1 files changed, 18 insertions, 5 deletions

diff --git a/src/web/_model/main.php b/src/web/_model/main.php
index 6d8b708..58ae307 100644
--- a/src/web/_model/main.php
+++ b/src/web/_model/main.php
@@ -13,6 +13,9 @@ class Main_model {
 	// stores the current request info
 	public $info;
 
+	// tthe logged in user
+	private $user;
+
 	/**
 	 * Loads the main model
 	 * @param Loader $load - the main loader object
@@ -28,6 +31,7 @@ class Main_model {
 		};
 		/// init other vars
 		$this->users = array();
+		$this->user = NULL;
 	}
 
 	/**
@@ -36,14 +40,20 @@ class Main_model {
 	 */
 	private function get_session($jwt) {
 		$query = $this->db
-			->select("_api.verify_jwt('" . $jwt . "') AS user_id;");
-		$result = $query->row();
+			->select("_api.verify_jwt(?) AS user_id;");
+		$result = $query->row($jwt);
 		$user_id = $result['user_id'];
 		if ($user_id) {
 			$this->session = array(
 				'id' => $user_id,
 				'jwt' => $jwt
 			);
+			$user = $this->user();
+			if ($user === FALSE) {
+				/// valid jwt for invalid user!!!
+				$this->session = NULL;
+				$this->user = NULL;
+			}
 		}
 	}
 
@@ -79,16 +89,19 @@ class Main_model {
 	 * Gets the current user
 	 */
 	public function user() {
+		if ($this->user) {
+			return $this->user;
+		}
 		if ($this->session) {
-			return $this->db
+			$this->user = $this->db
 				->select('*')
 				->from('api.user')
 				->where('id')
 				->eq($this->session['id'])
 				->row();
-		} else {
-			return NULL;
+			return $this->user;
 		}
+		return NULL;
 	}
 
 }