diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-05-20 19:26:59 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-05-20 19:26:59 -0400 |
| commit | 29f7c5ea41d36509d8e5961f40a7af0a934a7ca1 (patch) | |
| tree | 722c420750b16c9ef25eb77410813942f146446f /src/web/_model/main.php | |
| parent | a (diff) | |
| download | xssbook2-29f7c5ea41d36509d8e5961f40a7af0a934a7ca1.tar.gz xssbook2-29f7c5ea41d36509d8e5961f40a7af0a934a7ca1.tar.bz2 xssbook2-29f7c5ea41d36509d8e5961f40a7af0a934a7ca1.zip | |
aaaa
Diffstat (limited to 'src/web/_model/main.php')
| -rw-r--r-- | src/web/_model/main.php | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/web/_model/main.php b/src/web/_model/main.php index 6d8b708..58ae307 100644 --- a/src/web/_model/main.php +++ b/src/web/_model/main.php @@ -13,6 +13,9 @@ class Main_model { // stores the current request info public $info; + // tthe logged in user + private $user; + /** * Loads the main model * @param Loader $load - the main loader object @@ -28,6 +31,7 @@ class Main_model { }; /// init other vars $this->users = array(); + $this->user = NULL; } /** @@ -36,14 +40,20 @@ class Main_model { */ private function get_session($jwt) { $query = $this->db - ->select("_api.verify_jwt('" . $jwt . "') AS user_id;"); - $result = $query->row(); + ->select("_api.verify_jwt(?) AS user_id;"); + $result = $query->row($jwt); $user_id = $result['user_id']; if ($user_id) { $this->session = array( 'id' => $user_id, 'jwt' => $jwt ); + $user = $this->user(); + if ($user === FALSE) { + /// valid jwt for invalid user!!! + $this->session = NULL; + $this->user = NULL; + } } } @@ -79,16 +89,19 @@ class Main_model { * Gets the current user */ public function user() { + if ($this->user) { + return $this->user; + } if ($this->session) { - return $this->db + $this->user = $this->db ->select('*') ->from('api.user') ->where('id') ->eq($this->session['id']) ->row(); - } else { - return NULL; + return $this->user; } + return NULL; } } |