Index: trunk/core/kernel/session/session.php
===================================================================
diff -u -r939 -r1339
--- trunk/core/kernel/session/session.php	(.../session.php)	(revision 939)
+++ trunk/core/kernel/session/session.php	(.../session.php)	(revision 1339)
@@ -61,52 +61,60 @@
 class SessionStorage extends kDBBase {
 	
 	var $Expiration;
+	var $SessionTimeout=0;
 	
 	var $OriginalData=Array();
 	
+	var $TimestampField;
+	var $SessionDataTable;
+	var $DataValueField;
+	var $DataVarField;
+	
+	function Init($prefix,$special)
+	{
+		parent::Init($prefix,$special);
+		$this->setTableName('sessions');
+		$this->setIDField('sid');
+		$this->TimestampField = 'expire';
+		$this->SessionDataTable = 'SessionData';
+		$this->DataValueField = 'value';
+		$this->DataVarField = 'var';
+	}
+	
+	function setSessionTimeout($new_timeout)
+	{
+		$this->SessionTimeout = $new_timeout;
+	}
+	
 	function StoreSession(&$session)
 	{
-		$query = sprintf(	"INSERT INTO %sSessions (sid, expire) VALUES (%s, %s)",
-											TABLE_PREFIX,
-											$session->SID,
-											$session->Expiration);
+		$query = ' INSERT INTO '.$this->TableName.' ('.$this->IDField.', '.$this->TimestampField.')'.
+						 ' VALUES ('.$this->Conn->qstr($session->SID).', '.$session->Expiration.')';
 		$this->Conn->Query($query);
 	}
 	
 	function DeleteSession(&$session)
 	{
-		$query = sprintf(	"DELETE FROM %sSessions WHERE %s =  %s",
-											TABLE_PREFIX,
-											'sid',
-											$session->SID);
+		$query = ' DELETE FROM '.$this->TableName.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID);
 		$this->Conn->Query($query);
 		
-		$query = sprintf(	"DELETE FROM %sSessionData WHERE %s =  %s",
-											TABLE_PREFIX,
-											'sid',
-											$session->SID);
+		$query = ' DELETE FROM '.$this->SessionDataTable.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID);
 		$this->Conn->Query($query);
 		
 		$this->OriginalData = Array();
 	}
 	
-	function UpdateSession(&$session)
+	function UpdateSession(&$session, $timeout=0)
 	{
-		$query = sprintf(	"UPDATE %sSessions SET expire = %s WHERE %s =  %s",
-											TABLE_PREFIX,
-											$session->Expiration,
-											'sid',
-											$session->SID);
+		$query = ' UPDATE '.$this->TableName.' SET '.$this->TimestampField.' = '.$session->Expiration.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID);
 		$this->Conn->Query($query);
 	}
 	
 	function LocateSession($sid)
 	{
-		$query = sprintf(	"SELECT expire FROM %sSessions WHERE %s = %s",
-											TABLE_PREFIX,
-											'sid',
-											$sid);
+		$query = ' SELECT '.$this->TimestampField.' FROM '.$this->TableName.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($sid);
 		$result = $this->Conn->GetOne($query);
+		
 		if($result===false) return false;
 		
 		$this->Expiration = $result;
@@ -120,16 +128,27 @@
 	
 	function LoadData(&$session)
 	{
-		$query = sprintf(	"SELECT value,name FROM %sSessionData WHERE %s = %s",
-											TABLE_PREFIX,
-											'sid',
-											$session->SID);
-		$this->OriginalData = $this->Conn->GetCol($query,'name');
+		$query = 'SELECT '.$this->DataValueField.','.$this->DataVarField.' FROM '.$this->SessionDataTable.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID);
+		
+		$this->OriginalData = $this->Conn->GetCol($query, $this->DataVarField);
 		return $this->OriginalData;
 	}
 	
