Peter M. Groen / knowledgetree

Commit b0705ac3d69466321f28cb4a352aafc46734a948

Authored by michael
1 parent 36bdb337

updated session error handling and sql formatting 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@259 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 22 additions and 20 deletions
lib/Session.inc
  View file @b0705ac
@@ -4,17 +4,17 @@ @@ -4,17 +4,17 @@
4 * 4 *
5 * This class is used for session management. 5 * This class is used for session management.
6 * 6 *
7 - * @author owl sourceforge team 7 + * @author <a href="mailto:michael@jamwarehouse.com">Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa
8 * @version $Revision$ 8 * @version $Revision$
9 - * @package Owl 9 + * @package dmslib
10 */ 10 */
11 class Session { 11 class Session {
12 12
13 /** 13 /**
14 * Creates a session. 14 * Creates a session.
15 * 15 *
16 - * @param $userDetails array containing user details  
17 - * @return returns the generated sessionID 16 + * @param array $userDetails the details of the user to create a session for
  17 + * @return string the generated sessionID
18 */ 18 */
19 function create($userDetails) { 19 function create($userDetails) {
20 global $default; 20 global $default;
@@ -39,8 +39,8 @@ class Session { @@ -39,8 +39,8 @@ class Session {
39 39
40 // insert session information into db 40 // insert session information into db
41 $sql = new Owl_DB; 41 $sql = new Owl_DB;
42 - $query = "insert into $default->owl_sessions_table (session_id, user_id, lastused, ip) values ('$sessionID', '$userID', '" . date("Y-m-d H:i:s", time()) . "', '$ip')";  
43 - //echo "query=$query<br>"; 42 + $query = "INSERT INTO $default->owl_sessions_table (session_id, user_id, lastused, ip) VALUES ('$sessionID', '$userID', '" . date("Y-m-d H:i:s", time()) . "', '$ip')";
  43 +
44 $result = $sql->query($query); 44 $result = $sql->query($query);
45 if(!$result) { 45 if(!$result) {
46 die("$lang_err_sess_write"); 46 die("$lang_err_sess_write");
@@ -58,7 +58,7 @@ class Session { @@ -58,7 +58,7 @@ class Session {
58 session_start(); 58 session_start();
59 // remove the session information from the database 59 // remove the session information from the database
60 $sql = new Owl_DB; 60 $sql = new Owl_DB;
61 - $query = "delete from $default->owl_sessions_table where session_id = '" . session_id() . "'"; 61 + $query = "DELETE FROM $default->owl_sessions_table WHERE session_id = '" . session_id() . "'";
62 $sql->query($query); 62 $sql->query($query);
63 63
64 // remove the php4 session 64 // remove the php4 session
@@ -77,7 +77,7 @@ class Session { @@ -77,7 +77,7 @@ class Session {
77 // deletes any sessions for this userID where the default timeout has elapsed. 77 // deletes any sessions for this userID where the default timeout has elapsed.
78 $time = time() - $default->owl_timeout; 78 $time = time() - $default->owl_timeout;
79 $sql = new Owl_DB; 79 $sql = new Owl_DB;
80 - $sql->query("delete from $default->owl_sessions_table where user_id = '" . $userID . "' and lastused <= '" . date("Y-m-d H:i:s",$time) . "'"); 80 + $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id = '" . $userID . "' AND lastused <= '" . date("Y-m-d H:i:s",$time) . "'");
81 } 81 }
82 82
83 /** 83 /**
@@ -95,11 +95,11 @@ class Session { @@ -95,11 +95,11 @@ class Session {
95 if (strlen($sessionID) > 0) { 95 if (strlen($sessionID) > 0) {
96 96
97 // initialise return status 97 // initialise return status
98 - $sessionStatus["status"] = 0; 98 + $sessionStatus = 0;
99 99
100 // this should be an existing session, so check the db 100 // this should be an existing session, so check the db
101 $sql = new Owl_DB; 101 $sql = new Owl_DB;
