from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< Ferreteria‎ | v0.3‎ | class
Jump to navigation Jump to search
  PURPOSE: Handles the table of user sessions
class fctUserSessions extends ferreteria\data\cStandardTable {
    use ftFrameworkAccess;

    protected function InitVars() { $this->ClearSession();   }
    // CEMENT
    protected function GetTableName() {	return 'user_session'; }
    // CEMENT
    protected function RowsClass() { return KS_CLASS_USER_SESSION; }
    // CEMENT
    public function GetFieldClassArray() {
      MEANING: indicates whether a lack of session record is because the user was never logged in (FALSE)
	or because they were logged in but something changed and now the client can't be trusted (TRUE).
    public function GetStatus_SessionMismatch() { return $this->isMismatch; }
    protected function SetStatus_SessionMismatch($b) { $this->isMismatch = $b; }
      ACTION: tosses the session cookie to the browser
      RETURNS: TRUE iff successful
	* HTTP only sets the cookie when the page is reloaded.
	  Because of this, and because $_COOKIE is read-only,
	  we have to set a local variable when we create a new
	  session so that subsequent requests during the same
	  page-load don't think it hasn't been created yet,
	  and end up creating multiple records for each new session.
	  (It was creating 3 new records and using the last one.)
	2018-04-24 Decided there's no point in having a cookie-domain option,
	  so removed commented-out code. Also, probably just moving cookie functionality
	  to the App class/object.
	2018-04-28 Using fcGlobals for naming cookies now.
    protected function ThrowCookie($sSessKey) {
    protected function SetCookieValue($sValue) {
	throw new exception('2018-04-28 Does anything still call this?');
	$this->sCookieVal = $sValue;
	* If local value is set, return that.
	* Otherwise, get actual cookie, set local value from it, and return that.
	In other words: if local value is set, that bypasses checking for an actual cookie.
	  This assumes that the cookie will never get set later on during a page-load,
	  which seems like a reasonable assumption. (Note: the COOKIE array is effectively read-only.)
    protected function GetCookieValue() {
	return fcApp::Me()->GetCookieValue(fcGlobals::Me()->GetSessionCookieName());
    // 2016-11-14 PROTECTING because public access is apparently no longer needed
    protected function ClearSession() {	$this->rcSess = NULL; }
    // 2016-10-31 PROTECTING until need for public access is known
    protected function SetCurrentRecord(fcrUserSession $rcSess) { $this->rcSess = $rcSess; }
    // 2016-10-31 PROTECTING until need for public access is known
    protected function GetCurrentRecord() { return $this->rcSess; }
    public function HasCurrentRecord() { return !is_null($this->GetCurrentRecord()); }
      ACTION: returns a Session object for the current connection, whether or not one already exists
	* if session object has already been loaded, assume it has been validated and return it
	* if not, gets session key and auth from cookie
      ASSUMES: session recordset is either NULL or a valid single record (and will set it accordingly)
	...therefore if there is one loaded already, we can assume it has been validated against the current client.
	2012-10-13 Added caching of the Session object to avoid creating multiple copies.
	2015-06-23 Fixed: Was throwing an error if there was no session key; it should just make a new session.
	  * Moved cookie fetching/storage into GetCookieValue().
	  * Replacing screen output with public status methods.
	  * Rewriting to make more logical sense.
    public function MakeActiveRecord() {