from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< Ferreteria‎ | v0.3‎ | class
Revision as of 15:28, 3 February 2020 by Woozle (talk | contribs) (Woozle moved page Ferreteria/v3/class/fcrUserSession to Ferreteria/v0.3/class/fcrUserSession: version renumbering)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
  PURPOSE: Represents a single user session record
class fcrUserSession extends \ferreteria\data\cStandardRow {
    use ftVerbalObject;

    // ++ SETUP ++ //
    protected function InitVars() {
    public function InitNew() {
    // ++ CLASSES ++ //
    protected function ClientsClass() { return 'fctUserClients'; }
    // ++ TABLES ++ //
    protected function GetClientTable($id=NULL) { return $this->GetDatabase()->MakeSourceObject($this->ClientsClass(),$id); }
    protected function GetUserTable($id=NULL) {	return fcApp::Me()->GetUserTable($id); }
    // ++ RECORDS ++ //
    protected function ClientRecord_clear() { $this->rcClient = NULL; }
	2014-09-18 Creating multiple ClientRecord() methods for different circumstances:
	  ClientRecord_asSet() - the client record last used for the session
	  ClientRecord_current() - the current client record; NULL if it does not match browser fingerprint
	  ClientRecord_needed() - a client record that can be used; creates new one if current record
	    does not match browser fingerprint
	2016-12-18 This now checks to make sure the session recordset actually has a row.
    protected function ClientRecord_asSet() {
    protected function ClientRecord_current() {
    protected function ClientRecord_needed() {
      RETURNS: User record object, if the session has a user; NULL otherwise
    public function UserRecord() {
      CALLED: by login routine, when credentials match
    public function SetUserRecord(fcrUserAcct $rcUser) {
    protected function ClearUserRecord() { $this->rcUser = NULL; }
    // ++ FIELD VALUES ++ //
    protected function SetClientID($id) { return $this->SetValue('ID_Client',$id); }
    protected function GetClientID() { return $this->GetValue('ID_Client'); }
    public function GetUserID() { return $this->GetValue('ID_Acct'); }
    protected function GetUserID_orNull() { return $this->GetValueNz('ID_Acct'); }
    protected function GetToken() { return $this->GetValue('Token');  }
    protected function FetchStash() {
    protected function StoreStash(array $ar) {
    public function SetStashValue($sName,$sValue) {
    public function GetStashValue($sName) {
    // ACTION: retrieve the value from the stash and remove it
    public function PullStashValue($sName) {
    // ACTION: delete the given value from the stash
    protected function ClearStashValue($sName) {
    // ++ FIELD CALCULATIONS ++ //
    // TODO: rename to GetAcctID_SQL()
    protected function GetUserID_SQL() {
    // NOTE: The token will never have punctuation in it, so we can just quote without sanitizing.
    protected function GetToken_SQL() {	return '"'.$this->GetToken().'"'; }
    public function UserIsLoggedIn() {
      NOTE: As of 2016-11-03, this will return the same result as UserIsLoggedIn() because
	we use UserID > 0 as a way of detecting whether the user is logged in -- but that
	might change. This function will always return a boolean which answers the question
	"do we know the user's ID?". That might conceivably different if, say, we want to
	access some non-sensitive information about the user such as layout preferences.
	Some sites will recognize users in that sort of way even when they are logged out.
	I'm not sure if this is good security practice, but it's a possibility which
	should be allowed for in the API even if Ferreteria doesn't currently support it.
    public function UserIsKnown() { return $this->GetUserID_orNull() > 0; }
      RETURNS: TRUE if the stored session credentials match current reality (browser's credentials)
	Right now, this means everything has to match (cookie token, IP address, browser string)
	but in the future we might allow users to reduce their individual security level
	by turning off the IP address check and/or the browser check. (This may require
	table modifications.)
      PUBLIC so fctUserSessions can call it
	2015-04-26 This sometimes comes up with no record -- I'm guessing that happens when a matching
	  Session isn't found. (Not sure why this isn't detected elsewhere.)
	2016-04-03 Removed commented-out section.
    public function IsValidNow($iKey) {
    public function SessKey() {
      RETURNS: User's login name, or NULL if user not logged in
      TODO: Rename this to LoginString()
    public function UserString() {
      RETURNS: User's email address, or NULL if user not logged in
    public function UserEmailAddress() {
    // ++ ACTIONS ++ //
      ACTION: Make sure the Client ID is set correctly for the current browser client
	If not set or doesn't match, get a new one.
    protected function Make_ClientID() {
      ACTION: Create a new session record from the current memory data.
	2016-11-14 Made PROTECTED, and renamed Create() -> CreateRecord().
	2016-12-18 Needs to be PUBLIC so that the Table class can call it.
	  Also, no sanitization done here anymore. What isn't now handled elsewhere
	  is unnecessary.
      PUBLIC so Table class can call it.
    public function CreateRecord() {
      ACTION: Attempts to log the user in with the given credentials.
      RETURNS: event record
	Call UserIsLoggedIn() to find out if successful.
      TODO: Record event before starting login, then log an event_done after trying it.
    public function UserLogin($sUser,$sPass) {
      ACTION: Logs the current user out. (Clears ID_Acct in session record.)
    public function UserLogout() {
      TODO: convert this to use UpdateArray() and Save().
	2016-12-21 No longer needs to be public, so making it protected.
    protected function SaveUserID($idUser) {