public static function start() { global $gvSessionTimeout; if (session_status() != PHP_SESSION_NONE) { return; } session_start(); if (isset($_SESSION['lastActivity'])) { if (time() - $_SESSION['lastActivity'] >= $gvSessionTimeout) { if (isset($_SESSION['op_code'])) { Operator::clearTableForLogout($_SESSION['op_code']); } // Session expired session_destroy(); unset($_SESSION); session_start(); session_regenerate_id(); gfSetDelayedMsg('La sessione è scaduta.', 'Err'); } } $_SESSION['lastActivity'] = time(); // Set userlevel if (!isset($_SESSION['userLevel'])) { $_SESSION['userLevel'] = Page::NORMAL_USER; } if (isset($_SESSION['op_code'])) { $op = Operator::fromDatabaseByCode($_SESSION['op_code']); if ($op) { // This is not really a session variable // It will be reloaded at every request // It's just to be used in other classes $_SESSION['operator'] = $op; if (!isset($_SESSION['td_served'])) { $_SESSION['td_served'] = array(); } } else { // Operator deleted while still logged in? self::logoutOperator(); } } if (isset($_SESSION['desk_number'])) { $desk = Desk::fromDatabaseByNumber($_SESSION['desk_number']); if ($desk) { $_SESSION['desk'] = $desk; $desk->updateLastActivityTime(); $desk->save(); } else { self::logoutOperator(); } } }
private function getOperator() { if (!$this->operator) { // Get from session if (isset($_SESSION['operator'])) { $this->operator = $_SESSION['operator']; } else { if (isset($_SESSION['op_code'])) { $this->operator = Operator::fromDatabaseByCode($_SESSION['op_code']); } else { throw new Exception("Unable to retrieve logged-in operator."); } } } return $this->operator; }
public function execute() { global $gvMinPasswordLength, $gvPath; $op_password = gfPostVar('op_password', ''); $op_password_repete = gfPostVar('op_password_repete', ''); // Trim data $this->op_code = trim($this->op_code); $this->op_name = trim($this->op_name); $this->op_surname = trim($this->op_surname); // Data validation if ($this->op_code === '' || $this->op_name === '' || $this->op_surname === '') { $this->message = "Errore: tutti i campi sono obbligatori."; return true; } if ($this->op_id === 0 && $op_password === '') { $this->message = "Errore: il campo password è obbligatorio."; return true; } if ($op_password && strlen($op_password) < $gvMinPasswordLength) { $this->message = "Errore: la password deve contenere almeno " . "{$gvMinPasswordLength} caratteri."; return true; } if ($op_password !== $op_password_repete) { $this->message = "Errore: le password non coincidono."; return true; } // Allow only letters and digits in op_code if (preg_match('/^[0-9a-z]+$/i', $this->op_code) !== 1) { $this->message = "Errore: il codice operatore non è valido."; return true; } // Check name if (preg_match('/^[a-z \'àèéìòù]+$/i', $this->op_name) !== 1) { $this->message = "Errore: il nome contiene caratteri non validi."; return true; } // Check surname if (preg_match('/^[a-z \'àèéìòù]+$/i', $this->op_surname) !== 1) { $this->message = "Errore: il cognome contiene caratteri non validi."; return true; } // Check if code is taken for new operator $op = Operator::fromDatabaseByCode($this->op_code); if ($op && ($this->op_id === 0 || $this->op_id !== (int) $op->getId())) { $this->message = "Errore: il codice operatore non è disponibile."; return true; } unset($op); // Check operator is offline (only when edit) if ($this->op_id !== 0) { $operator = Operator::fromDatabaseById($this->op_id); if (!$operator) { $this->message = "Errore interno: il record non è presente."; return true; } if ($operator->isOnline()) { $this->message = "L'operatore è online, impossibile modificarlo."; return true; } } if ($this->op_id === 0) { $op = Operator::newRecord(); $op->setCode($this->op_code); $op->setName($this->op_name); $op->setSurname($this->op_surname); $op->setPassword($op_password); } else { $op = Operator::fromDatabaseById($this->op_id); $op->setCode($this->op_code); $op->setName($this->op_name); $op->setSurname($this->op_surname); if ($op_password) { $op->setPassword($op_password); } } if ($op->save()) { gfSetDelayedMsg('Operazione effettuata correttamente', 'Ok'); $redirect = new RedirectOutput("{$gvPath}/application/adminOperatorList"); return $redirect; } else { $this->message = "Impossibile salvare le modifiche. Ritentare in seguito."; return true; } }