Changeset 154 for trunk/lib/Auth_SQL.inc.php
- Timestamp:
- Jun 8, 2006 5:36:10 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r149 r154 100 100 $app =& App::getInstance(); 101 101 102 $this->_ns = '_auth_' .$namespace;102 $this->_ns = $namespace; 103 103 104 104 // Initialize default parameters. … … 264 264 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->get('user_id') . "' 265 265 "); 266 $_SESSION[ $this->_ns] = array('authenticated' => false);266 $_SESSION['_auth_sql'][$this->_ns] = array('authenticated' => false); 267 267 } 268 268 … … 276 276 function set($key, $val) 277 277 { 278 if (!isset($_SESSION[ $this->_ns]['user_data'])) {279 $_SESSION[ $this->_ns]['user_data'] = array();280 } 281 $_SESSION[ $this->_ns]['user_data'][$key] = $val;278 if (!isset($_SESSION['_auth_sql'][$this->_ns]['user_data'])) { 279 $_SESSION['_auth_sql'][$this->_ns]['user_data'] = array(); 280 } 281 $_SESSION['_auth_sql'][$this->_ns]['user_data'][$key] = $val; 282 282 } 283 283 … … 292 292 function get($key, $default='') 293 293 { 294 if (isset($_SESSION[ $this->_ns][$key])) {295 return $_SESSION[ $this->_ns][$key];296 } else if (isset($_SESSION[ $this->_ns]['user_data'][$key])) {297 return $_SESSION[ $this->_ns]['user_data'][$key];294 if (isset($_SESSION['_auth_sql'][$this->_ns][$key])) { 295 return $_SESSION['_auth_sql'][$this->_ns][$key]; 296 } else if (isset($_SESSION['_auth_sql'][$this->_ns]['user_data'][$key])) { 297 return $_SESSION['_auth_sql'][$this->_ns]['user_data'][$key]; 298 298 } else { 299 299 return $default; … … 373 373 374 374 // Register authenticated session. 375 $_SESSION[ $this->_ns] = array(375 $_SESSION['_auth_sql'][$this->_ns] = array( 376 376 'authenticated' => true, 377 377 'user_id' => $user_data['user_id'], … … 497 497 498 498 // User login test need only be run once per script execution. We cache the result in the session. 499 if ($this->_authentication_tested && isset($_SESSION[ $this->_ns]['authenticated'])) {500 return $_SESSION[ $this->_ns]['authenticated'];499 if ($this->_authentication_tested && isset($_SESSION['_auth_sql'][$this->_ns]['authenticated'])) { 500 return $_SESSION['_auth_sql'][$this->_ns]['authenticated']; 501 501 } 502 502 … … 521 521 522 522 // Test login with information stored in session. Skip IP matching for users from trusted networks. 523 if (isset($_SESSION[ $this->_ns])524 && true === $_SESSION[ $this->_ns]['authenticated']525 && !empty($_SESSION[ $this->_ns]['username'])526 && strtotime($_SESSION[ $this->_ns]['login_datetime']) > time() - $this->_params['login_timeout']527 && strtotime($_SESSION[ $this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout']528 && ($_SESSION[ $this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network)523 if (isset($_SESSION['_auth_sql'][$this->_ns]) 524 && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated'] 525 && !empty($_SESSION['_auth_sql'][$this->_ns]['username']) 526 && strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout'] 527 && strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout'] 528 && ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network) 529 529 ) { 530 530 // User is authenticated! 531 $_SESSION[ $this->_ns]['last_access_datetime'] = date('Y-m-d H:i:s');531 $_SESSION['_auth_sql'][$this->_ns]['last_access_datetime'] = date('Y-m-d H:i:s'); 532 532 533 533 // Update the DB with the last_access_datetime and increment the seconds_online. … … 544 544 $app->logMsg(sprintf('User update failed. Record not found for user %s (%s).', $this->get('user_id'), $this->get('username')), LOG_NOTICE, __FILE__, __LINE__); 545 545 } 546 } else if (isset($_SESSION[ $this->_ns]) && true === $_SESSION[$this->_ns]['authenticated']) {546 } else if (isset($_SESSION['_auth_sql'][$this->_ns]) && true === $_SESSION['_auth_sql'][$this->_ns]['authenticated']) { 547 547 // User is authenticated, but login has expired. 548 if (strtotime($_SESSION[ $this->_ns]['last_access_datetime']) > time() - 43200) {548 if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) > time() - 43200) { 549 549 // Only raise message if last session is less than 12 hours old. 550 550 $app->raiseMsg(_("Your session has expired. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__); … … 553 553 // Log the reason for login expiration. 554 554 $expire_reasons = array(); 555 if (empty($_SESSION[ $this->_ns]['username'])) {555 if (empty($_SESSION['_auth_sql'][$this->_ns]['username'])) { 556 556 $expire_reasons[] = 'username not found'; 557 557 } 558 if (strtotime($_SESSION[ $this->_ns]['login_datetime']) <= time() - $this->_params['login_timeout']) {558 if (strtotime($_SESSION['_auth_sql'][$this->_ns]['login_datetime']) <= time() - $this->_params['login_timeout']) { 559 559 $expire_reasons[] = 'login_timeout expired'; 560 560 } 561 if (strtotime($_SESSION[ $this->_ns]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) {561 if (strtotime($_SESSION['_auth_sql'][$this->_ns]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) { 562 562 $expire_reasons[] = 'idle_timeout expired'; 563 563 } 564 if ($_SESSION[ $this->_ns]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) {565 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION[ $this->_ns]['remote_ip'], getRemoteAddr());564 if ($_SESSION['_auth_sql'][$this->_ns]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) { 565 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_sql'][$this->_ns]['remote_ip'], getRemoteAddr()); 566 566 } 567 567 $app->logMsg(sprintf('User %s (%s) session expired: %s', $this->get('user_id'), $this->get('username'), join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);
Note: See TracChangeset
for help on using the changeset viewer.