Peter M. Groen / knowledgetree

Commit b0705ac3d69466321f28cb4a352aafc46734a948

Authored by michael
1 parent 36bdb337

updated session error handling and sql formatting 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@259 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 22 additions and 20 deletions
lib/Session.inc
  View file @b0705ac
... ... @@ -4,17 +4,17 @@
4 4 *
5 5 * This class is used for session management.
6 6 *
7   - * @author owl sourceforge team
  7 + * @author <a href="mailto:michael@jamwarehouse.com">Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa
8 8 * @version $Revision$
9   - * @package Owl
  9 + * @package dmslib
10 10 */
11 11 class Session {
12 12  
13 13 /**
14 14 * Creates a session.
15 15 *
16   - * @param $userDetails array containing user details
17   - * @return returns the generated sessionID
  16 + * @param array $userDetails the details of the user to create a session for
  17 + * @return string the generated sessionID
18 18 */
19 19 function create($userDetails) {
20 20 global $default;
... ... @@ -39,8 +39,8 @@ class Session {
39 39  
40 40 // insert session information into db
41 41 $sql = new Owl_DB;
42   - $query = "insert into $default->owl_sessions_table (session_id, user_id, lastused, ip) values ('$sessionID', '$userID', '" . date("Y-m-d H:i:s", time()) . "', '$ip')";
43   - //echo "query=$query<br>";
  42 + $query = "INSERT INTO $default->owl_sessions_table (session_id, user_id, lastused, ip) VALUES ('$sessionID', '$userID', '" . date("Y-m-d H:i:s", time()) . "', '$ip')";
  43 +
44 44 $result = $sql->query($query);
45 45 if(!$result) {
46 46 die("$lang_err_sess_write");
... ... @@ -58,7 +58,7 @@ class Session {
58 58 session_start();
59 59 // remove the session information from the database
60 60 $sql = new Owl_DB;
61   - $query = "delete from $default->owl_sessions_table where session_id = '" . session_id() . "'";
  61 + $query = "DELETE FROM $default->owl_sessions_table WHERE session_id = '" . session_id() . "'";
62 62 $sql->query($query);
63 63  
64 64 // remove the php4 session
... ... @@ -77,7 +77,7 @@ class Session {
77 77 // deletes any sessions for this userID where the default timeout has elapsed.
78 78 $time = time() - $default->owl_timeout;
79 79 $sql = new Owl_DB;
80   - $sql->query("delete from $default->owl_sessions_table where user_id = '" . $userID . "' and lastused <= '" . date("Y-m-d H:i:s",$time) . "'");
  80 + $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id = '" . $userID . "' AND lastused <= '" . date("Y-m-d H:i:s",$time) . "'");
81 81 }
82 82  
83 83 /**
... ... @@ -95,11 +95,11 @@ class Session {
95 95 if (strlen($sessionID) > 0) {
96 96  
97 97 // initialise return status
98   - $sessionStatus["status"] = 0;
  98 + $sessionStatus = 0;
99 99  
100 100 // this should be an existing session, so check the db
101 101 $sql = new Owl_DB;
102   - $sql->query("select * from $default->owl_sessions_table where session_id = '$sessionID'");
  102 + $sql->query("SELECT * FROM $default->owl_sessions_table WHERE session_id = '$sessionID'");
103 103 $numrows = $sql->num_rows($sql);
104 104  
105 105 // found one match
... ... @@ -117,32 +117,34 @@ class Session {
117 117 $default->log->debug("Session::verify timeout = " . $default->owl_timeout . "; diff=$diff");
118 118 if((time() - strtotime($lastused)) <= $default->owl_timeout) {
119 119 // session has been verified, update status
120   - $sessionStatus["status"] = 1;
  120 + $sessionStatus = 1;
  121 + // ??: will this change during a user session?
121 122 // only set the userID if its not in the array already
122   - if (!$sessionStatus["userID"]) {
123   - $sessionStatus["userID"] = $sql->f("user_id");
  123 + if (!$_SESSION["userID"]) {
  124 + $_SESSION["userID"] = $sql->f("user_id");
124 125 }
125 126 // lookup the user
126   - $sql->query("select * from $default->owl_users_table where id = '".$sessionStatus["userid"]."'");
  127 + $sql->query("SELECT * FROM $default->owl_users_groups_table WHERE id = ".$_SESSION["userID"]);
127 128 while($sql->next_record()) {
128 129 // FIXME: this much change to look at users_groups_link
129 130 // only set the groupID if its not in the array already
130   - if (!$sessionStatus["groupID"]) {
131   - $sessionStatus["groupID"] = $sql->f("group_id");
  131 + if (!$_SESSION["groupID"]) {
  132 + $_SESSION["groupID"] = $sql->f("group_id");
132 133 }
133 134 }
134 135 // update last used timestamps
135   - $sql->query("update $default->owl_sessions_table set lastused = '" . date("Y-m-d H:i:s",time()) ."' where user_id = '" . $sessionStatus["userID"] . "'");
  136 + $sql->query("UPDATE $default->owl_sessions_table SET lastused = '" . date("Y-m-d H:i:s",time()) ."' " .
  137 + "WHERE user_id = " . $_SESSION["userID"] . " AND session_id = '$sessionID'");
136 138 // add the array to the session
137 139 $_SESSION["sessionStatus"] = $sessionStatus;
138 140 } else {
139 141 // session timed out status
140   - $sessionStatus["status"] = 2;
  142 + $sessionStatus = 2;
141 143 $default->errorMessage = $lang_sesstimeout;
142 144 }
143 145 } else {
144 146 // session in use status
145   - $sessionStatus["status"] = 3;
  147 + $sessionStatus = 3;
146 148 $default->errorMessage = $lang_sessinuse;
147 149 }
148 150 }
... ... @@ -153,7 +155,7 @@ class Session {
153 155 return false;
154 156 }
155 157 // return the array
156   - $output = "Session::verify returning sessionStatus[\"status\"]=" . $sessionStatus["status"];
  158 + $output = "Session::verify returning sessionStatus[\"status\"]=" . $sessionStatus;
157 159 $default->log->debug($output);
158 160 return $sessionStatus;
159 161 }
... ...