Peter M. Groen / knowledgetree

Commit 4c929724acd56d1528ac763a69a1074607126a4b

Authored by michael
1 parent dfcbb4dd

completed adding php session handling 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@57 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 49 additions and 48 deletions
lib/Session.inc
  View file @4c92972
@@ -21,12 +21,21 @@ class Session { @@ -21,12 +21,21 @@ class Session {
21 function create($userID) { 21 function create($userID) {
22 global $default; 22 global $default;
23 23
24 - // create the session id from a md5 of the current time  
25 - $current = time();  
26 - //$random = $this->sessionID . $current;  
27 - $sessionID = md5($current);  
28 - $sql = new Owl_DB; 24 + session_start();
  25 +
  26 + // bind userID to session
  27 + $_SESSION['userID'] = $userID;
  28 + // lookup user class and add to session
  29 + //$_SESSION['userClass'] = lookupUserClass($userID);
29 30
  31 + // lookup group id and add to session
  32 + //$_SESSION['groupID'] = lookupGroupID($userID);
  33 + $_SESSION['groupID'] = owlusergroup($userID);
  34 +
  35 + // use the PHP generated session id
  36 + $sessionID = session_id();
  37 +
  38 +
30 // retrieve client ip 39 // retrieve client ip
31 if(getenv("HTTP_CLIENT_IP")) { 40 if(getenv("HTTP_CLIENT_IP")) {
32 $ip = getenv("HTTP_CLIENT_IP"); 41 $ip = getenv("HTTP_CLIENT_IP");
@@ -36,9 +45,11 @@ class Session { @@ -36,9 +45,11 @@ class Session {
36 } else { 45 } else {
37 $ip = getenv("REMOTE_ADDR"); 46 $ip = getenv("REMOTE_ADDR");
38 } 47 }
39 - 48 +
  49 + $current = time();
40 // insert session information into db 50 // insert session information into db
41 - $result = $sql->query("insert into $default->owl_sessions_table values ('$sessionID', '$userID', '$current', '$ip')"); 51 + $sql = new Owl_DB;
  52 + $result = $sql->query("insert into $default->owl_sessions_table (sessid, uid, lastused, ip) values ('$sessionID', '$userID', '$current', '$ip')");
42 53
43 if(!'result') { 54 if(!'result') {
44 die("$lang_err_sess_write"); 55 die("$lang_err_sess_write");
@@ -48,14 +59,20 @@ class Session { @@ -48,14 +59,20 @@ class Session {
48 } 59 }
49 60
50 /** 61 /**
51 - * Removes the specified session from the application.  
52 - *  
53 - * @param sessionID  
54 - * the session to remove 62 + * Destroys the current session.
55 */ 63 */
56 - function remove($sessionID) { 64 + function destroy() {
  65 + global $default;
  66 +
  67 + session_start();
  68 + // remove the session information from the database
57 $sql = new Owl_DB; 69 $sql = new Owl_DB;
58 - $sql->query("delete from $default->owl_sessions_table where sessid = '$sessionID'"); 70 + $query = "delete from $default->owl_sessions_table where sessid = '" . session_id() . "'";
  71 + $sql->query($query);
  72 +
  73 + // remove the php4 session
  74 + session_unset();
  75 + session_destroy();
59 } 76 }
60 77
61 /** 78 /**
@@ -64,25 +81,27 @@ class Session { @@ -64,25 +81,27 @@ class Session {
64 * @param userID 81 * @param userID
65 * the userID to remove stale sessions for 82 * the userID to remove stale sessions for
66 */ 83 */
67 - function removeStateSessions($userID) { 84 + function removeStaleSessions($userID) {
  85 + global $default;
  86 + // deletes any sessions for this userID where the default timeout has elapsed.
68 $time = time() - $default->owl_timeout; 87 $time = time() - $default->owl_timeout;
69 $sql = new Owl_DB; 88 $sql = new Owl_DB;
70 $sql->query("delete from $default->owl_sessions_table where uid = '" . $userID . "' and lastused <= $time "); 89 $sql->query("delete from $default->owl_sessions_table where uid = '" . $userID . "' and lastused <= $time ");
71 } 90 }
72 91
73 /** 92 /**
74 - * Used to verify a users session 93 + * Used to verify the current user's session.
75 * 94 *
76 - * @param $sessionID  
77 - * The session id to verify  
78 * @return 95 * @return
79 - * array containing the userID, groupID and session verifiction status 96 + * array containing the userID, groupID and session verification status
80 */ 97 */
81 - function verify($sessionID) {  
82 - 98 + function verify() {
83 getprefs(); 99 getprefs();
84 global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin; 100 global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;
85 - $sess = ltrim($sessionID); 101 + session_start();
  102 +
  103 + $sessionID = session_id();
  104 +
86 // initialise return status 105 // initialise return status
87 $verified["status"] = 0; 106 $verified["status"] = 0;
88 107
@@ -108,46 +127,28 @@ class Session { @@ -108,46 +127,28 @@ class Session {
108 if ($ip == $sql->f("ip")) { 127 if ($ip == $sql->f("ip")) {
109 // if timeout not exceeded 128 // if timeout not exceeded
110 if(($time - $sql->f("lastused")) <= $default->owl_timeout) { 129 if(($time - $sql->f("lastused")) <= $default->owl_timeout) {
  130 + // set verified status
111 $verified["status"] = 1; 131 $verified["status"] = 1;
  132 + // update userID? this should be the same value on the session
112 $verified["userID"] = $sql->f("uid"); 133 $verified["userID"] = $sql->f("uid");
113 $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'"); 134 $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");
114 while($sql->next_record()) { 135 while($sql->next_record()) {
115 $verified["groupID"] = $sql->f("groupid"); 136 $verified["groupID"] = $sql->f("groupid");
116 } 137 }
  138 + // session verified, so update last user time
  139 + $lastused = time();
  140 + $userID = $sessionStatus["userID"];
  141 + $sql->query("update $default->owl_sessions_table set lastused = '$lastused' where uid = '$userID'");
  142 +
117 } else { 143 } else {
118 - // TODO: don't want html here  
119 // session time out status 144 // session time out status
120 $verified["status"] = 2; 145 $verified["status"] = 2;
121 - /*  
122 - // Bozz Bug Fix begin  
123 - if (file_exists("./lib/header.inc")) {  
124 - include("./lib/header.inc");  
125 - } else {  
126 - include("../lib/header.inc");  
127 - }  
128 - // Bozz Bug Fix End  
129 - print("<BR><BR><CENTER>".$lang_sesstimeout);  
130 - if ($parent == "" || $fileid == "") {  
131 - print("<A HREF='$default->owl_root_url/index.php'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");  
132 - } else {  
133 - print("<A HREF='$default->owl_root_url/index.php?parent=$parent&fileid=$fileid'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");  
134 - }  
135 - exit();*/ 146 + $verified["errorMessage"] = $lang_sesstimeout;
136 } 147 }
137 } else { 148 } else {
138 // session in use status 149 // session in use status
139 $verified["status"] = 3; 150 $verified["status"] = 3;
140 - /*  
141 - // Bozz Bug Fix begin  
142 - if (file_exists("./lib/header.inc")) {  
143 - include("./lib/header.inc");  
144 - } else {  
145 - include("../lib/header.inc");  
146 - }  
147 - // Bozz Bug Fix End  
148 - print("<BR><BR><CENTER>".$lang_sessinuse);  
149 - exit;  
150 - */ 151 + $verified["errorMessage"] = $lang_sessinuse;
151 } 152 }
152 } 153 }
153 } 154 }