err_sess_write");
@@ -48,14 +59,20 @@ class Session {
 	}
     
     /**
-     * Removes the specified session from the application.
-     *
-     * @param sessionID
-     *        the session to remove
+     * Destroys the current session.
      */
-    function remove($sessionID) {
+    function destroy() {
+        global $default;
+
+        session_start();
+        // remove the session information from the database
         $sql = new Owl_DB;
-        $sql->query("delete from $default->owl_sessions_table where sessid = '$sessionID'");        
+        $query = "delete from $default->owl_sessions_table where sessid = '" . session_id() . "'";
+        $sql->query($query);
+
+        // remove the php4 session
+        session_unset();
+        session_destroy();
     }
     
     /**
@@ -64,25 +81,27 @@ class Session {
      * @param userID
      *        the userID to remove stale sessions for
      */
-    function removeStateSessions($userID) {
+    function removeStaleSessions($userID) {
+        global $default;
+        // deletes any sessions for this userID where the default timeout has elapsed.
         $time = time() -  $default->owl_timeout;
         $sql = new Owl_DB;
         $sql->query("delete from $default->owl_sessions_table where uid = '" . $userID . "' and lastused <= $time ");
     }
     
     /**
-     * Used to verify a users session
+     * Used to verify the current user's session.
      *
-     * @param $sessionID
-     *	      The session id to verify
      * @return 
-     *        array containing the userID, groupID and session verifiction status
+     *        array containing the userID, groupID and session verification status
      */
-    function verify($sessionID) {
-        
+    function verify() {       
         getprefs();
         global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;
-        $sess = ltrim($sessionID);
+        session_start();
+        
+        $sessionID = session_id();
+        
         // initialise return status
         $verified["status"] = 0;
         
@@ -108,46 +127,28 @@ class Session {
                 if ($ip == $sql->f("ip")) {
                     // if timeout not exceeded
                     if(($time - $sql->f("lastused")) <= $default->owl_timeout) {
+                        // set verified status
                         $verified["status"] = 1;
+                        // update userID? this should be the same value on the session
                         $verified["userID"] = $sql->f("uid");
                         $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");
                         while($sql->next_record()) {
                             $verified["groupID"] = $sql->f("groupid");
                         }
+                        // session verified, so update last user time
+                        $lastused = time();
+                        $userID = $sessionStatus["userID"];
+                        $sql->query("update $default->owl_sessions_table set lastused = '$lastused' where uid = '$userID'");
+
                     } else {
-                        // TODO: don't want html here
                         // session time out status
                         $verified["status"] = 2;
-                        /*
-                        // Bozz Bug Fix begin
-                        if (file_exists("./lib/header.inc")) {
-                            include("./lib/header.inc");
-                        } else {
-                            include("../lib/header.inc");
-                        }
-                        // Bozz Bug Fix End
-                        print("<BR><BR><CENTER>".$lang_sesstimeout);
-                        if ($parent == "" || $fileid == "") {
-                            print("<A HREF='$default->owl_root_url/index.php'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
-                        } else {
-                            print("<A HREF='$default->owl_root_url/index.php?parent=$parent&fileid=$fileid'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
-                        }
-                        exit();*/
+                        $verified["errorMessage"] = $lang_sesstimeout;
                     }
                 } else {
                     // session in use status
                     $verified["status"] = 3;
-                    /*
-                    // Bozz Bug Fix begin
-                    if (file_exists("./lib/header.inc")) {
-                        include("./lib/header.inc");
-                    } else {
-                        include("../lib/header.inc");
-                    }
-                    // Bozz Bug Fix End
-                    print("<BR><BR><CENTER>".$lang_sessinuse);
-                    exit;
-                    */
+                    $verified["errorMessage"] = $lang_sessinuse;
                 }
             }
         }
--
libgit2 0.21.4