From e2ca4332a2f9f822fb82964506b9096a7727cb3d Mon Sep 17 00:00:00 2001
From: Stricted <info@stricted.de>
Date: Thu, 12 Mar 2015 03:50:09 +0100
Subject: [PATCH] delete expired sessions from database

---
 lib/page/ApiManagementPage.class.php |  2 +-
 lib/system/SessionHandler.class.php  | 69 +++++++++++++++++-----------
 templates/default/apiManagement.tpl  |  2 +-
 3 files changed, 45 insertions(+), 28 deletions(-)

diff --git a/lib/page/ApiManagementPage.class.php b/lib/page/ApiManagementPage.class.php
index 710ed3c..ef85e0e 100644
--- a/lib/page/ApiManagementPage.class.php
+++ b/lib/page/ApiManagementPage.class.php
@@ -22,6 +22,6 @@ class ApiManagementPage extends AbstractPage {
 			$apiKey = $row['apiKey'];
 		}
 		
-		DNS::getTPL()->assign(array("apiKey" => $apiKey));
+		DNS::getTPL()->assign(array("userID" => DNS::getSession()->userID,"apiKey" => $apiKey));
 	}
 }
diff --git a/lib/system/SessionHandler.class.php b/lib/system/SessionHandler.class.php
index 1f0e46d..8404f1a 100644
--- a/lib/system/SessionHandler.class.php
+++ b/lib/system/SessionHandler.class.php
@@ -7,48 +7,45 @@ namespace dns\system;
  * @copyright   2013-2015 Jan Altensen (Stricted)
  */
 class SessionHandler {
+	/**
+	 * session id
+	 *
+	 * @var	integer
+	 */
 	private $sessionID = null;
 	
+	/**
+	 * session data
+	 *
+	 * @var	array
+	 */
 	private $sessionData = array();
 	
+	/**
+	 * initial session system
+	 */
 	public function __construct () {
-		$this->init();
-	}
-	
-	public function init() {
 		if ($this->sessionID === null) {
 			$this->sessionID = session_id();
 		}
 		
-		// load session data from database and check if the data is expired
-		if (!$this->exists()) {
-			$sql = "INSERT INTO dns_session (id, sessionID, expire, sessionData) VALUES (NULL, ?, ?, ?)";
-			DNS::getDB()->query($sql, array($this->sessionID, time() + 3600 * 24, ''));
-		}
+		/* delete expired sessions */
+		$sql = "DELETE FROM dns_session WHERE expire < ?";
+		DNS::getDB()->query($sql, array(time()));
 		
 		/* load data from database */
 		$sql ="SELECT * FROM dns_session where sessionID = ?";
 		$res = DNS::getDB()->query($sql, array($this->sessionID));
 		$data = DNS::getDB()->fetch_array($res);
-		if (isset($data['sessionData']) && !empty($data['sessionData'])) {
-			$this->sessionData = json_decode($data['sessionData'], true);
-		}
-	}
-	
-	private function exists() {
-		$sql = "SELECT * FROM dns_session where sessionID = ?";
-		$res = DNS::getDB()->query($sql, array($this->sessionID));
-		$data = DNS::getDB()->fetch_array($res);
 		if (isset($data['sessionID']) && !empty($data['sessionID'])) {
-			if ($data['expire'] < time()) {
-				$this->destroy();
-				return false;
+			if (isset($data['sessionData']) && !empty($data['sessionData'])) {
+				$this->sessionData = json_decode($data['sessionData'], true);
 			}
-			
-			return true;
 		}
-		
-		return false;
+		else {
+			$sql = "INSERT INTO dns_session (id, sessionID, expire, sessionData) VALUES (NULL, ?, ?, ?)";
+			DNS::getDB()->query($sql, array($this->sessionID, time() + 3600 * 24, ''));
+		}
 	}
 	
 	/**
@@ -61,6 +58,12 @@ class SessionHandler {
 		return $this->getVar($key);
 	}
 	
+	/**
+	 * Provides access to session data.
+	 * 
+	 * @param	string		$key
+	 * @return	mixed
+	 */
 	public function getVar($key) {
 		if (isset($this->sessionData[$key])) {
 			return $this->sessionData[$key];
@@ -78,16 +81,24 @@ class SessionHandler {
 	public function register($key, $value) {
 		$this->sessionData[$key] = $value;
 		
-		
 		$data = json_encode($this->sessionData);
 		$sql = "UPDATE dns_session SET sessionData = ?, expire = ? WHERE sessionID = ?";
 		DNS::getDB()->query($sql, array($data, time() + 3600 * 24, $this->sessionID));
 	}
 	
+	/**
+	 * Registers a session variable.
+	 * 
+	 * @param	string		$key
+	 * @param	string		$value
+	 */
 	public function __set($key, $value) {
 		$this->register($key, $value);
 	}
 	
+	/**
+	 * destroy the session
+	 */
 	public function destroy() {
 		$this->sessionData = array();
 		
@@ -95,6 +106,12 @@ class SessionHandler {
 		DNS::getDB()->query($sql, array($this->sessionID));
 	}
 	
+	/**
+	 * Registers a session variable.
+	 * 
+	 * @param	string		$key
+	 * @param	string		$value
+	 */
 	public function update($key, $value) {
 		$this->register($key, $value);
 	}
diff --git a/templates/default/apiManagement.tpl b/templates/default/apiManagement.tpl
index bbf8715..1d3cccc 100644
--- a/templates/default/apiManagement.tpl
+++ b/templates/default/apiManagement.tpl
@@ -17,7 +17,7 @@
 					<fieldset>
 						<dl>
 							<dt>userID</dt>
-							<dd>{$smarty.session.userID}</dd>
+							<dd>{$userID}</dd>
 						</dl>
 						<dl>
 							<dt>API-Key</dt>
-- 
2.20.1