/**
* Checks whether a session exists for the given user and creates a new one or updates the existing one.
*
* @author KnowledgeTree Team
* @access protected
* @static
* @param User $user The User object
* @param int $ip The users IP address
* @param string $app The originating application type - ws => webservices | webapp => web application | webdav
* @return array|PEAR_Error Returns the session string and session id (DB) | a PEAR_Error on failure
*/
function _check_session(&$user, $ip, $app)
{
$user_id = $user->getId();
Session::removeStaleSessions($user_id);
$config =& KTConfig::getSingleton();
$validateSession = $config->get('webservice/validateSessionCount', false);
if ($validateSession) {
$sql = "SELECT count(*) >= u.max_sessions as over_limit FROM active_sessions ass INNER JOIN users u ON ass.user_id=u.id WHERE ass.user_id = {$user_id} AND ass.apptype != 'ws'";
$row = DBUtil::getOneResult($sql);
if (PEAR::isError($row)) {
return $row;
}
if (is_null($row)) {
return new PEAR_Error('No record found for user?');
}
if ($row['over_limit'] + 0 == 1) {
return new PEAR_Error('Session limit exceeded. Logout of any active sessions.');
}
}
$session = session_id();
$newSessionRequired = false;
if ($app == 'ws') {
$sql = "select id from active_sessions where user_id={$user_id} AND apptype='ws' and ip='{$ip}'";
$row = DBUtil::getOneResult($sql);
if (empty($row)) {
$newSessionRequired = true;
} else {
$sessionid = $row['id'];
$sql = "update active_sessions set session_id='{$session}' where id={$sessionid}";
DBUtil::runQuery($sql);
}
} else {
$newSessionRequired = true;
}
if ($newSessionRequired) {
$sessionid = DBUtil::autoInsert('active_sessions', array('user_id' => $user_id, 'session_id' => session_id(), 'lastused' => date('Y-m-d H:i:s'), 'ip' => $ip, 'apptype' => $app));
if (PEAR::isError($sessionid)) {
return $sessionid;
}
}
return array($session, $sessionid);
}
