X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetlab%2Fincludes%2Fplc_session.php;h=4c42375866779cec0052e4185c533c2cf9b3c462;hb=bbde0e199cce8cc4c17d301bd0141e4a759f4a64;hp=afd008bde9467118932807a3a367556ae9ee523f;hpb=13f1390a55a79b7e3ef6d0558ea070c88bd06cb4;p=plewww.git

diff --git a/planetlab/includes/plc_session.php b/planetlab/includes/plc_session.php
index afd008b..4c42375 100644
--- a/planetlab/includes/plc_session.php
+++ b/planetlab/includes/plc_session.php
@@ -8,7 +8,6 @@
 // To use, include this file and declare the global variable
 // $plc. This object contains the following members:
 //
-// admin: Admin API handle. Use cautiously.
 // person: If logged in, the user's GetPersons() details
 // api: If logged in, the user's API handle
 //
@@ -24,6 +23,10 @@ require_once 'plc_config.php';
 // Usually in /usr/share/plc_api/php
 require_once 'plc_api.php';
 
+
+require_once 'plc_functions.php';
+
+
 $cwd = getcwd();
 chdir($_SERVER['DOCUMENT_ROOT']);
 $included = include_once('./includes/bootstrap.inc');
@@ -55,13 +58,14 @@ class PLCSession
 			      'AuthString' => $pass));
 
       // Authenticate user and get session key
-      $session = $api->GetSession();
+      $seconds_to_expire = (24 * 60 * 60 * 14);
+      $session = $api->GetSession($seconds_to_expire);
       if (!$session) {
-	return NULL;
+          return NULL;
       }
 
       // Change GetSession() at some point to return expires as well
-      $expires = time() + (24 * 60 * 60);
+      $expires = time() + $seconds_to_expire;
 
       // Change to session authentication
       $api->auth = array('AuthMethod' => "session", 'session' => $session);
@@ -143,8 +147,10 @@ if (!empty($_SESSION['plc'])) {
   if ($_SESSION['plc']['expires'] > time()) {
     $plc->person = $_SESSION['plc']['person'];
     $plc->api = new PLCAPI($_SESSION['plc']['auth']);
-    $plc->alt_person = $_SESSION['plc']['alt_person'];
-    $plc->alt_auth = $_SESSION['plc']['alt_auth'];
+    if (array_key_exists('alt_person',$_SESSION['plc']))
+      $plc->alt_person = $_SESSION['plc']['alt_person'];
+    if (array_key_exists('alt_auth',$_SESSION['plc']))
+      $plc->alt_auth = $_SESSION['plc']['alt_auth'];
   } else {
     // Destroy PHP session
     session_destroy();
@@ -154,4 +160,11 @@ if (!empty($_SESSION['plc'])) {
 // For convenience
 $api = $plc->api;
 
+if ($api && $api->AuthCheck() != 1) {
+  $current_pagename = basename($_SERVER['PHP_SELF']);
+  if ($current_pagename != basename(l_logout())) {
+    plc_redirect(l_logout());
+  }
+}
+
 ?>