function testWipeSession()
{
//session_start();
$_SESSION['isAuthenticated'] = 'foo';
$_SESSION['fingerprint'] = 'bar';
$_SESSION['userdata'] = array('baz');
$this->expectError("Cannot modify header information - headers already sent");
util_wipeSession();
$this->assertFalse(isset($_SESSION['isAuthenticated']));
$this->assertFalse(isset($_SESSION['fingerprint']));
$this->assertFalse(isset($_SESSION['userdata']));
}
function util_redirectToAppHomeWithPrejudice()
{
util_wipeSession();
util_redirectToAppHome();
}
// else {
// // SECTION: must be signed in to view pages; otherwise, redirect to index splash page
// if (!strpos(APP_FOLDER . "/index.php", $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])) {
// // TODO: add logging?
// util_redirectToAppHome('info', 'msg_do_sign_in');
// }
// }
} else {
// SECTION: authenticated
if ($_SESSION['fingerprint'] != $FINGERPRINT) {
// TODO: add logging?
util_redirectToAppHomeWithPrejudice();
}
if (isset($_REQUEST['submit_signout'])) {
// SECTION: wants to log out
util_wipeSession();
util_redirectToAppHome();
// NOTE: the above is the same as util_redirectToAppHomeWithPrejudice, but this code is easier to follow/read when the two parts are shown here
}
}
$IS_AUTHENTICATED = util_checkAuthentication();
if ($IS_AUTHENTICATED) {
// SECTION: is signed in
// now create user object
$USER = new User(['username' => $_SESSION['userdata']['username'], 'DB' => $DB]);
//echo "<pre>"; print_r($USER); echo "</pre>";
// now check if user data differs from session data, and if so, update the users db record (this might be a part of the User construct method)
$USER->refreshFromDb();
//echo "<pre>"; print_r($USER); echo "</pre>";
//print_r($_SESSION['userdata']);
$USER->updateDbFromAuth($_SESSION['userdata']);
