summaryrefslogtreecommitdiffstats
path: root/inc
diff options
context:
space:
mode:
authorSimon Rettberg2015-03-03 19:01:30 +0100
committerSimon Rettberg2015-03-03 19:01:30 +0100
commitc90c7bfb5d72d327e6fe8fb3a85d852ec1ee94a4 (patch)
tree3d6ed553f0308dbd315b6e43785b55e429ec037b /inc
parentSecond Commit (diff)
downloadbwlp-webadmin-c90c7bfb5d72d327e6fe8fb3a85d852ec1ee94a4.tar.gz
bwlp-webadmin-c90c7bfb5d72d327e6fe8fb3a85d852ec1ee94a4.tar.xz
bwlp-webadmin-c90c7bfb5d72d327e6fe8fb3a85d852ec1ee94a4.zip
Third Commit
Diffstat (limited to 'inc')
-rw-r--r--inc/image.inc.php14
-rw-r--r--inc/session.inc.php62
-rw-r--r--inc/user.inc.php38
-rw-r--r--inc/util.inc.php4
4 files changed, 96 insertions, 22 deletions
diff --git a/inc/image.inc.php b/inc/image.inc.php
new file mode 100644
index 0000000..2c0ec74
--- /dev/null
+++ b/inc/image.inc.php
@@ -0,0 +1,14 @@
+<?php
+
+class Image
+{
+
+ public static function deleteOwnedBy($userid)
+ {
+ if ($userid === false || !is_numeric($userid))
+ return false;
+ return Database::exec('DELETE FROM image WHERE ownerid = :userid', array('userid' => $userid));
+ }
+
+}
+
diff --git a/inc/session.inc.php b/inc/session.inc.php
index b9adfcb..6718006 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -4,8 +4,8 @@
class Session
{
private static $sid = false;
- private static $uid = false;
private static $data = false;
+ private static $needUpdate = true;
private static function generateSessionId()
{
@@ -26,7 +26,6 @@ class Session
public static function create()
{
self::generateSessionId();
- self::$uid = 0;
self::$data = array();
}
@@ -38,20 +37,19 @@ class Session
if (self::readSessionData()) return true;
// Loading session data failed
self::delete();
+ return false;
}
public static function getUid()
{
- return self::$uid;
+ return self::get('uid');
}
public static function setUid($value)
{
- if (self::$uid === false)
- Util::traceError('Tried to set session data with no active session');
if (!is_numeric($value) || $value < 1)
Util::traceError('Invalid user id: ' . $value);
- self::$uid = $value;
+ self::set('uid', (int)$value);
}
public static function get($key)
@@ -61,6 +59,16 @@ class Session
return false;
}
+ public static function set($key, $value)
+ {
+ if (!is_array(self::$data))
+ Util::traceError('Tried to set session data with no active session');
+ if (isset(self::$data[$key]) && self::$data[$key] === $value)
+ return;
+ self::$data[$key] = $value;
+ self::$needUpdate = true;
+ }
+
private static function loadSessionId()
{
if (self::$sid !== false)
@@ -73,27 +81,49 @@ class Session
self::$sid = $id;
return true;
}
-
+
public static function delete()
{
if (self::$sid === false) return;
Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid));
@setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
self::$sid = false;
- self::$uid = false;
+ self::$data = false;
}
-
+
public static function save()
{
- if (self::$sid === false || self::$uid === false || self::$uid === 0)
+ if (self::$sid === false || self::$data === false || !self::$needUpdate)
return;
- $ret = Database::exec('INSERT INTO websession (sid, userid, dateline) '
- . ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) '
- . ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)',
- array('sid' => self::$sid, 'uid' => self::$uid));
- if (!$ret) Util::traceError('Storing session data in dahdähbank failed.');
+ $data = json_encode(self::$data);
+ $ret = Database::exec('INSERT INTO websession (sid, dateline, data) '
+ . ' VALUES (:sid, UNIX_TIMESTAMP(), :data) '
+ . ' ON DUPLICATE KEY UPDATE dateline = VALUES(dateline), data = VALUES(data)',
+ array('sid' => self::$sid, 'data' => $data));
+ if ($ret === false)
+ Util::traceError('Storing session data in Dahdähbank failed.');
$ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
- if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
+ if ($ret === false)
+ Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
}
+
+ public static function readSessionData()
+ {
+ if (self::$sid === false || self::$data !== false)