+	/**
+	 * Enter description here...
+	 *
+	 * @param Session $session
+	 * @param string $var_name
+	 */
+	function GetField(&$session, $var_name)
+	{
+		return $this->Conn->GetOne('SELECT '.$var_name.' FROM '.$this->TableName.' WHERE `'.$this->IDField.'` = '.$this->Conn->qstr($session->GetID()) );
+	}
+	
 	function SaveData(&$session)
 	{
+		if(!$session->SID) return false; // can't save without sid
+		
 		$ses_data = $session->Data->GetParams();
 		
 		$replace = '';		
@@ -142,31 +161,46 @@
 			else
 			{
 				$replace .= sprintf("(%s, %s, %s),",
-														$session->SID,
+														$this->Conn->qstr($session->SID),
 														$this->Conn->qstr($key),
 														$this->Conn->qstr($value));
 			}
 		}
 		$replace = rtrim($replace, ',');
 		if ($replace != '') {
-			$query = sprintf(	'REPLACE INTO %sSessionData (sid, name, value) VALUES %s',
-												TABLE_PREFIX,
-												$replace);
+			$query = ' REPLACE INTO '.$this->SessionDataTable. ' ('.$this->IDField.', '.$this->DataVarField.', '.$this->DataValueField.') VALUES '.$replace;
 			$this->Conn->Query($query);
 		}
 	}
 	
 	function RemoveFromData(&$session, $var)
 	{
-		$query = sprintf(	"DELETE FROM %sSessionData WHERE %s =  %s AND %s = %s",
-											TABLE_PREFIX,
-											'sid',
-											$session->SID,
-											'name',
-											$this->Conn->qstr($var));
+		$query = 'DELETE FROM '.$this->SessionDataTable.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID).
+						 ' AND '.$this->DataVarField.' = '.$this->Conn->qstr($var);
 		$this->Conn->Query($query);
 		unset($this->OriginalData[$var]);
 	}
+	
+	function GetExpiredSIDs()
+	{
+		$query = ' SELECT '.$this->IDField.' FROM '.$this->TableName.' WHERE '.$this->TimestampField.' > '.time();
+		return $this->Conn->GetCol($query);
+	}
+	
+	function DeleteExpired()
+	{
+		$expired_sids = $this->GetExpiredSIDs();
+		if($expired_sids)
+		{
+			$where_clause=' WHERE '.$this->IDField.' IN ("'.implode('","',$expired_sids).'")';
+			$sql = 'DELETE FROM '.$this->SessionDataTable.$where_clause;
+			$this->Conn->Query($sql);
+			
+			$sql = 'DELETE FROM '.$this->TableName.$where_clause;
+			$this->Conn->Query($sql);
+		}
+		return $expired_sids;
+	}
 }
 
 define('smAUTO', 1);
@@ -231,7 +265,8 @@
 	
 	function InitStorage()
 	{
-		$this->Storage =& new SessionStorage();
+		$this->Storage =& $this->Application->recallObject('SessionStorage');
+		$this->Storage->setSessionTimeout($this->SessionTimeout);
 	}
 	
 	function Init($prefix,$special)
@@ -242,6 +277,19 @@
 		$this->Checkers = Array();
 		$this->InitStorage();
 		$this->Data =& new Params();
+		
+		$tmp_sid = $this->GetPassedSIDValue();
+		$expired_sids = $this->DeleteExpired();
+		if( ( $expired_sids && in_array($tmp_sid,$expired_sids) ) || ( $tmp_sid && !$this->Check() )  )
+		{
+			$event = new kEvent();
+			$event->Init('login','');
+			$event->Name = 'OnSessionExpire';
+			$this->SID='';
+			$this->SetSessionCookie();
+			$this->Application->HandleEvent($event);
+		}
+		
 		if ($this->Check()) {
 			$this->SID = $this->GetPassedSIDValue();
 			$this->Refresh();
@@ -260,13 +308,14 @@
 	
