Jump to content

Destroying Session Help


Gainax

Recommended Posts

Hi

 

I'm writing a script and when a user logs out and a new user signs up, the new user sees the details of the previous user.

 

The code is as follows:

 

Code in the contollers

 

<?php
//$this_file_name = 'authentication.php';
//start_trace($file_name);

//check config exists. If we come in from a cron job, the config file will be 2 dirs nack
// and already included
if(file_exists("../config.php"))
{
include_once("../config.php");
}
require_once(ROOT_DIRECTORY . 'models/authentications.php');

class Authentication_Controller extends Authentications_Model
{
function Authentication_Controller()
{
	$fct_name = 'Authentication';
	function_start($fct_name);

	global $authentication;

	$this->session_id = session_id();

	$session_row = $this->get_session();
	if($session_row)
	{
		debug("there is a session, lets get the user information and put it into a global array");
		require_once(ROOT_DIRECTORY . 'models/users.php');
		$user_object = new Users_Model;
		$user_object->id = $session_row['user_id'];
		$user_details = $user_object->get_details();

		debug("got user details:");
		debug_row($user_details);


		$authentication = array();
		foreach($user_details as $one_user_details_col=>$one_user_value)
		{
			$authentication[$one_user_details_col] = $one_user_value;
		}

		debug("we now have the user row in the global array. Now update the session row so that it has the new expiry time");
		$this->update_session_time();
	}
	else
	{
		$authentication = false;
	}

	function_end($fct_name);
}
function Perform_Login($user_name = '', $password = '')
{
	$fct_name = 'Perform_Login';
	function_start($fct_name);

	$attempt = $this->insert_login($user_name, $password);

	if($attempt)
	{
		debug("login was successfull. Run the Authentication function to populate global");
	}
	else
	{
		debug("the login failed. Throw an exception");
		throw new exception('FAILED AUTHENTICATION');
	}

	function_end($fct_name);
}
function Log_User_Out()
{
	$fct_name = 'Log_User_Out';
	function_start($fct_name);

	$this->expire_login();

	function_end($fct_name);
	return true;
}



}
?>

 

 

Code in the models

 

<?php
class Authentications_Model
{
function Authentications_Model()
{
	$this->session_id = session_id();
}
function get_session()
{
	$fct_name = 'get_session';
	function_start($fct_name);

	$time = time();

	global $db;

	$ins_session_id = $db->quote_null_or_var($this->session_id);
	$ins_expiry_time= $db->quote_null_or_var($time);

	$sql = " SELECT * FROM sessions ".
	       " WHERE session_id = $ins_session_id ".
	       " AND expires > $ins_expiry_time ";


	$result = $db->db_query($sql);
	$rows = $db->db_num_rows($result);
	$rows?$row=$db->db_fetch($result):$row=false;


	if(!$row)
	{
		debug("there is no session for this user. They are not logged in, returning false");
	}
	else
	{
		debug("The user is logged in. The row is:");
		debug_row($row);
	}
	function_end($fct_name);
	return $row;
}
function update_session_time()
{
	$fct_name = 'update_session_time';
	function_start($fct_name);

	$expiry_time = time() + MAX_LOGIN_TIME;

	global $db;
	$res = $db->update_row( 'sessions',
							array('expires'=> $expiry_time),
			     			array('session_id' => $this->session_id)
				 	      );

	function_end($fct_name);
	return $res;
}
function insert_login($user_name, $password)
{
	$fct_name = 'insert_login';
	function_start($fct_name);
	global $db;

	$encrypted_password = encrypt_password($password);

	$ins_user_name = $db->quote_null_or_var($user_name);
	$ins_encrypted_password = $db->quote_null_or_var($encrypted_password);

	$sql =  " SELECT * FROM users " .
			" WHERE UPPER(user_name) = UPPER($ins_user_name) ".
			" AND password = $ins_encrypted_password ".
			" AND coach = '1' ";

	$res = $db->db_query($sql);
	$user_row = $db->db_fetch($res);

	if($user_row)
	{
		global $authentication;
		$authentication = $user_row;

		debug("correct username and password so now insert a session");

		$expires = time() + MAX_LOGIN_TIME;

		$insert = $db->insert_row( 'sessions',
						     	   array('session_id' => $this->session_id,
						     	   'user_id' => $user_row['id'],
						     	   'expires' => $expires,
						     	   'ip_address' => $_SERVER["REMOTE_ADDR"]
						     	  )
							);
		function_end($fct_name);
		return true;
	}
	else
	{
		function_end($fct_name);
		return false;
	}
}
function expire_login()
{

	$fct_name = 'expire_login';
	function_start($fct_name);
	global $db;
	global $authentication;


	session_destroy();
	setcookie ("PHPSESSID", "", time()-60000);

	$expires = time() - 60;
	debug("set the logout time to be an hour ago [$expires]");

	$insert = $db->delete(    'sessions',
							   array('user_id' => $authentication['id'])
						);

	$authentication = false;
	function_end($fct_name);
}
}
?>

 

All help appreciated

Link to comment
https://forums.phpfreaks.com/topic/100460-destroying-session-help/
Share on other sites

  • 3 months later...

Don't know if you still need this but heres a logout code that will destroy all session variables.

 

<?php require_once("functions.php"); ?>

<?php

// Four steps to closing a session

// (i.e. logging out)

 

// 1. Find the session

session_start();

 

// 2. Unset all the session variables

$_SESSION = array();

 

// 3. Destroy the session cookie

if(isset($_COOKIE[session_name()])) {

setcookie(session_name(), '', time()-42000, '/');

}

 

// 4. Destroy the session

session_destroy();

 

redirect_to("index.php?logout=1");

?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.