Peter M. Groen / knowledgetree

Commit 83a54bfd1f6f77fc63336b62f9f6a5c54aea297e

Authored by michael
1 parent e961b406

updated session class to only add userID to the session 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@308 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 24 additions and 37 deletions
lib/Session.inc
  View file @83a54bf
... ... @@ -13,29 +13,24 @@ class Session {
13 13 /**
14 14 * Creates a session.
15 15 *
16   - * @param array $userDetails the details of the user to create a session for
17   - * @return string the generated sessionID
  16 + * @param $userID the id of the user to create a session for
  17 + * @return string the generated sessionID
18 18 */
19   - function create($userDetails) {
  19 + function create($userID) {
20 20 global $default;
21 21  
22 22 session_start();
23 23  
24   - // bind user details to session
25   - $_SESSION["userID"] = $userDetails["userID"];
26   - /*
27   - $_SESSION["groupID"] = $userDetails["groupID"];
28   - $_SESSION["unitID"] = $userDetails["unitID"];
29   - $_SESSION["organisationID"] = $userDetails["organisationID"];
30   - $_SESSION["username"] = $userDetails["username"];
31   - */
32   - $default->log->debug("Session::create session variables=" . arrayToString($_SESSION));
  24 + // bind user id to session
  25 + $_SESSION["userID"] = $userID;
33 26  
34 27 // use the PHP generated session id
35 28 $sessionID = session_id();
36   -
  29 +
37 30 // retrieve client ip
38 31 $ip = $this->getClientIP();
  32 +
  33 + $default->log->debug("Session::create() new session for $userID, from $ip, sessionID=$sessionID");
39 34  
40 35 // insert session information into db
41 36 $sql = new Owl_DB;
... ... @@ -77,7 +72,7 @@ class Session {
77 72 // deletes any sessions for this userID where the default timeout has elapsed.
78 73 $time = time() - $default->owl_timeout;
79 74 $sql = new Owl_DB;
80   - $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id = '" . $userID . "' AND lastused <= '" . date("Y-m-d H:i:s",$time) . "'");
  75 + $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id = '" . $userID . "' AND lastused <= '" . formatDateTime($time) . "'");
81 76 }
82 77  
83 78 /**
... ... @@ -91,9 +86,8 @@ class Session {
91 86  
92 87 session_start();
93 88 $sessionID = session_id();
94   - $default->log->debug("Session::verify retrieved sessionID=$sessionID");
  89 + $default->log->debug("Session::verify() retrieved sessionID=$sessionID");
95 90 if (strlen($sessionID) > 0) {
96   -
97 91 // initialise return status
98 92 $sessionStatus = 0;
99 93  
... ... @@ -101,21 +95,21 @@ class Session {
101 95 $sql = new Owl_DB;
102 96 $sql->query("SELECT * FROM $default->owl_sessions_table WHERE session_id = '$sessionID'");
103 97 $numrows = $sql->num_rows($sql);
104   -
105   - // found one match
106   - if ($numrows == 1) {
  98 +
  99 + // FIXME: if there aren't more rows that the max sessions for this user
  100 + if ($numrows >= 1) {
107 101 $userID = $sql->f("user_id");
108   - $default->log->debug("Session::verify found session in db");
  102 + $default->log->debug("Session::verify() found session in db");
109 103 while($sql->next_record()) {
110 104 $ip = $this->getClientIP();
111 105 // check that ip matches
112 106 if ($ip == $sql->f("ip")) {
113 107 // now check if the timeout has been exceeded
114 108 $lastused = $sql->f("lastused");
115   - $default->log->debug("Session::verify lastused=$lastused; str=" . strtotime($lastused));
116   - $default->log->debug("Session::verify current time=" . time());
  109 + $default->log->debug("Session::verify() lastused=$lastused; str=" . strtotime($lastused));
  110 + $default->log->debug("Session::verify() current time=" . time());
117 111 $diff = time() - strtotime($lastused);
118   - $default->log->debug("Session::verify timeout = " . $default->owl_timeout . "; diff=$diff");
  112 + $default->log->debug("Session::verify() timeout = " . $default->owl_timeout . "; diff=$diff");
119 113 if($diff <= $default->owl_timeout) {
120 114 // session has been verified, update status
121 115 $sessionStatus = 1;
... ... @@ -126,23 +120,17 @@ class Session {
126 120 if (!$_SESSION["userID"]) {
127 121 $_SESSION["userID"] = $sql->f("user_id");
128 122 }
129   - // lookup the user
130   - $sql->query("SELECT * FROM $default->owl_users_groups_table WHERE id = ".$_SESSION["userID"]);
131   - while($sql->next_record()) {
132   - // FIXME: this much change to look at users_groups_link
133   - // only set the groupID if its not in the array already
134   - if (!$_SESSION["groupID"]) {
135   - $_SESSION["groupID"] = $sql->f("group_id");
136   - }
137   - }
138   - // update last used timestamps
139   - $sql->query("UPDATE $default->owl_sessions_table SET lastused = '" . date("Y-m-d H:i:s",time()) ."' " .
  123 +
  124 + // update last used timestamp
  125 + $sql->query("UPDATE $default->owl_sessions_table SET lastused = '" . getCurrentDateTime() ."' " .
140 126 "WHERE user_id = " . $_SESSION["userID"] . " AND session_id = '$sessionID'");
141 127 // add the array to the session
142 128 $_SESSION["sessionStatus"] = $sessionStatus;
143 129 } else {
144 130 // session timed out status
145 131 $sessionStatus = 2;
  132 + // destroy this session
  133 + $this->destroy();
146 134 // remove old sessions
147 135 Session::removeStaleSessions($userID);
148 136 $_SESSION["errorMessage"] = $lang_sesstimeout;
... ... @@ -155,13 +143,12 @@ class Session {
155 143 }
156 144 }
157 145 } else {
158   - $default->log->error("Session::verify session not in db");
  146 + $default->log->error("verify() session not in db");
159 147 // there is no session
160 148 return false;
161 149 }
162 150 // return the array
163   - $output = "Session::verify returning sessionStatus[\"status\"]=" . $sessionStatus;
164   - $default->log->debug($output);
  151 + $default->log->debug("Session::verify() returning sessionStatus[\"status\"]=" . $sessionStatus);
165 152 return $sessionStatus;
166 153 }
167 154  
... ...