From e15599108f64bd816eb32f8028a81e3db76c19ff Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 31 Jan 2016 16:52:52 -0500 Subject: Implement PHP session semantics in Framework class Added PHP session handling to core framework. Functions now exist to set the current user, get the current user, and get the IP address used to login (to compare with furure requests on the same session to combat session hijacking). --- app/class/framework.class.php | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'app/class/framework.class.php') diff --git a/app/class/framework.class.php b/app/class/framework.class.php index d1293de..74c4b14 100644 --- a/app/class/framework.class.php +++ b/app/class/framework.class.php @@ -4,7 +4,11 @@ is_file("scrott.conf.php") && require_once "scrott.conf.php"; +/* Init PHP session */ +session_start(); + require_once "class/mysql.class.php"; +require_once "class/user.class.php"; /* * Global functions / operations and access to contextual or session-based information @@ -47,6 +51,43 @@ abstract class Framework exit; } + /* + * Get a user object for the currently logged in user. Returns false if session is logged out. + */ + function getCurrentUser() + { + if (isset($_SESSION['userguid'])) + return new User($_SESSION['userguid']); + + return false; + } + + /* + * Get the IP address the client held when the current session began + */ + function getOriginIP() + { + return $_SESSION['userip']; + } + + /* + * Set the current logged in user + */ + function setCurrentUser($user = null) + { + if ($user != null && isset($user->guid)) + { + $_SESSION['userguid'] = $user->guid; + $_SESSION['userip'] = $_SERVER['REMOTE_ADDR']; + } + + else + { + unset($_SESSION['userguid']); + unset($_SESSION['userip']); + } + } + /* * Get or create the app's database connection object (this is a singleton object and dependent on system-level config) */ -- cgit v1.2.3