Peter M. Groen / knowledgetree

Commit f361a91b1d99b6f27ba87fa925ae4b8c5d9a4873

Authored by Conrad Vermeulen
1 parent db032c2c

WSA-54 

"Session should restore userID to previous value otherwise it state will be lost"
Fixed.

Committed By: Conrad Vermeulen
Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7651 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 33 additions and 45 deletions
ktapi/KTAPISession.inc.php
  View file @f361a91
1 1 <?php
  2 +
2 3 /**
3 4 * $Id$
4 5 *
5 6 * KnowledgeTree Open Source Edition
6 7 * Document Management Made Simple
7 8 * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
8   - *
  9 + *
9 10 * This program is free software; you can redistribute it and/or modify it under
10 11 * the terms of the GNU General Public License version 3 as published by the
11 12 * Free Software Foundation.
12   - *
  13 + *
13 14 * This program is distributed in the hope that it will be useful, but WITHOUT
14 15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 16 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
16 17 * details.
17   - *
  18 + *
18 19 * You should have received a copy of the GNU General Public License
19 20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20   - *
  21 + *
21 22 * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
22 23 * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
23   - *
  24 + *
24 25 * The interactive user interfaces in modified source and object code versions
25 26 * of this program must display Appropriate Legal Notices, as required under
26 27 * Section 5 of the GNU General Public License version 3.
27   - *
  28 + *
28 29 * In accordance with Section 7(b) of the GNU General Public License version 3,
29 30 * these Appropriate Legal Notices must retain the display of the "Powered by
30   - * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  31 + * KnowledgeTree" logo and retain the original copyright notice. If the display of the
31 32 * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
32   - * must display the words "Powered by KnowledgeTree" and retain the original
33   - * copyright notice.
  33 + * must display the words "Powered by KnowledgeTree" and retain the original
  34 + * copyright notice.
34 35 * Contributor( s): ______________________________________
35 36 *
36 37 */
37 38  
38   -class KTAPI_Session
  39 +abstract class KTAPI_Session
39 40 {
40 41 var $ktapi;
41 42 var $user = null;
42 43 var $session = '';
43 44 var $sessionid = -1;
44 45 var $active;
  46 + var $origUserId;
45 47  
46   - function KTAPI_Session(&$ktapi, &$user)
  48 + public function KTAPI_Session(&$ktapi, &$user)
47 49 {
48 50 assert(!is_null($ktapi));
49 51 assert(is_a($ktapi,'KTAPI'));
... ... @@ -52,6 +54,7 @@ class KTAPI_Session
52 54  
53 55 $this->ktapi=&$ktapi;
54 56 $this->user=&$user;
  57 + $this->origUserId = $_SESSION['userID'];
55 58 $_SESSION['userID']=$user->getId();
56 59 $this->active = false;
57 60 }
... ... @@ -61,19 +64,19 @@ class KTAPI_Session
61 64 *
62 65 * @return string
63 66 */
64   - function get_session()
  67 + public function get_session()
65 68 {
66   - die('get_session() should be overloaded!');
  69 + return $this->session;
67 70 }
68 71  
69 72 /**
70   - * Return the session id
  73 + * This returns the sessionid in the database.
71 74 *
72 75 * @return int
73 76 */
74   - function get_sessionid()
  77 + public function get_sessionid()
75 78 {
76   - die('get_sessionid() should be overloaded!');
  79 + return $this->sessionid;
77 80 }
78 81  
79 82 /**
... ... @@ -81,18 +84,19 @@ class KTAPI_Session
81 84 *
82 85 * @return User
83 86 */
84   - function &get_user()
  87 + public function &get_user()
