Commit 858c2539bedb321bf056adb81e374eb05668c0d6
1 parent
036a0a60
KTS-3020
"When sent a link to a document in KnowledgeTree, asked to log in, but not taken to the document - taken to the dashboard." Fixed. Modified the check on the last user to use the ip address and check if the last user timed out or not. Committed by: Megan Watson Reviewed by: Jonathan Byrne git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8060 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
57 additions
and
27 deletions
login.php
| ... | ... | @@ -8,32 +8,32 @@ |
| 8 | 8 | * KnowledgeTree Open Source Edition |
| 9 | 9 | * Document Management Made Simple |
| 10 | 10 | * Copyright (C) 2004 - 2008 The Jam Warehouse Software (Pty) Limited |
| 11 | - * | |
| 11 | + * | |
| 12 | 12 | * This program is free software; you can redistribute it and/or modify it under |
| 13 | 13 | * the terms of the GNU General Public License version 3 as published by the |
| 14 | 14 | * Free Software Foundation. |
| 15 | - * | |
| 15 | + * | |
| 16 | 16 | * This program is distributed in the hope that it will be useful, but WITHOUT |
| 17 | 17 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
| 18 | 18 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more |
| 19 | 19 | * details. |
| 20 | - * | |
| 20 | + * | |
| 21 | 21 | * You should have received a copy of the GNU General Public License |
| 22 | 22 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 23 | - * | |
| 23 | + * | |
| 24 | 24 | * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place, |
| 25 | 25 | * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com. |
| 26 | - * | |
| 26 | + * | |
| 27 | 27 | * The interactive user interfaces in modified source and object code versions |
| 28 | 28 | * of this program must display Appropriate Legal Notices, as required under |
| 29 | 29 | * Section 5 of the GNU General Public License version 3. |
| 30 | - * | |
| 30 | + * | |
| 31 | 31 | * In accordance with Section 7(b) of the GNU General Public License version 3, |
| 32 | 32 | * these Appropriate Legal Notices must retain the display of the "Powered by |
| 33 | - * KnowledgeTree" logo and retain the original copyright notice. If the display of the | |
| 33 | + * KnowledgeTree" logo and retain the original copyright notice. If the display of the | |
| 34 | 34 | * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices |
| 35 | - * must display the words "Powered by KnowledgeTree" and retain the original | |
| 36 | - * copyright notice. | |
| 35 | + * must display the words "Powered by KnowledgeTree" and retain the original | |
| 36 | + * copyright notice. | |
| 37 | 37 | * Contributor( s): ______________________________________ |
| 38 | 38 | */ |
| 39 | 39 | |
| ... | ... | @@ -95,24 +95,24 @@ class LoginPageDispatcher extends KTDispatcher { |
| 95 | 95 | #var_dump($oUser); |
| 96 | 96 | #var_dump(PEAR::raiseError()); |
| 97 | 97 | } |
| 98 | - $iOldUserID = checkLastSessionUserID(); | |
| 99 | - | |
| 100 | - //if the current person logging in isn't the same person who logged out or timed out | |
| 101 | - //then set the redirect to the dashboard and not the last page that was viewed. | |
| 102 | - if ($oUser->getId() != $iOldUserID['user_id']) | |
| 98 | + | |
| 99 | + // If the last user from the same IP address timed out within the last hour then redirect to the dashboard | |
| 100 | + // Otherwise allow any other redirect to continue. | |
| 101 | + // The user might still be taken to the last page of the previous users session but | |
| 102 | + // if we always redirect to dashboard then we break other features such as linking in from emails or documents. | |
