def update_session(): if auth.user_id: # vai para o menu principal if (session.current_state==None or session.current_company_name==None or session.current_city==None): searchs.setSessionCompanyInfo() if session.current_company_type==constants.TYPE_CMP_ADMIN: return redirect(URL('default','index')) else: return redirect(URL('default','index'))
def checkDuplicatedLogin(wSessionId, wGroup, wCompanyType): """ This function checks if the current user as more than five minutes of log and than check if it is the same IP, if not, logout @param wCalledFunction The function called before the analysis of IP @return The function return """ if auth.user: # check if the user was removed from the system if auth.user.actived_user == False: from gluon.utils import simple_hash if 'session_id_legislator' in request.cookies.keys(): cookey_key = str(request.cookies['session_id_legislator']) else: cookey_key = str(random()*1000000000) db(db.auth_user.id==auth.user.id).update(last_ip=request.env.remote_addr, last_session=wSessionId,password=simple_hash(cookey_key,digest_alg='sha512')[:299]) session.clear() raise HTTP(1001) if (session.current_state==None or session.current_company_name==None or session.current_city==None): searchs.setSessionCompanyInfo(request.env.remote_addr,wSessionId,request.now) #ups you cannot access this function if not (session.current_role in wGroup): session.clear() raise HTTP(401) if not (session.current_company_type in wCompanyType): session.clear() raise HTTP(401) # fill the session if type(session.current_user_lastcheck) != datetime: #avoid break when the session is not correctly filled session.current_user_lastcheck = request.now if (((request.now-session.current_user_lastcheck).seconds) > 300): if session.current_user_id!=None and session.current_user_ip!=None and session.current_user_session!=None: ret = db.executesql("SELECT id FROM auth_user WHERE id={0} AND last_ip='{1}' AND last_session='{2}'".format( session.current_user_id,session.current_user_ip,session.current_user_session)) else: # clear the session to avoid any access to the system, guarantee logout session.clear() raise HTTP(1000) if len(ret)>0:# ok the last ip is the current ip session.current_user_lastcheck = request.now return True else: # clear the session to avoid any access to the system, guarantee logout session.clear() raise HTTP(1002) else: return True return True