gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-09 06:39:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- use new class LetoDMS_Session instead of accessing the database directly

Browse Source
This commit is contained in:
steinm 2011-01-11 09:08:04 +00:00
parent e00419b1cc
commit c3030165ae
2 changed files with 266 additions and 288 deletions

53
op/op.Login.php
View File

@ -21,6 +21,7 @@ include("../inc/inc.Settings.php");
include("../inc/inc.Utils.php"); include("../inc/inc.Utils.php");
include("../inc/inc.Language.php"); include("../inc/inc.Language.php");
include("../inc/inc.ClassDMS.php"); include("../inc/inc.ClassDMS.php");
include("../inc/inc.ClassSession.php");
include("../inc/inc.DBAccess.php"); include("../inc/inc.DBAccess.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
@ -169,26 +170,17 @@ if (is_bool($user)) {
// authentication system. // authentication system.
// //
//Retrieve user information from the database. // Try to find user with given login.
$queryStr = "SELECT * FROM tblUsers WHERE login = '".$login."'"; $user = $dms->getUserByLogin($login);
$resArr = $db->getResultArray($queryStr); if (!$user) {
if (is_bool($resArr) && $resArr == false) {
_printMessage(getMLText("login_error_title"), "<p>".getMLText("internal_error")." - database: " . $db->getErrorMsg().
"</p>\n<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n");
exit;
}
if (count($resArr) == 0) {
_printMessage(getMLText("login_error_title"), "<p>".getMLText("login_error_text")."</p>\n". _printMessage(getMLText("login_error_title"), "<p>".getMLText("login_error_text")."</p>\n".
"<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n"); "<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n");
exit; exit;
} }
$resArr = $resArr[0]; $userid = $user->getID();
$userid = $resArr["id"];
$user = $dms->getUser($userid);
if (($resArr["id"] == $settings->_guestID) && (!$settings->_enableGuestLogin)) { if (($userid == $settings->_guestID) && (!$settings->_enableGuestLogin)) {
_printMessage(getMLText("login_error_title"), "<p>".getMLText("guest_login_disabled"). _printMessage(getMLText("login_error_title"), "<p>".getMLText("guest_login_disabled").
"</p>\n<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n"); "</p>\n<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n");
exit; exit;
@ -197,7 +189,7 @@ if (is_bool($user)) {
//Vergleichen des Passwortes (falls kein guest-login) //Vergleichen des Passwortes (falls kein guest-login)
// Assume that the password has been sent via HTTP POST. It would be careless // Assume that the password has been sent via HTTP POST. It would be careless
// (and dangerous) for passwords to be sent via GET. // (and dangerous) for passwords to be sent via GET.
if (($resArr["id"] != $settings->_guestID) && (md5($pwd) != $resArr["pwd"])) { if (($userid != $settings->_guestID) && (md5($pwd) != $user->getPwd())) {
_printMessage(getMLText("login_error_title"), "<p>".getMLText("login_error_text"). _printMessage(getMLText("login_error_title"), "<p>".getMLText("login_error_text").
"</p>\n<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n"); "</p>\n<p><a href='".$settings->_httpRoot."op/op.Logout.php'>".getMLText("back")."</a></p>\n");
exit; exit;
@ -213,20 +205,6 @@ if (is_bool($user)) {
} }
// Löschen von Sitzungen, die älter als 24h sind
// Delete any sessions that are more than 24 hours old. Probably not the most
// reliable place to put this check -- move to inc.Authentication.php?
$queryStr = "DELETE FROM tblSessions WHERE " . mktime() . " - lastAccess > 86400";
if (!$db->getResult($queryStr)) {
_printMessage(getMLText("login_error_title"), "<p>".getMLText("error_occured").": ".$db->getErrorMsg()."</p>");
exit;
}
//Erstellen einer Sitzungs-ID
$id = "" . rand() . mktime() . rand() . "";
$id = md5($id);
// Capture the user's language and theme settings. // Capture the user's language and theme settings.
if (isset($_POST["lang"]) && strlen($_POST["lang"])>0 && is_numeric(array_search($_POST["lang"],getLanguages())) ) { if (isset($_POST["lang"]) && strlen($_POST["lang"])>0 && is_numeric(array_search($_POST["lang"],getLanguages())) ) {
$lang = sanitizeString($_POST["lang"]); $lang = sanitizeString($_POST["lang"]);
@ -259,14 +237,21 @@ else {
} }
} }
//Einfügen eines neuen Datensatzes in tblSessions $session = new LetoDMS_Session($db);
$queryStr = "INSERT INTO tblSessions (id, userID, lastAccess, theme, language) ".
"VALUES ('".$id."', ".$userid.", ".mktime().", '".$sesstheme."', '".$lang."')"; // Delete all sessions that are more than 24 hours old. Probably not the most
if (!$db->getResult($queryStr)) { // reliable place to put this check -- move to inc.Authentication.php?
if(!$session->deleteByTime(86400)) {
_printMessage(getMLText("login_error_title"), "<p>".getMLText("error_occured").": ".$db->getErrorMsg()."</p>"); _printMessage(getMLText("login_error_title"), "<p>".getMLText("error_occured").": ".$db->getErrorMsg()."</p>");
exit; exit;
} }
//Setzen des Sitzungs-Cookies
// Create new session in database
if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
_printMessage(getMLText("login_error_title"), "<p>".getMLText("error_occured").": ".$db->getErrorMsg()."</p>");
exit;
}
// Set the session cookie. // Set the session cookie.
setcookie("mydms_session", $id, 0, $settings->_httpRoot); setcookie("mydms_session", $id, 0, $settings->_httpRoot);

21
op/op.Logout.php
View File

@ -2,6 +2,7 @@
// MyDMS. Document Management System // MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal // Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2006-2008 Malcolm Cowe
// Copyright (C) 2010 Uwe Steinmann
// //
// This program is free software; you can redistribute it and/or modify // This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by // it under the terms of the GNU General Public License as published by
@ -20,29 +21,21 @@
include("../inc/inc.Settings.php"); include("../inc/inc.Settings.php");
include("../inc/inc.Utils.php"); include("../inc/inc.Utils.php");
include("../inc/inc.ClassDMS.php"); include("../inc/inc.ClassDMS.php");
include("../inc/inc.ClassSession.php");
include("../inc/inc.DBAccess.php"); include("../inc/inc.DBAccess.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
//Code when running PHP as Module ----------------------------------------------------------------- // Delete session from database
/*
setcookie("mydms_logged_out", "true", 0, $settings->_httpRoot);
header("Location: ../out/out.ViewFolder.php");
print "Logout successful";
*/
//Code when running PHP in CGI-Mode ---------------------------------------------------------------
//Delete from tblSessions
$dms_session = $_COOKIE["mydms_session"]; $dms_session = $_COOKIE["mydms_session"];
$dms_session = sanitizeString($dms_session); $dms_session = sanitizeString($dms_session);
$queryStr = "DELETE FROM tblSessions WHERE id = '$dms_session'"; $session = new LetoDMS_Session($db);
if (!$db->getResult($queryStr)) if(!$session->delete($dms_session)) {
UI::exitError(getMLText("logout"),$db->getErrorMsg()); UI::exitError(getMLText("logout"),$db->getErrorMsg());
}
//Delete Cookie // Delete Cookie
setcookie("mydms_session", $_COOKIE["mydms_session"], time()-3600, $settings->_httpRoot); setcookie("mydms_session", $_COOKIE["mydms_session"], time()-3600, $settings->_httpRoot);
//Forward to Login-page //Forward to Login-page