102 - $sql->query("select * from $default->owl_sessions_table where session_id = '$sessionID'"); 102 + $sql->query("SELECT * FROM $default->owl_sessions_table WHERE session_id = '$sessionID'");
103 $numrows = $sql->num_rows($sql); 103 $numrows = $sql->num_rows($sql);
104 104
105 // found one match 105 // found one match
@@ -117,32 +117,34 @@ class Session { @@ -117,32 +117,34 @@ class Session {
117 $default->log->debug("Session::verify timeout = " . $default->owl_timeout . "; diff=$diff"); 117 $default->log->debug("Session::verify timeout = " . $default->owl_timeout . "; diff=$diff");
118 if((time() - strtotime($lastused)) <= $default->owl_timeout) { 118 if((time() - strtotime($lastused)) <= $default->owl_timeout) {
119 // session has been verified, update status 119 // session has been verified, update status
120 - $sessionStatus["status"] = 1; 120 + $sessionStatus = 1;
  121 + // ??: will this change during a user session?
121 // only set the userID if its not in the array already 122 // only set the userID if its not in the array already
122 - if (!$sessionStatus["userID"]) {  
123 - $sessionStatus["userID"] = $sql->f("user_id"); 123 + if (!$_SESSION["userID"]) {
  124 + $_SESSION["userID"] = $sql->f("user_id");
124 } 125 }
125 // lookup the user 126 // lookup the user
126 - $sql->query("select * from $default->owl_users_table where id = '".$sessionStatus["userid"]."'"); 127 + $sql->query("SELECT * FROM $default->owl_users_groups_table WHERE id = ".$_SESSION["userID"]);
127 while($sql->next_record()) { 128 while($sql->next_record()) {
128 // FIXME: this much change to look at users_groups_link 129 // FIXME: this much change to look at users_groups_link
129 // only set the groupID if its not in the array already 130 // only set the groupID if its not in the array already
130 - if (!$sessionStatus["groupID"]) {  
131 - $sessionStatus["groupID"] = $sql->f("group_id"); 131 + if (!$_SESSION["groupID"]) {
  132 + $_SESSION["groupID"] = $sql->f("group_id");
132 } 133 }
133 } 134 }
134 // update last used timestamps 135 // update last used timestamps
135 - $sql->query("update $default->owl_sessions_table set lastused = '" . date("Y-m-d H:i:s",time()) ."' where user_id = '" . $sessionStatus["userID"] . "'"); 136 + $sql->query("UPDATE $default->owl_sessions_table SET lastused = '" . date("Y-m-d H:i:s",time()) ."' " .
  137 + "WHERE user_id = " . $_SESSION["userID"] . " AND session_id = '$sessionID'");
136 // add the array to the session 138 // add the array to the session
137 $_SESSION["sessionStatus"] = $sessionStatus; 139 $_SESSION["sessionStatus"] = $sessionStatus;
138 } else { 140 } else {
139 // session timed out status 141 // session timed out status
140 - $sessionStatus["status"] = 2; 142 + $sessionStatus = 2;
141 $default->errorMessage = $lang_sesstimeout; 143 $default->errorMessage = $lang_sesstimeout;
142 } 144 }
143 } else { 145 } else {
144 // session in use status 146 // session in use status
145 - $sessionStatus["status"] = 3; 147 + $sessionStatus = 3;
146 $default->errorMessage = $lang_sessinuse; 148 $default->errorMessage = $lang_sessinuse;
147 } 149 }
148 } 150 }
@@ -153,7 +155,7 @@ class Session { @@ -153,7 +155,7 @@ class Session {
153 return false; 155 return false;
154 } 156 }
155 // return the array 157 // return the array
156 - $output = "Session::verify returning sessionStatus[\"status\"]=" . $sessionStatus["status"]; 158 + $output = "Session::verify returning sessionStatus[\"status\"]=" . $sessionStatus;
157 $default->log->debug($output); 159 $default->log->debug($output);
158 return $sessionStatus; 160 return $sessionStatus;
159 } 161 }