function testWipeSession() { //session_start(); $_SESSION['isAuthenticated'] = 'foo'; $_SESSION['fingerprint'] = 'bar'; $_SESSION['userdata'] = array('baz'); $this->expectError("Cannot modify header information - headers already sent"); util_wipeSession(); $this->assertFalse(isset($_SESSION['isAuthenticated'])); $this->assertFalse(isset($_SESSION['fingerprint'])); $this->assertFalse(isset($_SESSION['userdata'])); }
function util_redirectToAppHomeWithPrejudice() { util_wipeSession(); util_redirectToAppHome(); }
// else { // // SECTION: must be signed in to view pages; otherwise, redirect to index splash page // if (!strpos(APP_FOLDER . "/index.php", $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])) { // // TODO: add logging? // util_redirectToAppHome('info', 'msg_do_sign_in'); // } // } } else { // SECTION: authenticated if ($_SESSION['fingerprint'] != $FINGERPRINT) { // TODO: add logging? util_redirectToAppHomeWithPrejudice(); } if (isset($_REQUEST['submit_signout'])) { // SECTION: wants to log out util_wipeSession(); util_redirectToAppHome(); // NOTE: the above is the same as util_redirectToAppHomeWithPrejudice, but this code is easier to follow/read when the two parts are shown here } } $IS_AUTHENTICATED = util_checkAuthentication(); if ($IS_AUTHENTICATED) { // SECTION: is signed in // now create user object $USER = new User(['username' => $_SESSION['userdata']['username'], 'DB' => $DB]); //echo "<pre>"; print_r($USER); echo "</pre>"; // now check if user data differs from session data, and if so, update the users db record (this might be a part of the User construct method) $USER->refreshFromDb(); //echo "<pre>"; print_r($USER); echo "</pre>"; //print_r($_SESSION['userdata']); $USER->updateDbFromAuth($_SESSION['userdata']);