Move $_SESSION['current'] manipulation into user class. Add user::logout() to keep user::login() and logout() symmetrical

2006-07-06 03:37:49 +00:00
parent 1366e5fba1
commit 2b0d5716bb
2 changed files with 20 additions and 4 deletions
--- a/account.php
+++ b/account.php
@@ -54,7 +54,13 @@ function do_account($cmd = null)
            exit;

        case "logout":
+            /* if we are logged in, log us out */
+            if($_SESSION['current'])
+                $_SESSION['current']->logout();
+
+            /* destroy all session variables */
            $GLOBALS['session']->destroy();
+
            addmsg("You are successfully logged out.", "green");
            redirect(apidb_fullurl("index.php"));
            exit;
@@ -116,8 +122,7 @@ function cmd_do_new()
    if($result == SUCCESS)
    {
        /* if we can log the user in, log them in automatically */
-        if($user->login($aClean['ext_email'], $aClean['ext_password']) == SUCCESS)
-            $_SESSION['current'] = $user;
+        $user->login($aClean['ext_email'], $aClean['ext_password']);

        addmsg("Account created! (".$aClean['ext_email'].")", "green");
        redirect(apidb_fullurl());
@@ -211,13 +216,11 @@ function cmd_do_login()

    if($result == SUCCESS)
    {
-        $_SESSION['current'] = $user;
        addmsg("You are successfully logged in as '$user->sRealname'.", "green");
        redirect(apidb_fullurl("index.php"));    	    
    } else
    {
        retry("login","Login failed ".$note);
-        $_SESSION['current'] = "";
    }
 }

--- a/include/user.php
+++ b/include/user.php
@@ -75,11 +75,24 @@ class User {
            // Update timestamp and clear the inactivity flag if it was set
            query_parameters("UPDATE user_list SET stamp = ?, inactivity_warned = '?' WHERE userid='?'",
                             "NOW()", "false", $this->iUserId);
+
+            /* set the session variable for the current user to this user object */
+            $_SESSION['current'] = $this;
+
            return SUCCESS;
        }
+
+        /* null out the session variable for the current user since we failed to login */
+        $_SESSION['current'] = "";
        return USER_LOGIN_FAILED;
    }

+    function logout()
+    {
+        /* null out the session current variable to log us out */
+        $_SESSION['current'] = "";
+    }
+

    /*
     * Creates a new user.