Example #1
0
 /* rm logout flag out else a sequential logout->login will result in a logout */
 $thisURI = RemoveKVP($thisURI, 'logout=1');
 $thisURI = AppendKVP($thisURI, 'offset=1');
 $thisURIEncoded = rawurlencode($thisURI);
 $thisScript = $pathArray[count($pathArray) - 1];
 $sid = $_COOKIE['sid'];
 //TODO:SEC: Consider regenerating session id
 if ($sid == '') {
     MakeNewSession();
 } else {
     /* Use composite index to quickly discover user if it's logged in */
     $session = new Session("loggedIn = 1 AND sessionID = '{$sid}'");
     /* If session isn't logged in search on sid */
     if ($session->IsEmpty()) {
         $session = new Session("sessionID = '{$sid}'");
         if ($session->IsEmpty()) {
             /* This would happen if the session database changed */
             MakeNewSession();
         }
     } else {
         /* TODO:TEST: Need to test transporting cookies to another workstation
            to see if this works */
         if ($session->GetIPAddress() != $_SERVER['REMOTE_ADDR']) {
             $user =& $session->User();
             $session->SessionIPChanged('User', $user->ID(), $session->GetIPAddress() . ' -> ' . $_SERVER['REMOTE_ADDR']);
             $user->Logout();
         }
     }
 }
 if ($post) {
     switch ($postType) {