Logging the user out when truncating the sessions table

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8399
  • Loc: USA

Post 3+ Months Ago

What I'm trying to do in the system I'm writing is to log the user out when the user's information from the session's table is removed... or log everyone out once the table is being completely truncated.

I understand what I need to do and think I have it done, but it isn't working... On every page it checks for the user's activity and checking if the user is logged in, and where it checks if the user is logged in it checks if the user's data is in the database and if not, then the user is logged out in the PHP file, but it doesn't reflect it in real time testing. Below is what I have:
PHP Code: [ Select ]
<?php
    public function logged()
    {
        global $db;
       
        // Checking if session is set
        if(!isset($_SESSION['u_logged_in']))
        {
            return false;
        }
       
        // Checking if the user is logged in the session table
        $sql = $db->build_key_query(array('SELECT'    => 'userID',
                                          'FROM'      => SESSION_TABLE,
                                          'WHERE'     => array('userID' => $this->user_id)));
       
        // Checking if any entries exist
        if($db->num_rows($sql) == 0)
        {
            // Logging the user out
            $this->logout();
            return false;
        }
        return $_SESSION['u_logged_in'];
    }
 
    public function logout($userID = null, $_redirect = true)
    {
        global $db;
       
        // Making sure we log out the correct user
        $user_id = (is_numeric($userID)) ? $userID : $this->user_id;
       
        // Getting the correct group ID for the user
        $group_id = $db->_get_('groupID', USER_TABLE, array('userID' => $user_id));
       
        // Generating the SQL
        $sql = $db->build_remove(SESSION_TABLE, array('userID'     => $user_id,
                                                      'groupID'    => $group_id));
       
        // Removing the user session from the session table
        $db->resource($sql);
       
        // Removing the session arrays
        $_SESSION = array();
       
        // Regenerating the session ID
        session_regenerate_id();
       
        // Destroying current session
        session_destroy();
       
        // Checking if we are redirecting the user
        if($_redirect)
        {
            // Default redirection page
            $redirect = 'index.php';
           
            // Checking if they came from another page
            if(!empty($_GET['page']) && !strpos('..', $_GET['page']))
            {
                $redirect = $_GET['page'];
            }
             
            // Sending the user to the main page
            header("LOCATION: {$redirect}");
        }
    }
?>
  1. <?php
  2.     public function logged()
  3.     {
  4.         global $db;
  5.        
  6.         // Checking if session is set
  7.         if(!isset($_SESSION['u_logged_in']))
  8.         {
  9.             return false;
  10.         }
  11.        
  12.         // Checking if the user is logged in the session table
  13.         $sql = $db->build_key_query(array('SELECT'    => 'userID',
  14.                                           'FROM'      => SESSION_TABLE,
  15.                                           'WHERE'     => array('userID' => $this->user_id)));
  16.        
  17.         // Checking if any entries exist
  18.         if($db->num_rows($sql) == 0)
  19.         {
  20.             // Logging the user out
  21.             $this->logout();
  22.             return false;
  23.         }
  24.         return $_SESSION['u_logged_in'];
  25.     }
  26.  
  27.     public function logout($userID = null, $_redirect = true)
  28.     {
  29.         global $db;
  30.        
  31.         // Making sure we log out the correct user
  32.         $user_id = (is_numeric($userID)) ? $userID : $this->user_id;
  33.        
  34.         // Getting the correct group ID for the user
  35.         $group_id = $db->_get_('groupID', USER_TABLE, array('userID' => $user_id));
  36.        
  37.         // Generating the SQL
  38.         $sql = $db->build_remove(SESSION_TABLE, array('userID'     => $user_id,
  39.                                                       'groupID'    => $group_id));
  40.        
  41.         // Removing the user session from the session table
  42.         $db->resource($sql);
  43.        
  44.         // Removing the session arrays
  45.         $_SESSION = array();
  46.        
  47.         // Regenerating the session ID
  48.         session_regenerate_id();
  49.        
  50.         // Destroying current session
  51.         session_destroy();
  52.        
  53.         // Checking if we are redirecting the user
  54.         if($_redirect)
  55.         {
  56.             // Default redirection page
  57.             $redirect = 'index.php';
  58.            
  59.             // Checking if they came from another page
  60.             if(!empty($_GET['page']) && !strpos('..', $_GET['page']))
  61.             {
  62.                 $redirect = $_GET['page'];
  63.             }
  64.              
  65.             // Sending the user to the main page
  66.             header("LOCATION: {$redirect}");
  67.         }
  68.     }
  69. ?>

Any help?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Nightslyr
  • Proficient
  • Proficient
  • Nightslyr
  • Posts: 283

Post 3+ Months Ago

I'd do something like this:

