|
|
Posted by dawnerd on 04/30/07 23:08
HI everyone.
I have another little problem that I could use some advice on. I have
a session class that handles creating a simple session to keep my
users logged in. It works fine. However, the session will expire in a
random amount of time. I've checked php's configuration and they are
set to expire when the browser is closed (and is what I want). It also
uses cookie sessions rather than the session if in the url. I have
access to both php4 and 5 if needed (all of the code is php4 though).
Here is some of the session code.
/**
* newSession( $userId, $password )
* Creates a blank session.
*/
function newSession( $userId, $password )
{
/**
* Set the user info in the session.
*/
$config = new configuration( $this->database );
$config->getConfig();
$configArray = $config->configArray;
$_SESSION['honey'] = $userId;
$_SESSION['bun'] = sha1( $configArray['salt'] . $userId .
md5( $password ) );
$_SESSION['glaze'] = time();
}
/**
* checkSession()
* Checks the current session.
*/
function checkSession()
{
$config = new configuration( $this->database );
$config->getConfig();
$configArray = $config->configArray;
$userId = mysql_real_escape_string( $_SESSION['honey'] );
$this->current_user_id = $userId;
$sql = "SELECT * FROM `users` WHERE `id` = '$userId'";
$query = $this->database->query( $sql );
$num = $this->database->count_rows( $query );
/**
* Check if user exists
*/
if( $num != 1 )
{
$this->error = "Session expired.";
return false;
}
/**
* Check hashes
*/
$sql = "SELECT * FROM `users` WHERE `id` = '$userId'";
$query = $this->database->query( $sql );
$row = $this->database->get_row( $query );
$tempHash = sha1( $configArray['salt'] . $userId .
md5( $row['pass'] ) );
if( $_SESSION['bun'] != $tempHash )
{
$this->error = "Hashes do not match.";
return false;
}
/**
* Check if session is expired.
*/
$tempTime = time() - 82400;
if( $_SESSION['glaze'] < $tempTime )
{
if ( isset( $_COOKIE[session_name()] ) )
{
setcookie( session_name(), '', time()-42000, '/' );
}
session_destroy();
$this->error = "Session timed out";
return false;
}
$this->getUsernameFromId( $userId );
$this->updateSession();
return true;
}
I always get the session expired error I return. Any idea?
Improvements?
Navigation:
[Reply to this message]
|