Jump to content

Having problem with sessions

wadetandy

By wadetandy
in PHP Coding Help

Recommended Posts

wadetandy Newbie

wadetandy

Posted
Posted

So I am writing an application designed to manage employee hours and scheduling for an organization that does sound and lighting support for various events.  I have a loginaction.php page that is called by the login page.  Once a user is validated (this works just fine), they are redirected to the employee dashboard, which allows them to carry out actions in the system.  The problem is that I am trying to check that their session is valid and none of the session variables seem to be there like they should.  I am attaching the code for my sessions.php file, which is included at the top of each page.  The dashboard is calling the _checkSession() method in the user class after including the page.

 

<?php
include_once("config.php");
include_once("dbconnect.php");

session_start();

function session_defaults() {
    $_SESSION['logged'] = false;
    $_SESSION['uid'] = 0;
    $_SESSION['username'] = '';
    $_SESSION['cookie'] = 0;
    $_SESSION['remember'] = false;
}

class User {
    var $db = null; // PEAR::DB pointer
    var $failed = false; // failed login attempt
    var $date; // current date GMT
    var $type; //standard empoyee or admin
    var $id = 0; // the current user's id

    function User(&$db) {
        $this->db = $db;
        $this->date = date("c");
        if ($_SESSION['logged']) {
            $this->_checkSession();
        }
        elseif ( isset($_COOKIE['strikeForceLogin']) ) {
            $this->_checkRemembered($_COOKIE['strikeForceLogin']);
        }
    }

    function _checkLogin($username, $password, $remember) {
        $username = $this->db->quote($username);
        $password = $this->db->quote(md5($password));
        $sql = "SELECT user_id, email_address, cookie " .
                   "FROM SITE_USER " .
                   "WHERE email_address = $username AND password = $password ";
        $result = $this->db->query($sql);
        if (!DB::isError($result) && is_object($result)) {
            $this->_setSession($result->fetchRow(DB_FETCHMODE_ASSOC), $remember);
            return true;
        } else {
            $this->failed = true;
            $this->_logout();
            return false;
        }
    }

    function _setSession(&$values, $remember, $init = true) {
        $this->id = $values['user_id'];
        $_SESSION['uid'] = $this->id;
        $_SESSION['username'] = htmlspecialchars($values['email_address']);
        $_SESSION['cookie'] = $values['cookie'];
        $_SESSION['logged'] = true;
        if ($remember) {
            $this->updateCookie($values['cookie'], true);
        }
        if ($init) {
            $session = $this->db->quote(session_id());
            //set_cookie('sf_session_id', $session);
            $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);

            $sql = "UPDATE SITE_USER SET session = $session, ip = $ip WHERE " .
                "user_id = $this->id";
            $this->db->query($sql);
        }
    }

    function updateCookie($cookie, $save) {
        $_SESSION['cookie'] = $cookie;
        if ($save) {
            $cookie = serialize(array($_SESSION['username'], $cookie) );
            set_cookie('strikeForceLogin', $cookie, time() + 31104000, '/directory/');
        }
    }

    function _checkRemembered($cookie) {
        list($username, $cookie) = @unserialize($cookie);
        if (!$username or !$cookie) return;
        $username = $this->db->quote($username);
        $cookie = $this->db->quote($cookie);
        $sql = "SELECT * FROM SITE_USER " .
                   "WHERE (email_address = $username) AND (cookie = $cookie)";
        $result = $this->db->query($sql);
        if (!DB::isError($result) && is_object($result)) {
            $this->_setSession($result->fetchRow(), true);
        }
    }

    function _checkSession($admin = false) {
        $username = $this->db->quote($_SESSION['username']);
        $cookie = $this->db->quote($_SESSION['cookie']);
        $session = $this->db->quote(session_id());
        $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
        $sql = "SELECT * FROM SITE_USER WHERE " .
            "(email_address = $username) AND  " .
            "(session = $session) AND (ip = $ip) ";
        $result = $this->db->query($sql);
        //print_r($result);
        if (!DB::isError($result) && is_object($result) ) {
            $row = $result->fetchRow(DB_FETCHMODE_ASSOC);
            echo($row['email_address']);
            if ( $row['email_address'] == $username ) {
                echo("session good");
                $this->_setSession($row, false, false);
                return true;
            } else {
                echo("session bad");
                $this->_logout();
                return false;
            }
        }
    }

    function _isAdmin() {
        if($this->type == null)
        {
            $sql = "SELECT is_admin FROM SITE_USER WHERE " .
                        "(user_id = $username)";
            $result = $this->db->query($sql);
            if (!DB::isError($result) && is_object($result))  {
                
                $this->type = $result->is_admin;
                return $this->type;
            } else {
                echo("There was a database error:  could not find specified user.");
                return $this->type;
            }
        }
        else
        {
            return $this->type;
        }
    }

    function _logout(){
        $this->id = 0;
        session_destroy();
    }
}

$user = new User($dbconn);

?>

Link to comment
https://forums.phpfreaks.com/topic/155202-having-problem-with-sessions/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.