Peter M. Groen / knowledgetree

Commit 83a54bfd1f6f77fc63336b62f9f6a5c54aea297e

Authored by michael
1 parent e961b406

updated session class to only add userID to the session 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@308 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 24 additions and 37 deletions
lib/Session.inc
  View file @83a54bf
@@ -13,29 +13,24 @@ class Session { @@ -13,29 +13,24 @@ class Session {
13 /** 13 /**
14 * Creates a session. 14 * Creates a session.
15 * 15 *
16 - * @param array $userDetails the details of the user to create a session for  
17 - * @return string the generated sessionID 16 + * @param $userID the id of the user to create a session for
  17 + * @return string the generated sessionID
18 */ 18 */
19 - function create($userDetails) { 19 + function create($userID) {
20 global $default; 20 global $default;
21 21
22 session_start(); 22 session_start();
23 23
24 - // bind user details to session  
25 - $_SESSION["userID"] = $userDetails["userID"];  
26 - /*  
27 - $_SESSION["groupID"] = $userDetails["groupID"];  
28 - $_SESSION["unitID"] = $userDetails["unitID"];  
29 - $_SESSION["organisationID"] = $userDetails["organisationID"];  
30 - $_SESSION["username"] = $userDetails["username"];  
31 - */  
32 - $default->log->debug("Session::create session variables=" . arrayToString($_SESSION)); 24 + // bind user id to session
  25 + $_SESSION["userID"] = $userID;
33 26
34 // use the PHP generated session id 27 // use the PHP generated session id
35 $sessionID = session_id(); 28 $sessionID = session_id();
36 - 29 +
37 // retrieve client ip 30 // retrieve client ip
38 $ip = $this->getClientIP(); 31 $ip = $this->getClientIP();
  32 +
  33 + $default->log->debug("Session::create() new session for $userID, from $ip, sessionID=$sessionID");
39 34
40 // insert session information into db 35 // insert session information into db
41 $sql = new Owl_DB; 36 $sql = new Owl_DB;
@@ -77,7 +72,7 @@ class Session { @@ -77,7 +72,7 @@ class Session {
77 // deletes any sessions for this userID where the default timeout has elapsed. 72 // deletes any sessions for this userID where the default timeout has elapsed.
78 $time = time() - $default->owl_timeout; 73 $time = time() - $default->owl_timeout;
79 $sql = new Owl_DB; 74 $sql = new Owl_DB;
80 - $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id = '" . $userID . "' AND lastused <= '" . date("Y-m-d H:i:s",$time) . "'"); 75 + $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id = '" . $userID . "' AND lastused <= '" . formatDateTime($time) . "'");
81 } 76 }
82 77
83 /** 78 /**
@@ -91,9 +86,8 @@ class Session { @@ -91,9 +86,8 @@ class Session {
91 86
92 session_start(); 87 session_start();
93 $sessionID = session_id(); 88 $sessionID = session_id();
94 - $default->log->debug("Session::verify retrieved sessionID=$sessionID"); 89 + $default->log->debug("Session::verify() retrieved sessionID=$sessionID");
95 if (strlen($sessionID) > 0) { 90 if (strlen($sessionID) > 0) {
96 -  
97 // initialise return status 91 // initialise return status
98 $sessionStatus = 0; 92 $sessionStatus = 0;
99 93
@@ -101,21 +95,21 @@ class Session { @@ -101,21 +95,21 @@ class Session {
101 $sql = new Owl_DB; 95 $sql = new Owl_DB;
102 $sql->query("SELECT * FROM $default->owl_sessions_table WHERE session_id = '$sessionID'"); 96 $sql->query("SELECT * FROM $default->owl_sessions_table WHERE session_id = '$sessionID'");
103 $numrows = $sql->num_rows($sql); 97 $numrows = $sql->num_rows($sql);
104 -  
105 - // found one match  
106 - if ($numrows == 1) { 98 +
  99 + // FIXME: if there aren't more rows that the max sessions for this user
  100 + if ($numrows >= 1) {
107 $userID = $sql->f("user_id"); 101 $userID = $sql->f("user_id");