 	function CheckIfCookiesAreOn()
 	{
-		if ($this->Mode == smGET_ONLY) { 
+		if ($this->Mode == smGET_ONLY || (defined('INPORTAL_ENV')&&INPORTAL_ENV && defined('ADMIN')&&ADMIN) )
+		{ 
 			//we don't need to bother checking if we would not use it
 			$this->CookiesEnabled = false;
 			return;
 		}
 		$http_query =& $this->Application->recallObject('HTTPQuery');
-		$cookies_on = $http_query->Cookie['cookies_on']; // not good here
+		$cookies_on = isset($http_query->Cookie['cookies_on']); // not good here
 		
 		if (!$cookies_on) { 
 			//If referer is our server, but we don't have our cookies_on, it's definetly off
@@ -313,7 +362,7 @@
 	
 	function LoadSession($sid)
 	{
-		if ($this->Storage->LocateSession($sid)) {
+		if( $this->Storage->LocateSession($sid) ) {
 			//if we have session with such SID - get its expiration
 			$this->Expiration = $this->Storage->GetExpiration();
 			
@@ -336,7 +385,7 @@
 		switch ($this->Mode) {
 			case smAUTO:
 				//Cookies has the priority - we ignore everything else 
-				$sid=$this->CookiesEnabled?$http_query->Cookie[$this->CookieName]:$get_sid;
+				$sid=$this->CookiesEnabled ? getArrayValue($http_query->Cookie,$this->CookieName) : $get_sid;
 				break;
 			case smCOOKIES_ONLY:
 				$sid = $http_query->Cookie[$this->CookieName];		
@@ -487,8 +536,34 @@
 		$this->Data->AddParams($this->Storage->LoadData($this));
 	}
 	
+	function PrintSession($comment='')
+	{
+		if( $this->Application->isDebugMode() && dbg_ConstOn('DBG_SHOW_SESSIONDATA') )
+		{
+			global $debugger;
+			$debugger->appendHTML('SessionStorage ('.$comment.'):');
+			$session_data = $this->Data->GetParams();
+			ksort($session_data);
+			foreach($session_data as $session_key => $session_value)
+			{
+				if( preg_match('/a:([\d]+):{/',$session_value) )
+				{
+					$session_data[$session_key] = unserialize($session_value);
+				}
+			}
+			$debugger->dumpVars($session_data);
+			
+			// to insert after HTTPQuery if it's visible
+			$new_row = dbg_ConstOn('DBG_SHOW_HTTPQUERY') ? 4 : 2;
+			
+			//$debugger->moveAfterRow($new_row,2);
+		}	
+	}
+	
 	function SaveData()
 	{
+		$this->StoreVar('last_template',  basename($_SERVER['PHP_SELF']).'|'.substr($this->Application->BuildEnv($this->Application->GetVar('t'), Array('m_opener' => 'u'), 'all', true), strlen(ENV_VAR_NAME)+1 ));
+		$this->PrintSession('after save');
 		$this->Storage->SaveData($this);
 	}
 	
@@ -497,17 +572,43 @@
 		$this->Data->Set($name, $value);
 	}
 	
+	function StoreVarDefault($name, $value)
+	{
+		$tmp = $this->RecallVar($name);
+		if($tmp === false || $tmp == '')
+		{
+			$this->StoreVar($name, $value);
+		}
+	}
+	
 	function RecallVar($name,$default=false)
 	{
-		$ret=$this->Data->Get($name);
-		return ($ret===false)?$default:$ret;
+		$ret = $this->Data->Get($name);
+		return ($ret===false) ? $default : $ret;
 	}
 	
 	function RemoveVar($name)
 	{
 		$this->Storage->RemoveFromData($this, $name);
 		$this->Data->Remove($name);
 	}
+	
+	function GetField($var_name)
+	{
+		return $this->Storage->GetField($this, $var_name);
+	}
+	
+	/**
+	 * Deletes expired sessions
+	 *
+	 * @return Array	expired sids if any
+	 * @access private
+	 */
+	function DeleteExpired()
+	{
+		return $this->Storage->DeleteExpired();
+	}
+	
 }
 
 ?>
\ No newline at end of file