function get_user_id()
{
//attempt to retrieve user session
$session = user_getsession();
//retrieve user id
$uid = $session['user_id'];
return $uid;
}
<?php
require_once 'db_functions.php';
require_once 'user_functions.php';
//attempt to retrieve user session
$session = user_getsession();
/* if user has not logged in at all, send to login page */
if (!$session) {
header("Location: login.php");
exit;
} else {
logout($session['user_id']);
}
header("Location: login.php");
exit;
}
//attempt to retrieve user session
$session = user_getsession();
/* if user has not logged in at all, send to login page */
if (!$session) {
header("Location: login.php");
exit;
}
//retrieve user id
$uid = $session['user_id'];
//check to see if user is already authenticating
//this prevents RFC 2289 specified race condition
//while ($session['locked']) {
while (locked_for_authentication($uid, $session['session_hash'])) {
/* spin until lock is released or timeout happens */
$session = user_getsession($uid);
if (spinlock_timeout_reached()) {
header("Location: retry.php");
exit;
}
}
//lock account while authenticating
set_session_lock($uid);
//sets "locked" flag on session table
//check of otp auth has been enabled on account
$otp_auth_enabled = user_getotpauth($uid);
//retrieves otp_enabled flag from user table
if ($otp_auth_enabled) {
if ($session['otp_auth']) {
/* success, user has already authenticated with otp */
} else {