108 - $default->log->debug("Session::verify found session in db"); 102 + $default->log->debug("Session::verify() found session in db");
109 while($sql->next_record()) { 103 while($sql->next_record()) {
110 $ip = $this->getClientIP(); 104 $ip = $this->getClientIP();
111 // check that ip matches 105 // check that ip matches
112 if ($ip == $sql->f("ip")) { 106 if ($ip == $sql->f("ip")) {
113 // now check if the timeout has been exceeded 107 // now check if the timeout has been exceeded
114 $lastused = $sql->f("lastused"); 108 $lastused = $sql->f("lastused");
115 - $default->log->debug("Session::verify lastused=$lastused; str=" . strtotime($lastused));  
116 - $default->log->debug("Session::verify current time=" . time()); 109 + $default->log->debug("Session::verify() lastused=$lastused; str=" . strtotime($lastused));
  110 + $default->log->debug("Session::verify() current time=" . time());
117 $diff = time() - strtotime($lastused); 111 $diff = time() - strtotime($lastused);
118 - $default->log->debug("Session::verify timeout = " . $default->owl_timeout . "; diff=$diff"); 112 + $default->log->debug("Session::verify() timeout = " . $default->owl_timeout . "; diff=$diff");
119 if($diff <= $default->owl_timeout) { 113 if($diff <= $default->owl_timeout) {
120 // session has been verified, update status 114 // session has been verified, update status
121 $sessionStatus = 1; 115 $sessionStatus = 1;
@@ -126,23 +120,17 @@ class Session { @@ -126,23 +120,17 @@ class Session {
126 if (!$_SESSION["userID"]) { 120 if (!$_SESSION["userID"]) {
127 $_SESSION["userID"] = $sql->f("user_id"); 121 $_SESSION["userID"] = $sql->f("user_id");
128 } 122 }
129 - // lookup the user  
130 - $sql->query("SELECT * FROM $default->owl_users_groups_table WHERE id = ".$_SESSION["userID"]);  
131 - while($sql->next_record()) {  
132 - // FIXME: this much change to look at users_groups_link  
133 - // only set the groupID if its not in the array already  
134 - if (!$_SESSION["groupID"]) {  
135 - $_SESSION["groupID"] = $sql->f("group_id");  
136 - }  
137 - }  
138 - // update last used timestamps  
139 - $sql->query("UPDATE $default->owl_sessions_table SET lastused = '" . date("Y-m-d H:i:s",time()) ."' " . 123 +
  124 + // update last used timestamp
  125 + $sql->query("UPDATE $default->owl_sessions_table SET lastused = '" . getCurrentDateTime() ."' " .
140 "WHERE user_id = " . $_SESSION["userID"] . " AND session_id = '$sessionID'"); 126 "WHERE user_id = " . $_SESSION["userID"] . " AND session_id = '$sessionID'");
141 // add the array to the session 127 // add the array to the session
142 $_SESSION["sessionStatus"] = $sessionStatus; 128 $_SESSION["sessionStatus"] = $sessionStatus;
143 } else { 129 } else {
144 // session timed out status 130 // session timed out status
145 $sessionStatus = 2; 131 $sessionStatus = 2;
  132 + // destroy this session
  133 + $this->destroy();
146 // remove old sessions 134 // remove old sessions
147 Session::removeStaleSessions($userID); 135 Session::removeStaleSessions($userID);
148 $_SESSION["errorMessage"] = $lang_sesstimeout; 136 $_SESSION["errorMessage"] = $lang_sesstimeout;
@@ -155,13 +143,12 @@ class Session { @@ -155,13 +143,12 @@ class Session {
155 } 143 }
156 } 144 }
157 } else { 145 } else {
158 - $default->log->error("Session::verify session not in db"); 146 + $default->log->error("verify() session not in db");
159 // there is no session 147 // there is no session
160 return false; 148 return false;
161 } 149 }
162 // return the array 150 // return the array
163 - $output = "Session::verify returning sessionStatus[\"status\"]=" . $sessionStatus;  
164 - $default->log->debug($output); 151 + $default->log->debug("Session::verify() returning sessionStatus[\"status\"]=" . $sessionStatus);
165 return $sessionStatus; 152 return $sessionStatus;
166 } 153 }
167 154