Peter M. Groen / knowledgetree

Commit f361a91b1d99b6f27ba87fa925ae4b8c5d9a4873

Authored by Conrad Vermeulen
1 parent db032c2c

WSA-54 

"Session should restore userID to previous value otherwise it state will be lost"
Fixed.

Committed By: Conrad Vermeulen
Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7651 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 33 additions and 45 deletions
ktapi/KTAPISession.inc.php
  View file @f361a91
1 <?php 1 <?php
  2 +
2 /** 3 /**
3 * $Id$ 4 * $Id$
4 * 5 *
5 * KnowledgeTree Open Source Edition 6 * KnowledgeTree Open Source Edition
6 * Document Management Made Simple 7 * Document Management Made Simple
7 * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited 8 * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
8 - * 9 + *
9 * This program is free software; you can redistribute it and/or modify it under 10 * This program is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU General Public License version 3 as published by the 11 * the terms of the GNU General Public License version 3 as published by the
11 * Free Software Foundation. 12 * Free Software Foundation.
12 - * 13 + *
13 * This program is distributed in the hope that it will be useful, but WITHOUT 14 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 16 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
16 * details. 17 * details.
17 - * 18 + *
18 * You should have received a copy of the GNU General Public License 19 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>. 20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 - * 21 + *
21 * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place, 22 * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
22 * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com. 23 * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
23 - * 24 + *
24 * The interactive user interfaces in modified source and object code versions 25 * The interactive user interfaces in modified source and object code versions
25 * of this program must display Appropriate Legal Notices, as required under 26 * of this program must display Appropriate Legal Notices, as required under
26 * Section 5 of the GNU General Public License version 3. 27 * Section 5 of the GNU General Public License version 3.
27 - * 28 + *
28 * In accordance with Section 7(b) of the GNU General Public License version 3, 29 * In accordance with Section 7(b) of the GNU General Public License version 3,
29 * these Appropriate Legal Notices must retain the display of the "Powered by 30 * these Appropriate Legal Notices must retain the display of the "Powered by
30 - * KnowledgeTree" logo and retain the original copyright notice. If the display of the 31 + * KnowledgeTree" logo and retain the original copyright notice. If the display of the
31 * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices 32 * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
32 - * must display the words "Powered by KnowledgeTree" and retain the original  
33 - * copyright notice. 33 + * must display the words "Powered by KnowledgeTree" and retain the original
  34 + * copyright notice.
34 * Contributor( s): ______________________________________ 35 * Contributor( s): ______________________________________
35 * 36 *
36 */ 37 */
37 38
38 -class KTAPI_Session 39 +abstract class KTAPI_Session
39 { 40 {
40 var $ktapi; 41 var $ktapi;
41 var $user = null; 42 var $user = null;
42 var $session = ''; 43 var $session = '';
43 var $sessionid = -1; 44 var $sessionid = -1;
44 var $active; 45 var $active;
  46 + var $origUserId;
45 47
46 - function KTAPI_Session(&$ktapi, &$user) 48 + public function KTAPI_Session(&$ktapi, &$user)
47 { 49 {
48 assert(!is_null($ktapi)); 50 assert(!is_null($ktapi));
49 assert(is_a($ktapi,'KTAPI')); 51 assert(is_a($ktapi,'KTAPI'));
@@ -52,6 +54,7 @@ class KTAPI_Session @@ -52,6 +54,7 @@ class KTAPI_Session
52 54
53 $this->ktapi=&$ktapi; 55 $this->ktapi=&$ktapi;
54 $this->user=&$user; 56 $this->user=&$user;
  57 + $this->origUserId = $_SESSION['userID'];
55 $_SESSION['userID']=$user->getId(); 58 $_SESSION['userID']=$user->getId();
56 $this->active = false; 59 $this->active = false;
57 } 60 }
@@ -61,19 +64,19 @@ class KTAPI_Session @@ -61,19 +64,19 @@ class KTAPI_Session
61 * 64 *
62 * @return string 65 * @return string
63 */ 66 */
64 - function get_session() 67 + public function get_session()
65 { 68 {
66 - die('get_session() should be overloaded!'); 69 + return $this->session;
67 } 70 }
68 71
69 /** 72 /**
70 - * Return the session id 73 + * This returns the sessionid in the database.
71 * 74 *
72 * @return int 75 * @return int
73 */ 76 */
74 - function get_sessionid() 77 + public function get_sessionid()
75 { 78 {
76 - die('get_sessionid() should be overloaded!'); 79 + return $this->sessionid;
77 } 80 }
78 81
79 /** 82 /**
@@ -81,18 +84,19 @@ class KTAPI_Session @@ -81,18 +84,19 @@ class KTAPI_Session
81 * 84 *
82 * @return User 85 * @return User
83 */ 86 */
84 - function &get_user() 87 + public function &get_user()
85 { 88 {
86 return $this->user; 89 return $this->user;
87 } 90 }
88 91