PHP Code: [ Select ]
public function logged()
{
    // Note, no 'global'.  Why?  Because our user object should
    // have a reference to the db.  'Global' breaks
    // encapsulation, one of the main components of OOP
 
    // Checking if the user is logged in the session table
    $sql = $this->db->build_key_query(array('SELECT'    => 'userID',
                                            'FROM'      => SESSION_TABLE,
                                            'WHERE'     => array('userID' => $this->user_id)));
 
   
    if($this->db->num_rows($sql) == 0 || !isset($_SESSION['u_logged_in']))
    {
        $this->logout();
        return false
    }
       
    return $_SESSION['u_logged_in'];
}
  1. public function logged()
  2. {
  3.     // Note, no 'global'.  Why?  Because our user object should
  4.     // have a reference to the db.  'Global' breaks
  5.     // encapsulation, one of the main components of OOP
  6.  
  7.     // Checking if the user is logged in the session table
  8.     $sql = $this->db->build_key_query(array('SELECT'    => 'userID',
  9.                                             'FROM'      => SESSION_TABLE,
  10.                                             'WHERE'     => array('userID' => $this->user_id)));
  11.  
  12.    
  13.     if($this->db->num_rows($sql) == 0 || !isset($_SESSION['u_logged_in']))
  14.     {
  15.         $this->logout();
  16.         return false
  17.     }
  18.        
  19.     return $_SESSION['u_logged_in'];
  20. }


...now that I look at it closer, are you getting any db errors in your second method? If userID is defaulting to null, then what would $this->user_id equal? Would it be a useable value in a db query? Are you working with PHP errors turned on?

Finally, again, you're using 'global', and this time in an object. I don't know why you're so fixated on using 'global'. There is never a good reason to use 'global'. Never. In OOP especially, you break encapsulation. If your object requires a reference to a db object in order to work, then compose the two. Use dependency injection and do it right.

In the long run, you're not doing much good using objects simply as abstract data types. It's procedural programming with objects, not OOP. If you're going to play with objects, you should learn some of the theory behind it and common use patterns. Get Zandstra's book, and get the Gang of Four's book to see how to do it right.
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8399
  • Loc: USA

Post 3+ Months Ago

The role that $userID is playing in that function isn't complete. If it's set to null then it logs the current user out (The user that initiated that function)... so $this->user_id is that user's ID.

If the $userID is set to a number it removes the $userID's info from the session table and that user (Not the user who initiated that function) would be logged out.

Below is what I believe to be a finished logout() function
PHP Code: [ Select ]
<?
    /*
     * public function log_out([ int $userID [, bool $_redirect])
     *      @integer $userID = The ID of the user we want to log out
     *      @boolean $_redirect = True if we are redirecting, false if not
     *
     * Logging the user out
     */
   
    public function logout($userID = null, $_redirect = true)
    {
        global $db;
       
        // Making sure we log out the correct user
        $user_id = (is_numeric($userID)) ? $userID : $this->user_id;
       
        // Getting the correct group ID for the user
        $group_id = (is_numeric($userID)) ? $db->_get_('groupID', USER_TABLE, array('userID' => $user_id)) : $this->group_id;
       
        // Generating the SQL
        $sql = $db->build_remove(SESSION_TABLE, array('userID'     => $user_id,
                                                      'groupID'    => $group_id));
       
        // Removing the user session from the session table
        $db->resource($sql);
       
        if(!is_numeric($userID))
        {
            // Removing the session arrays
            $_SESSION = array();
           
            // Regenerating the session ID
            session_regenerate_id();
           
            // Destroying current session
            session_destroy();
           
            // Checking if we are redirecting the user
            if($_redirect)
            {
                // Default redirection page
                $redirect = 'index.php';
               
                // Checking if they came from another page
                if(!empty($_GET['page']) && !strpos('..', $_GET['page']))
                {
                    $redirect = $_GET['page'];
                }
               
