public function getSessionInfo($param) {
$ret = false;
- $query = $this->_DB->query("SELECT `".$param."`
- FROM `".DB_PREFIX."_userSession`
- WHERE `fk_user_id` = '".$this->_DB->real_escape_string($this->userID)."'");
- if($query !== false && $query->num_rows > 0) {
- $result = $query->fetch_assoc();
- $ret = $result[$param];
+ $queryStr = "SELECT `".$param."`
+ FROM `".DB_PREFIX."_userSession`
+ WHERE `fk_user_id` = '".$this->_DB->real_escape_string($this->userID)."'";
+ try {
+ $query = $this->_DB->query($queryStr);
+ if($query !== false && $query->num_rows > 0) {
+ $result = $query->fetch_assoc();
+ $ret = $result[$param];
+ }
+ }
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
}
+
return $ret;
}
$tokenInfo = $this->_createToken();
$_SESSION[SESSION_NAME]['bibliothecatoken'] = $tokenInfo['token'];
- $this->_DB->query("INSERT INTO `".DB_PREFIX."_userSession`
+ $queryStr = "INSERT INTO `".DB_PREFIX."_userSession`
SET `token` = '".$this->_DB->real_escape_string($tokenInfo['token'])."',
`loginTime` = NOW(),
`area` = '".$this->_DB->real_escape_string(SESSION_NAME)."',
ON DUPLICATE KEY UPDATE
`token` = '".$this->_DB->real_escape_string($tokenInfo['token'])."',
`salt` = '".$this->_DB->real_escape_string($tokenInfo['salt'])."',
- `loginTime` = NOW()");
+ `loginTime` = NOW()";
- # do some actions
- $this->_loginActions();
+ try {
+ $this->_DB->query($queryStr);
+
+ # do some actions
+ $this->_loginActions();
+ }
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+ }
$ret = true;
}
FROM `".DB_PREFIX."_user`
WHERE `apiToken` = '".$this->_DB->real_escape_string($token)."'
AND `apiTokenValidDate` > NOW()";
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- $result = $query->fetch_assoc();
- $this->userID = $result['id'];
- $this->isSignedIn = true;
- $this->_loadUser();
- $this->_loginActions();
+ try {
+ $query = $this->_DB->query($queryStr);
+ if ($query !== false && $query->num_rows > 0) {
+ $result = $query->fetch_assoc();
+ $this->userID = $result['id'];
+ $this->isSignedIn = true;
+ $this->_loadUser();
+ $this->_loginActions();
+ }
+ }
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
}
}
}
WHERE s.token = '".$this->_DB->real_escape_string($_SESSION[SESSION_NAME]['bibliothecatoken'])."'
AND s.salt <> ''
AND s.loginTime >= '".$timeframe."'";
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- # existing session info
- $result = $query->fetch_assoc();
+ try {
+ $query = $this->_DB->query($queryStr);
+
+ if ($query !== false && $query->num_rows > 0) {
+ # existing session info
+ $result = $query->fetch_assoc();
- # valide the token
- $_check = $this->_createToken($result['salt']);
- if(!empty($_check) && $result['token'] === $_check['token']) {
- $this->userID = $result['fk_user_id'];
+ # valide the token
+ $_check = $this->_createToken($result['salt']);
+ if (!empty($_check) && $result['token'] === $_check['token']) {
+ $this->userID = $result['fk_user_id'];
- $ret = true;
+ $ret = true;
+ }
}
}
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+ }
return $ret;
}
$ret = false;
if(!empty($u)) {
- $query = $this->_DB->query("SELECT `id`
+ $queryStr = "SELECT `id`
FROM `".DB_PREFIX."_user`
WHERE `login` = '". $this->_DB->real_escape_string($u)."'
- AND `active` = '1'");
- if($query !== false && $query->num_rows > 0) {
- $result = $query->fetch_assoc();
- $this->userID = $result['id'];
- $ret = true;
+ AND `active` = '1'";
+ try {
+ $query = $this->_DB->query($queryStr);
+ if ($query !== false && $query->num_rows > 0) {
+ $result = $query->fetch_assoc();
+ $this->userID = $result['id'];
+ $ret = true;
+ }
+ }
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
}
}
# clean old sessions on session table
$timeframe = date("Y-m-d H:i:s",time()-SESSION_LIFETIME);
- $this->_DB->query("DELETE FROM `".DB_PREFIX."_userSession`
- WHERE `loginTime` <= '".$timeframe."'");
+ $queryStr = "DELETE FROM `".DB_PREFIX."_userSession`
+ WHERE `loginTime` <= '".$timeframe."'";
+ try {
+ $this->_DB->query($queryStr);
+ }
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+ }
}
/**
$queryStr = "SELECT `id`, `baseGroupId`,`protected`,`password`,`login`
FROM `".DB_PREFIX."_user`
WHERE `id` = '".$this->_DB->real_escape_string($this->userID)."'";
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- $result = $query->fetch_assoc();
- $this->userData = $result;
+ try {
+ $query = $this->_DB->query($queryStr);
+ if($query !== false && $query->num_rows > 0) {
+ $this->userData = $query->fetch_assoc();
+ }
+ }
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
}
# now the groups
`".DB_PREFIX."_group` AS g
WHERE u2g.fk_user_id = '".$this->_DB->real_escape_string($this->userID)."'
AND u2g.fk_group_id = g.id";
- $query = $this->_DB->query($queryStr);
- if($query !== false && $query->num_rows > 0) {
- while(($result = $query->fetch_assoc()) != false) {
- $this->userData['groups'][$result['groupId']] = array(
- 'groupName' => $result['groupName'],
- 'groupDescription' => $result['groupDescription']
- );
+ try {
+ $query = $this->_DB->query($queryStr);
+ if($query !== false && $query->num_rows > 0) {
+ while(($result = $query->fetch_assoc()) != false) {
+ $this->userData['groups'][$result['groupId']] = array(
+ 'groupName' => $result['groupName'],
+ 'groupDescription' => $result['groupDescription']
+ );
+ }
}
}
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+ }
$this->userData['isRoot'] = false;
$grIds = array_keys($this->userData['groups']);
*/
protected function _destroySession() {
$timeframe = date("Y-m-d H:i:s",time()-SESSION_LIFETIME);
- $this->_DB->query("DELETE FROM `".DB_PREFIX."_userSession`
+ $queryStr = "DELETE FROM `".DB_PREFIX."_userSession`
WHERE `fk_user_id` = '".$this->_DB->real_escape_string($this->userID)."'
- OR `loginTime` <= '".$timeframe."'");
+ OR `loginTime` <= '".$timeframe."'";
+ try {
+ $this->_DB->query($queryStr);
+ }
+ catch (Exception $e) {
+ error_log("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+ }
unset($_SESSION);
unset($_COOKIE);
projects / bibliotheca-php.git / commitdiff