89 - function logout() 92 + public function logout()
90 { 93 {
  94 + $_SESSION['userID'] = $this->origUserId;
91 $this->active=false; 95 $this->active=false;
92 // don't need to do anything really 96 // don't need to do anything really
93 } 97 }
94 98
95 - function is_active() 99 + public function is_active()
96 { 100 {
97 return $this->active; 101 return $this->active;
98 } 102 }
@@ -103,7 +107,7 @@ class KTAPI_UserSession extends KTAPI_Session @@ -103,7 +107,7 @@ class KTAPI_UserSession extends KTAPI_Session
103 { 107 {
104 var $ip = null; 108 var $ip = null;
105 109
106 - function KTAPI_UserSession(&$ktapi, &$user, $session, $sessionid, $ip) 110 + public function KTAPI_UserSession(&$ktapi, &$user, $session, $sessionid, $ip)
107 { 111 {
108 parent::KTAPI_Session($ktapi, $user); 112 parent::KTAPI_Session($ktapi, $user);
109 113
@@ -119,25 +123,9 @@ class KTAPI_UserSession extends KTAPI_Session @@ -119,25 +123,9 @@ class KTAPI_UserSession extends KTAPI_Session
119 $this->active = true; 123 $this->active = true;
120 } 124 }
121 125
122 - /**  
123 - * This returns the session string  
124 - *  
125 - * @return string  
126 - */  
127 - function get_session()  
128 - {  
129 - return $this->session;  
130 - }  
131 126
132 - /**  
133 - * This returns the sessionid in the database.  
134 - *  
135 - * @return int  
136 - */  
137 - function get_sessionid()  
138 - {  
139 - return $this->sessionid;  
140 - } 127 +
  128 +
141 129
142 /** 130 /**
143 * This resolves the user's ip 131 * This resolves the user's ip
@@ -145,7 +133,7 @@ class KTAPI_UserSession extends KTAPI_Session @@ -145,7 +133,7 @@ class KTAPI_UserSession extends KTAPI_Session
145 * @access private 133 * @access private
146 * @return string 134 * @return string
147 */ 135 */
148 - function resolveIP() 136 + public function resolveIP()
149 { 137 {
150 if (getenv("REMOTE_ADDR")) 138 if (getenv("REMOTE_ADDR"))
151 { 139 {
@@ -175,7 +163,7 @@ class KTAPI_UserSession extends KTAPI_Session @@ -175,7 +163,7 @@ class KTAPI_UserSession extends KTAPI_Session
175 * @static 163 * @static
176 * @param User $user 164 * @param User $user
177 */ 165 */
178 - function _check_session(&$user) 166 + private function _check_session(&$user)
179 { 167 {
180 $user_id = $user->getId(); 168 $user_id = $user->getId();
181 169
@@ -230,7 +218,7 @@ class KTAPI_UserSession extends KTAPI_Session @@ -230,7 +218,7 @@ class KTAPI_UserSession extends KTAPI_Session
230 * @param string $password 218 * @param string $password
231 * @return KTAPI_Session 219 * @return KTAPI_Session
232 */ 220 */
233 - function &start_session(&$ktapi, $username, $password, $ip=null) 221 + public function &start_session(&$ktapi, $username, $password, $ip=null)
234 { 222 {
235 $this->active=false; 223 $this->active=false;
236 if ( empty($username) ) 224 if ( empty($username) )
@@ -284,7 +272,7 @@ class KTAPI_UserSession extends KTAPI_Session @@ -284,7 +272,7 @@ class KTAPI_UserSession extends KTAPI_Session
284 * @param string $ip 272 * @param string $ip
285 * @return KTAPI_Session 273 * @return KTAPI_Session
286 */ 274 */
287 - function &get_active_session(&$ktapi, $session, $ip) 275 + public function &get_active_session(&$ktapi, $session, $ip)
288 { 276 {
289 $sql = "SELECT id, user_id FROM active_sessions WHERE session_id='$session'"; 277 $sql = "SELECT id, user_id FROM active_sessions WHERE session_id='$session'";
290 if (!empty($ip)) 278 if (!empty($ip))
@@ -325,7 +313,7 @@ class KTAPI_UserSession extends KTAPI_Session @@ -325,7 +313,7 @@ class KTAPI_UserSession extends KTAPI_Session
325 * This closes the current session. 313 * This closes the current session.
326 * 314 *
327 */ 315 */
328 - function logout() 316 + public function logout()
329 { 317 {
330 $sql = "DELETE FROM active_sessions WHERE id=$this->sessionid"; 318 $sql = "DELETE FROM active_sessions WHERE id=$this->sessionid";
331 $result = DBUtil::runQuery($sql); 319 $result = DBUtil::runQuery($sql);
@@ -344,7 +332,7 @@ class KTAPI_UserSession extends KTAPI_Session @@ -344,7 +332,7 @@ class KTAPI_UserSession extends KTAPI_Session
344 332
345 class KTAPI_AnonymousSession extends KTAPI_UserSession 333 class KTAPI_AnonymousSession extends KTAPI_UserSession
346 { 334 {
347 - function &start_session(&$ktapi, $ip=null) 335 + public function &start_session(&$ktapi, $ip=null)
348 { 336 {
349 $user =& User::get(-2); 337 $user =& User::get(-2);
350 if (is_null($user) || PEAR::isError($user) || ($user === false) || !$user->isAnonymous()) 338 if (is_null($user) || PEAR::isError($user) || ($user === false) || !$user->isAnonymous())
@@ -382,7 +370,7 @@ class KTAPI_AnonymousSession extends KTAPI_UserSession @@ -382,7 +370,7 @@ class KTAPI_AnonymousSession extends KTAPI_UserSession
382 370
383 class KTAPI_SystemSession extends KTAPI_Session 371 class KTAPI_SystemSession extends KTAPI_Session
384 { 372 {
385 - function KTAPI_SystemSession(&$ktapi, &$user) 373 + public function KTAPI_SystemSession(&$ktapi, &$user)
386 { 374 {
387 parent::KTAPI_Session($ktapi, $user); 375 parent::KTAPI_Session($ktapi, $user);
388 $this->active=true; 376 $this->active=true;