not destroying the session
Posted: Wed Apr 09, 2008 11:09 am
Hi
I have a site where users can login to view some information.
When a user logs out and a new user signs up, the new user is able to view the previous users information.
The session doesn't seem to be getting destroyed and I can't figure out why.
All help is much appreciated
I have a site where users can login to view some information.
When a user logs out and a new user signs up, the new user is able to view the previous users information.
The session doesn't seem to be getting destroyed and I can't figure out why.
Code: Select all
<?php
class Authentications_Model
{
function Authentications_Model()
{
$this->session_id = session_id();
}
function get_session()
{
$fct_name = 'get_session';
function_start($fct_name);
$time = time();
global $db;
$ins_session_id = $db->quote_null_or_var($this->session_id);
$ins_expiry_time= $db->quote_null_or_var($time);
$sql = " SELECT * FROM sessions ".
" WHERE session_id = $ins_session_id ".
" AND expires > $ins_expiry_time ";
$result = $db->db_query($sql);
$rows = $db->db_num_rows($result);
$rows?$row=$db->db_fetch($result):$row=false;
if(!$row)
{
debug("there is no session for this user. They are not logged in, returning false");
}
else
{
debug("The user is logged in. The row is:");
debug_row($row);
}
function_end($fct_name);
return $row;
}
function update_session_time()
{
$fct_name = 'update_session_time';
function_start($fct_name);
$expiry_time = time() + MAX_LOGIN_TIME;
global $db;
$res = $db->update_row( 'sessions',
array('expires'=> $expiry_time),
array('session_id' => $this->session_id)
);
function_end($fct_name);
return $res;
}
function insert_login($user_name, $password)
{
$fct_name = 'insert_login';
function_start($fct_name);
global $db;
$encrypted_password = encrypt_password($password);
$ins_user_name = $db->quote_null_or_var($user_name);
$ins_encrypted_password = $db->quote_null_or_var($encrypted_password);
$sql = " SELECT * FROM users " .
" WHERE UPPER(user_name) = UPPER($ins_user_name) ".
" AND password = $ins_encrypted_password ".
" AND coach = '1' ";
$res = $db->db_query($sql);
$user_row = $db->db_fetch($res);
if($user_row)
{
global $authentication;
$authentication = $user_row;
debug("correct username and password so now insert a session");
$expires = time() + MAX_LOGIN_TIME;
$insert = $db->insert_row( 'sessions',
array('session_id' => $this->session_id,
'user_id' => $user_row['id'],
'expires' => $expires,
'ip_address' => $_SERVER["REMOTE_ADDR"]
)
);
function_end($fct_name);
return true;
}
else
{
function_end($fct_name);
return false;
}
}
function expire_login()
{
$fct_name = 'expire_login';
function_start($fct_name);
global $db;
global $authentication;
session_destroy();
setcookie ("PHPSESSID", "", time()-60000);
$expires = time() - 60;
debug("set the logout time to be an hour ago [$expires]");
$insert = $db->delete( 'sessions',
array('user_id' => $authentication['id'])
);
$authentication = false;
function_end($fct_name);
}
}
?>