Implement PHP session semantics in Framework class

Added PHP session handling to core framework.  Functions now exist to set the current user, get the current user, and get the IP address
used to login (to compare with furure requests on the same session to combat session hijacking).

1 files changed, 41 insertions, 0 deletions

diff --git a/app/class/framework.class.php b/app/class/framework.class.php
index d1293de..74c4b14 100644
--- a/app/class/framework.class.php
+++ b/app/class/framework.class.php
@@ -4,7 +4,11 @@
 is_file("scrott.conf.php") &&
     require_once "scrott.conf.php";
 
+/* Init PHP session */
+session_start();
+
 require_once "class/mysql.class.php";
+require_once "class/user.class.php";
 
 /*
  * Global functions / operations and access to contextual or session-based information
@@ -48,6 +52,43 @@ abstract class Framework
     }
 
     /*
+     * Get a user object for the currently logged in user.  Returns false if session is logged out.
+     */
+    function getCurrentUser()
+    {
+        if (isset($_SESSION['userguid']))
+            return new User($_SESSION['userguid']);
+
+        return false;
+    }
+
+    /*
+     * Get the IP address the client held when the current session began
+     */
+    function getOriginIP()
+    {
+        return $_SESSION['userip'];
+    }
+
+    /*
+     * Set the current logged in user
+     */
+    function setCurrentUser($user = null)
+    {
+        if ($user != null && isset($user->guid))
+        {
+            $_SESSION['userguid'] = $user->guid;
+            $_SESSION['userip'] = $_SERVER['REMOTE_ADDR'];
+        }
+
+        else
+        {
+            unset($_SESSION['userguid']);
+            unset($_SESSION['userip']);
+        }
+    }
+
+    /*
      * Get or create the app's database connection object (this is a singleton object and dependent on system-level config)
      */
     static function getDbConnection()