function get_user_id() { //attempt to retrieve user session $session = user_getsession(); //retrieve user id $uid = $session['user_id']; return $uid; }
<?php require_once 'db_functions.php'; require_once 'user_functions.php'; //attempt to retrieve user session $session = user_getsession(); /* if user has not logged in at all, send to login page */ if (!$session) { header("Location: login.php"); exit; } else { logout($session['user_id']); } header("Location: login.php"); exit;
} //attempt to retrieve user session $session = user_getsession(); /* if user has not logged in at all, send to login page */ if (!$session) { header("Location: login.php"); exit; } //retrieve user id $uid = $session['user_id']; //check to see if user is already authenticating //this prevents RFC 2289 specified race condition //while ($session['locked']) { while (locked_for_authentication($uid, $session['session_hash'])) { /* spin until lock is released or timeout happens */ $session = user_getsession($uid); if (spinlock_timeout_reached()) { header("Location: retry.php"); exit; } } //lock account while authenticating set_session_lock($uid); //sets "locked" flag on session table //check of otp auth has been enabled on account $otp_auth_enabled = user_getotpauth($uid); //retrieves otp_enabled flag from user table if ($otp_auth_enabled) { if ($session['otp_auth']) { /* success, user has already authenticated with otp */ } else {