1 files changed, 46 insertions, 16 deletions

diff --git a/inc/session.inc.php b/inc/session.inc.php
index b9adfcb..6718006 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -4,8 +4,8 @@
 class Session
 {
 	private static $sid = false;
-	private static $uid = false;
 	private static $data = false;
+	private static $needUpdate = true;
 	
 	private static function generateSessionId()
 	{
@@ -26,7 +26,6 @@ class Session
 	public static function create()
 	{
 		self::generateSessionId();
-		self::$uid = 0;
 		self::$data = array();
 	}
 
@@ -38,20 +37,19 @@ class Session
 		if (self::readSessionData()) return true;
 		// Loading session data failed
 		self::delete();
+		return false;
 	}
 
 	public static function getUid()
 	{
-		return self::$uid;
+		return self::get('uid');
 	}
 
 	public static function setUid($value)
 	{
-		if (self::$uid === false)
-			Util::traceError('Tried to set session data with no active session');
 		if (!is_numeric($value) || $value < 1)
 			Util::traceError('Invalid user id: ' . $value);
-		self::$uid = $value;
+		self::set('uid', (int)$value);
 	}
 
 	public static function get($key)
@@ -61,6 +59,16 @@ class Session
 		return false;
 	}
 
+	public static function set($key, $value)
+	{
+		if (!is_array(self::$data))
+			Util::traceError('Tried to set session data with no active session');
+		if (isset(self::$data[$key]) && self::$data[$key] === $value)
+			return;
+		self::$data[$key] = $value;
+		self::$needUpdate = true;
+	}
+
 	private static function loadSessionId()
 	{
 		if (self::$sid !== false)
@@ -73,27 +81,49 @@ class Session
 		self::$sid = $id;
 		return true;
 	}
-	
+
 	public static function delete()
 	{
 		if (self::$sid === false) return;
 		Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid));
 		@setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
 		self::$sid = false;
-		self::$uid = false;
+		self::$data = false;
 	}
-	
+
 	public static function save()
 	{
-		if (self::$sid === false || self::$uid === false || self::$uid === 0)
+		if (self::$sid === false || self::$data === false || !self::$needUpdate)
 			return;
-		$ret = Database::exec('INSERT INTO websession (sid, userid, dateline) '
-			. ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) '
-			. ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)',
-			array('sid' => self::$sid, 'uid' => self::$uid));
-		if (!$ret) Util::traceError('Storing session data  in dahdähbank failed.');
+		$data = json_encode(self::$data);
+		$ret = Database::exec('INSERT INTO websession (sid, dateline, data) '
+			. ' VALUES (:sid, UNIX_TIMESTAMP(), :data) '
+			. ' ON DUPLICATE KEY UPDATE dateline = VALUES(dateline), data = VALUES(data)',
+			array('sid' => self::$sid, 'data' => $data));
+		if ($ret === false)
+			Util::traceError('Storing session data in Dahdähbank failed.');
 		$ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
-		if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
+		if ($ret === false)
+			Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
 	}
+
+	public static function readSessionData()
+	{
+		if (self::$sid === false || self::$data !== false)
+			Util::traceError('Tried to readSessionData on an active session!');
+		$data = Database::queryFirst('SELECT dateline, data FROM websession WHERE sid = :sid LIMIT 1', array('sid' => self::$sid));
+		if ($data === false)
+			return false;
+		if ($data['dateline'] + CONFIG_SESSION_TIMEOUT < time()) {
+			self::delete();
+			return false;
+		}
+		self::$needUpdate = ($data['dateline'] + 3600 < time());
+		self::$data = @json_decode($data['data'], true);
+		if (!is_array(self::$data))
+			self::$data = array();
+		return true;
+	}
+
 }