| 103 | + if (checkLastSessionUserID($oUser->getId())) | |
| 103 | 104 | { |
| 104 | 105 | $_REQUEST['redirect'] = generateControllerLink('dashboard'); |
| 105 | - | |
| 106 | 106 | } |
| 107 | - | |
| 107 | + | |
| 108 | 108 | $session = new Session(); |
| 109 | 109 | $sessionID = $session->create($oUser); |
| 110 | 110 | if (PEAR::isError($sessionID)) { |
| 111 | 111 | return $sessionID; |
| 112 | 112 | } |
| 113 | - | |
| 113 | + | |
| 114 | 114 | $redirect = KTUtil::arrayGet($_REQUEST, 'redirect'); |
| 115 | - | |
| 115 | + | |
| 116 | 116 | // DEPRECATED initialise page-level authorisation array |
| 117 | 117 | $_SESSION["pageAccess"] = NULL; |
| 118 | 118 | |
| ... | ... | @@ -156,9 +156,9 @@ class LoginPageDispatcher extends KTDispatcher { |
| 156 | 156 | |
| 157 | 157 | $errorMessage = KTUtil::arrayGet($_REQUEST, 'errorMessage'); |
| 158 | 158 | session_start(); |
| 159 | - | |
| 159 | + | |
| 160 | 160 | $errorMessageConfirm = $_SESSION['errormessage']['login']; |
| 161 | - | |
| 161 | + | |
| 162 | 162 | $redirect = KTUtil::arrayGet($_REQUEST, 'redirect'); |
| 163 | 163 | |
| 164 | 164 | $oReg =& KTi18nregistry::getSingleton(); |
| ... | ... | @@ -337,16 +337,46 @@ class LoginPageDispatcher extends KTDispatcher { |
| 337 | 337 | } |
| 338 | 338 | } |
| 339 | 339 | |
| 340 | -//FIXME Direct Database Access | |
| 341 | -//checkLastSessionUserID finds the last user to logout or timeout | |
| 342 | -function checkLastSessionUserID() | |
| 340 | +/** | |
| 341 | + * Check if the last user logging in from the same IP as the current user timed out in the last hour. | |
| 342 | + * | |
| 343 | + * @param unknown_type $userId | |
| 344 | + * @return unknown | |
| 345 | + */ | |
| 346 | +function checkLastSessionUserID($userId) | |
| 343 | 347 | { |
| 344 | - $sQuery = 'SELECT user_id FROM user_history ORDER BY id DESC LIMIT 1'; | |
| 345 | - $res = DBUtil::getOneResult($sQuery); | |
| 346 | - return $res; | |
| 348 | + // Get the current users IP Address | |
| 349 | + $sIp = '%'.$_SERVER['REMOTE_ADDR']; | |
| 350 | + | |
| 351 | + // Get the time for a day ago and an hour ago | |
| 352 | + $dif = time() - (24*60*60); | |
| 353 | + $sDayAgo = date('Y-m-d H:i:s', $dif); | |
| 354 | + $dif2 = time() - (60*60); | |
| 355 | + $sHourAgo = date('Y-m-d H:i:s', $dif2); | |
| 356 | + | |
| 357 | + // Get the session id for the last user to log in from the current IP address within the last day | |
| 358 | + // Use the session id to find if that user logged out or timed out within the last hour. | |
| 359 | + $sQuery = 'SELECT user_id, action_namespace FROM user_history | |
| 360 | + WHERE datetime > ? AND | |
| 361 | + session_id = (SELECT session_id FROM user_history WHERE comments LIKE ? AND datetime > ? ORDER BY id DESC LIMIT 1) | |
| 362 | + ORDER BY id DESC LIMIT 1'; | |
| 363 | + | |
| 364 | + $aParams = array($sHourAgo, $sIp, $sDayAgo); | |
| 365 | + $res = DBUtil::getOneResult(array($sQuery, $aParams)); | |
| 366 | + | |
| 367 | + if(PEAR::isError($res) || empty($res)){ | |
| 368 | + return false; | |
| 369 | + } | |
| 370 | + | |
| 371 | + // Check whether the user timed out and whether it was the current user or a different one | |
| 372 | + if($res['action_namespace'] == 'ktcore.user_history.timeout' && $res['user_id'] != $userId){ | |
| 373 | + return true; | |
| 374 | + } | |
| 375 | + | |
| 376 | + return false; | |
| 347 | 377 | } |
| 348 | 378 | |
| 349 | 379 | $dispatcher =& new LoginPageDispatcher(); |
| 350 | 380 | $dispatcher->dispatch(); |
| 351 | 381 | |
| 352 | 382 | -?> |
| 383 | +?> | |
| 353 | 384 | \ No newline at end of file | ... | ... |