85 88 {
86 89 return $this->user;
87 90 }
88 91  
89   - function logout()
  92 + public function logout()
90 93 {
  94 + $_SESSION['userID'] = $this->origUserId;
91 95 $this->active=false;
92 96 // don't need to do anything really
93 97 }
94 98  
95   - function is_active()
  99 + public function is_active()
96 100 {
97 101 return $this->active;
98 102 }
... ... @@ -103,7 +107,7 @@ class KTAPI_UserSession extends KTAPI_Session
103 107 {
104 108 var $ip = null;
105 109  
106   - function KTAPI_UserSession(&$ktapi, &$user, $session, $sessionid, $ip)
  110 + public function KTAPI_UserSession(&$ktapi, &$user, $session, $sessionid, $ip)
107 111 {
108 112 parent::KTAPI_Session($ktapi, $user);
109 113  
... ... @@ -119,25 +123,9 @@ class KTAPI_UserSession extends KTAPI_Session
119 123 $this->active = true;
120 124 }
121 125  
122   - /**
123   - * This returns the session string
124   - *
125   - * @return string
126   - */
127   - function get_session()
128   - {
129   - return $this->session;
130   - }
131 126  
132   - /**
133   - * This returns the sessionid in the database.
134   - *
135   - * @return int
136   - */
137   - function get_sessionid()
138   - {
139   - return $this->sessionid;
140   - }
  127 +
  128 +
141 129  
142 130 /**
143 131 * This resolves the user's ip
... ... @@ -145,7 +133,7 @@ class KTAPI_UserSession extends KTAPI_Session
145 133 * @access private
146 134 * @return string
147 135 */
148   - function resolveIP()
  136 + public function resolveIP()
149 137 {
150 138 if (getenv("REMOTE_ADDR"))
151 139 {
... ... @@ -175,7 +163,7 @@ class KTAPI_UserSession extends KTAPI_Session
175 163 * @static
176 164 * @param User $user
177 165 */
178   - function _check_session(&$user)
  166 + private function _check_session(&$user)
179 167 {
180 168 $user_id = $user->getId();
181 169  
... ... @@ -230,7 +218,7 @@ class KTAPI_UserSession extends KTAPI_Session
230 218 * @param string $password
231 219 * @return KTAPI_Session
232 220 */
233   - function &start_session(&$ktapi, $username, $password, $ip=null)
  221 + public function &start_session(&$ktapi, $username, $password, $ip=null)
234 222 {
235 223 $this->active=false;
236 224 if ( empty($username) )
... ... @@ -284,7 +272,7 @@ class KTAPI_UserSession extends KTAPI_Session
284 272 * @param string $ip
285 273 * @return KTAPI_Session
286 274 */
287   - function &get_active_session(&$ktapi, $session, $ip)
  275 + public function &get_active_session(&$ktapi, $session, $ip)
288 276 {
289 277 $sql = "SELECT id, user_id FROM active_sessions WHERE session_id='$session'";
290 278 if (!empty($ip))
... ... @@ -325,7 +313,7 @@ class KTAPI_UserSession extends KTAPI_Session
325 313 * This closes the current session.
326 314 *
327 315 */
328   - function logout()
  316 + public function logout()
329 317 {
330 318 $sql = "DELETE FROM active_sessions WHERE id=$this->sessionid";
331 319 $result = DBUtil::runQuery($sql);
... ... @@ -344,7 +332,7 @@ class KTAPI_UserSession extends KTAPI_Session
344 332  
345 333 class KTAPI_AnonymousSession extends KTAPI_UserSession
346 334 {
347   - function &start_session(&$ktapi, $ip=null)
  335 + public function &start_session(&$ktapi, $ip=null)
348 336 {
349 337 $user =& User::get(-2);
350 338 if (is_null($user) || PEAR::isError($user) || ($user === false) || !$user->isAnonymous())
... ... @@ -382,7 +370,7 @@ class KTAPI_AnonymousSession extends KTAPI_UserSession
382 370  
383 371 class KTAPI_SystemSession extends KTAPI_Session
384 372 {
385   - function KTAPI_SystemSession(&$ktapi, &$user)
  373 + public function KTAPI_SystemSession(&$ktapi, &$user)
386 374 {
387 375 parent::KTAPI_Session($ktapi, $user);
388 376 $this->active=true;
... ...