diff --git a/account.php b/account.php index a94b961..e21d3c2 100644 --- a/account.php +++ b/account.php @@ -54,7 +54,13 @@ function do_account($cmd = null) exit; case "logout": + /* if we are logged in, log us out */ + if($_SESSION['current']) + $_SESSION['current']->logout(); + + /* destroy all session variables */ $GLOBALS['session']->destroy(); + addmsg("You are successfully logged out.", "green"); redirect(apidb_fullurl("index.php")); exit; @@ -116,8 +122,7 @@ function cmd_do_new() if($result == SUCCESS) { /* if we can log the user in, log them in automatically */ - if($user->login($aClean['ext_email'], $aClean['ext_password']) == SUCCESS) - $_SESSION['current'] = $user; + $user->login($aClean['ext_email'], $aClean['ext_password']); addmsg("Account created! (".$aClean['ext_email'].")", "green"); redirect(apidb_fullurl()); @@ -211,13 +216,11 @@ function cmd_do_login() if($result == SUCCESS) { - $_SESSION['current'] = $user; addmsg("You are successfully logged in as '$user->sRealname'.", "green"); redirect(apidb_fullurl("index.php")); } else { retry("login","Login failed ".$note); - $_SESSION['current'] = ""; } } diff --git a/include/user.php b/include/user.php index f61de98..0c3dc2d 100644 --- a/include/user.php +++ b/include/user.php @@ -75,11 +75,24 @@ class User { // Update timestamp and clear the inactivity flag if it was set query_parameters("UPDATE user_list SET stamp = ?, inactivity_warned = '?' WHERE userid='?'", "NOW()", "false", $this->iUserId); + + /* set the session variable for the current user to this user object */ + $_SESSION['current'] = $this; + return SUCCESS; } + + /* null out the session variable for the current user since we failed to login */ + $_SESSION['current'] = ""; return USER_LOGIN_FAILED; } + function logout() + { + /* null out the session current variable to log us out */ + $_SESSION['current'] = ""; + } + /* * Creates a new user.