                // Sending the user to the main page
                header("LOCATION: {$redirect}");
            }
        }
    }
?>
  1. <?
  2.     /*
  3.      * public function log_out([ int $userID [, bool $_redirect])
  4.      *      @integer $userID = The ID of the user we want to log out
  5.      *      @boolean $_redirect = True if we are redirecting, false if not
  6.      *
  7.      * Logging the user out
  8.      */
  9.    
  10.     public function logout($userID = null, $_redirect = true)
  11.     {
  12.         global $db;
  13.        
  14.         // Making sure we log out the correct user
  15.         $user_id = (is_numeric($userID)) ? $userID : $this->user_id;
  16.        
  17.         // Getting the correct group ID for the user
  18.         $group_id = (is_numeric($userID)) ? $db->_get_('groupID', USER_TABLE, array('userID' => $user_id)) : $this->group_id;
  19.        
  20.         // Generating the SQL
  21.         $sql = $db->build_remove(SESSION_TABLE, array('userID'     => $user_id,
  22.                                                       'groupID'    => $group_id));
  23.        
  24.         // Removing the user session from the session table
  25.         $db->resource($sql);
  26.        
  27.         if(!is_numeric($userID))
  28.         {
  29.             // Removing the session arrays
  30.             $_SESSION = array();
  31.            
  32.             // Regenerating the session ID
  33.             session_regenerate_id();
  34.            
  35.             // Destroying current session
  36.             session_destroy();
  37.            
  38.             // Checking if we are redirecting the user
  39.             if($_redirect)
  40.             {
  41.                 // Default redirection page
  42.                 $redirect = 'index.php';
  43.                
  44.                 // Checking if they came from another page
  45.                 if(!empty($_GET['page']) && !strpos('..', $_GET['page']))
  46.                 {
  47.                     $redirect = $_GET['page'];
  48.                 }
  49.                
  50.                 // Sending the user to the main page
  51.                 header("LOCATION: {$redirect}");
  52.             }
  53.         }
  54.     }
  55. ?>

And I have a question about that function... is it ok, or is it frowned upon to have a function in a ternary operator?
PHP Code: [ Select ]
$group_id = (is_numeric($userID)) ? $db->_get_('groupID', USER_TABLE, array('userID' => $user_id)) : $this->group_id;

Reasons I use globals is that a lot of my classes uses a function from a different class.

I have a global PHP file that every page includes and that global PHP file includes and initiates the important classes so I could use them in the system. Otherwise every class would have to initiate those classes and I think that would look kind of ugly.
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8399
  • Loc: USA

Post 3+ Months Ago

Nightslyr wrote:
I'd do something like this:

PHP Code: [ Select ]
public function logged()
{
    // Note, no 'global'.  Why?  Because our user object should
    // have a reference to the db.  'Global' breaks
    // encapsulation, one of the main components of OOP
 
    // Checking if the user is logged in the session table
    $sql = $this->db->build_key_query(array('SELECT'    => 'userID',
                                            'FROM'      => SESSION_TABLE,
                                            'WHERE'     => array('userID' => $this->user_id)));
 
   
    if($this->db->num_rows($sql) == 0 || !isset($_SESSION['u_logged_in']))
    {
        $this->logout();
        return false
    }
       
    return $_SESSION['u_logged_in'];
}
  1. public function logged()
  2. {
  3.     // Note, no 'global'.  Why?  Because our user object should
  4.     // have a reference to the db.  'Global' breaks
  5.     // encapsulation, one of the main components of OOP
  6.  
  7.     // Checking if the user is logged in the session table
  8.     $sql = $this->db->build_key_query(array('SELECT'    => 'userID',
  9.                                             'FROM'      => SESSION_TABLE,
  10.                                             'WHERE'     => array('userID' => $this->user_id)));
  11.  
  12.    
  13.     if($this->db->num_rows($sql) == 0 || !isset($_SESSION['u_logged_in']))
  14.     {
  15.         $this->logout();
  16.         return false
  17.     }
  18.        
  19.     return $_SESSION['u_logged_in'];
  20. }


...now that I look at it closer, are you getting any db errors in your second method? If userID is defaulting to null, then what would $this->user_id equal? Would it be a useable value in a db query? Are you working with PHP errors turned on?

Finally, again, you're using 'global', and this time in an object. I don't know why you're so fixated on using 'global'. There is never a good reason to use 'global'. Never. In OOP especially, you break encapsulation. If your object requires a reference to a db object in order to work, then compose the two. Use dependency injection and do it right.

In the long run, you're not doing much good using objects simply as abstract data types. It's procedural programming with objects, not OOP. If you're going to play with objects, you should learn some of the theory behind it and common use patterns. Get Zandstra's book, and get the Gang of Four's book to see how to do it right.

Also, I can't use that function... when the session isn't set then the user is simply not logged in and there is no point in logging him out. But if the function check gets to the database check then the session has to be set (means the user is logged in), and if there is nothing in the database (means the user is actually logged out... the database takes dominance) and then I need to log the user out.

This way, I'd be redirecting the user to logout when the user isn't logged in and when the user gets to the logout function, the system checks his login status and finds out that the session isn't set (which means, according to the code, we need to log him out) we redirect the user back to the logout function and it's an endless loop... :(
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8399
  • Loc: USA

Post 3+ Months Ago

I also found my problem... I have my SQL class caching my results, and if it's cached it would take the info from the cache file which lasts for 1 day... :lol:

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 76 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.