Fix bug in session handler

[qtadmin.git] / lib / utils.inc.php

diff --git a/lib/utils.inc.php b/lib/utils.inc.php
index dca39a6b2473b760e579aca40da9b863f655adcd..dc6625aa6c0fac784acadf98c8eb3664252ef6dc 100644 (file)
--- a/lib/utils.inc.php
+++ b/lib/utils.inc.php
@@ -9,6 +9,7 @@ class Utils {
     private $user;
     private $is_admin;
     private $loginStatus;
+    private $timeout;
     private $header = '<!DOCTYPE html>
 <html>
 <head>
@@ -18,6 +19,7 @@ class Utils {
         var timeout = __TIMEOUT__;
     </script>
     <script src="__ROOT__js/timer.js"></script>
+    <script src="__ROOT__js/checkbox.js"></script>
     <title>__TITLE__</title>
 </head>
 <body>';
@@ -30,12 +32,13 @@ class Utils {
         global $CFG;
 
         $this->server = $_SERVER;
-        session_start();
 
         $this->user = null;
         $this->is_admin = false;
         $this->loginStatus = 'Not logged in';
 
+        $this->startSession();
+
         if (isset($_SESSION['user'])) {
             $this->user = $_SESSION['user'];
             $this->loginStatus = 'OK';
@@ -56,34 +59,44 @@ class Utils {
 
     private function __clone() {}
 
+    private function startSession() {
+        global $CFG;
+
+        if (isset($CFG->session_timeout)) {
+            $this->timeout = $CFG->session_timeout * 60;
+        } else {
+            $this->timeout = 20 * 60;
+        }
+
+        if (ini_get('session.gc_maxlifetime') != $this->timeout)
+            ini_set('session.gc_maxlifetime', $this->timeout);
+        if (ini_get('session.cookie_lifetime') != $this->timeout)
+            ini_set('session.cookie_lifetime', $this->timeout);
+
+        session_start();
+
+        //echo ini_get('session.gc_maxlifetime').':'.ini_get('session.cookie_lifetime');
+    }
+
     public static function getInstance() {
         global $CFG;
 
         if (!is_object(self::$_instance)) {
             self::$_instance = new Utils();
         }
-        // Session timeout handler
-        if ('' == session_id())
-            session_start();
-        if (isset($CFG->session_timeout)) {
-            $timeout = $CFG->session_timeout * 60;
-        } else {
-            $timeout = 20 * 60;
-        }
 
-        if (ini_get('session.gc_maxlifetime') != $timeout)
-            ini_set('session.gc_maxlifetime', $timeout);
-        if (ini_get('session.cookie_lifetime') != $timeout)
-            ini_set('session.cookie_lifetime', $timeout);
         $time = $_SERVER['REQUEST_TIME'];
-        if (isset($_SESSION['LAST_ACTIVITY']) && ($time - $_SESSION['LAST_ACTIVITY']) >= $timeout) {
+        if (isset($_SESSION['LAST_ACTIVITY']) &&
+                ($time - $_SESSION['LAST_ACTIVITY']) >= self::$_instance->timeout) {
+            echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
+            exit;
             session_unset();
             session_destroy();
-            session_start();
             self::$_instance->user = null;
             self::$_instance->is_admin = false;
+        } else {
+            $_SESSION['LAST_ACTIVITY'] = $time;
         }
-        $_SESSION['LAST_ACTIVITY'] = $time;
 
         return self::$_instance;
     }
@@ -165,6 +178,7 @@ class Utils {
         global $CFG;
         $loggedIn = false;
 
+        echo '$this->user: '.$this->user.' $_SESSION[\'user\']: '.$_SESSION['user'];
         if ($this->user) {
             $loggedIn = true;
         } else if (isset($_SESSION['user'])) {
@@ -179,6 +193,10 @@ class Utils {
             }
         }
 
+        if ($loggedIn == false) {
+            echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
+            exit;
+        }
         return $loggedIn;
     }