Merge pull request #13 from ThomasRubini/session_manager

2023-01-17 11:38:51 +01:00 · 2023-01-17 11:38:51 +01:00 · 99d1dc489c
commit 99d1dc489c
parent 5c34eebbf5 dcf45f3492
3 changed files with 62 additions and 18 deletions
--- a/Controllers/UserController.php
+++ b/Controllers/UserController.php
@ -35,8 +35,8 @@ final class UserController
            return View::show("user/signin", array("success" => False, "msg" => "This account is disabled"));
        }

-        session_start();
-        $_SESSION["ID"] = $A_user["ID"];
+        Session::start($A_user["ID"]);
+        
        View::show("user/signin", array("success" => True));
    }

@ -71,8 +71,7 @@ final class UserController

    public function logoutAction(Array $A_urlParams = null, Array $A_postParams = null)
    {
-        session_start();
-        session_destroy();
+        Session::destroy();
        header("Location: /");
    }

@ -82,20 +81,7 @@ final class UserController
            return View::show("errors/404");
        }

-        session_start();
-        
-        if(!isset($_SESSION) || !isset($_SESSION["ID"])){
-            echo "301 NOT LOGIN";
-            return;
-        }
-
-        $O_userModel = new UserModel();
-        $A_user = $O_userModel->getUserByID($_SESSION["ID"]);
-        if ($A_user == null){
-            // User has been deleted ?!
-            echo "Error loading your profile ?";
-            return;
-        }
+        Session::login_or_die();

        return View::show("user/view", $A_user);
    }
--- a/Kernel/Session.php
+++ b/Kernel/Session.php
@ -0,0 +1,46 @@
+<?php
+
+final class Session
+{
+    public static function start($I_id)
+    {
+        session_start();
+        $_SESSION["ID"] = $I_id;
+    }
+
+    public static function destroy()
+    {
+        session_start();
+        session_destroy();
+    }
+
+    public static function has_session()
+    {
+        if (!isset($_SESSION)) {
+            return false;
+        }
+        if (!isset($_SESSION["ID"])) {
+            return False;
+        }        
+    }
+
+    public static function is_login()
+    {
+        if (!has_session()) {
+            return false;
+        }
+
+        // ensure account has not been deleted/disabled in the meantime
+        $O_userModel = new UserModel();
+        return $O_userModel->isUserActive($_SESSION["ID"]);
+
+    }
+
+    public static function login_or_die()
+    {
+        if (!self::has_session()) {
+            header("Location: /user/login?return_uri=".$_SERVER["REQUEST_URI"]);
+            die();
+        }
+    }
+}
--- a/Models/UserModel.php
+++ b/Models/UserModel.php
@ -57,4 +57,16 @@ final class UserModel
        if ($row === false) return null;
        return $row["USERNAME"];
    }
+
+    public function isUserActive($I_id)
+    {
+        $O_model = Model::get();
+        $stmt = $O_model->prepare("SELECT DISABLED FROM USER WHERE ID=:id");
+        $stmt->bindParam("id", $I_id);
+        $stmt->execute();
+        
+        $row = $stmt->fetch();
+        if ($row === false) return false;
+        return $row["DISABLED"] === 0;
+    }
 }