+ Util::traceError('Tried to readSessionData on an active session!');
+ $data = Database::queryFirst('SELECT dateline, data FROM websession WHERE sid = :sid LIMIT 1', array('sid' => self::$sid));
+ if ($data === false)
+ return false;
+ if ($data['dateline'] + CONFIG_SESSION_TIMEOUT < time()) {
+ self::delete();
+ return false;
+ }
+ self::$needUpdate = ($data['dateline'] + 3600 < time());
+ self::$data = @json_decode($data['data'], true);
+ if (!is_array(self::$data))
+ self::$data = array();
+ return true;
+ }
+
}
diff --git a/inc/user.inc.php b/inc/user.inc.php
index f023ae7..496857e 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -7,6 +7,7 @@ class User
private static $organization = NULL;
private static $isShib = false;
private static $isInDb = false;
+ private static $isAnonymous = false;
public static function isLoggedIn()
{
@@ -28,11 +29,23 @@ class User
return self::$user !== false && self::$isShib === false;
}
+ public static function isAnonymous()
+ {
+ return self::$isAnonymous;
+ }
+
public static function getData()
{
return self::$user;
}
+ public static function getId()
+ {
+ if (!isset(self::$user['userid']))
+ return false;
+ return (int)self::$user['userid'];
+ }
+
public static function getName()
{
if (!self::isLoggedIn())
@@ -97,7 +110,7 @@ class User
{
if (self::isLoggedIn())
return true;
- Session::load();
+ $hasSession = Session::load();
if (empty($_SERVER['persistent-id'])) {
if (Session::getUid() === false)
return false;
@@ -106,6 +119,11 @@ class User
return self::$user !== false;
}
// Try bwIDM etc.
+ if (!$hasSession) {
+ Session::create();
+ Session::set('token', md5(mt_rand() . $_SERVER['REMOTE_ADDR'] . microtime(true) . $_SERVER['persistent-id'] . mt_rand()));
+ Session::save();
+ }
self::$isShib = true;
if (!isset($_SERVER['sn'])) $_SERVER['sn'] = '';
if (!isset($_SERVER['givenName'])) $_SERVER['givenName'] = '';
@@ -133,9 +151,14 @@ class User
// No match in database, user is not signed up
return true;
}
+ if (Session::getUid() === false) {
+ Session::setUid($user['userid']);
+ Session::save();
+ }
// Already signed up, see if we can fetch missing fields from DB
self::$user['login'] = $user['login'];
self::$isInDb = true;
+ self::$isAnonymous = (empty($user['firstname']) && empty($user['lastname']));
foreach (array('firstname', 'lastname', 'email') as $key) {
if (empty(self::$user[$key]))
self::$user[$key] = $user[$key];
@@ -149,13 +172,15 @@ class User
Util::traceError('NO SHIBID');
if ($anonymous) {
Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
- . " VALUES (:shibid, :shibid, :org, '', '', '')", array(
+ . " VALUES (:shibid, :shibid, :org, '', '', '') "
+ . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = ''", array(
'shibid' => self::$user['shibid'],
'org' => self::getOrganizationId()
));
} else {
Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
- . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email)", array(
+ . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) "
+ . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email)", array(
'shibid' => self::$user['shibid'],
'firstname' => self::$user['firstname'],
'lastname' => self::$user['lastname'],
@@ -181,8 +206,13 @@ class User
public static function logout()
{
+ foreach ($_COOKIE as $name => $value) {
+ if (substr($name, 0, 5) !== '_shib')
+ continue;
+ @setcookie($name, '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+ }
Session::delete();
- Header('Location: ?do=Main&fromlogout');
+ Header('Location: ?do=Logout&noredirect=yes');
exit(0);
}
diff --git a/inc/util.inc.php b/inc/util.inc.php
index 4378a08..aaf46c6 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -95,11 +95,11 @@ SADFACE;
*/
public static function verifyToken()
{
- if (Session::get('token') === false)
+ if (Session::get('token') === false && Session::getUid() === false)
return true;
if (isset($_REQUEST['token']) && Session::get('token') === $_REQUEST['token'])
return true;
- Message::addError('token');
+ Message::addError('Fehlerhaftes Token!');
return false;
}