logout.php: Pull out DB code

* Move DB code for removing a session in logout.php to a new function in
acctfuncs.inc.php
* Add ability for clear_expired_sessions function to check for DB connection
* Centralization of DB code important in a future transition to PDO interface

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

2 files changed, 20 insertions, 5 deletions

diff --git a/web/html/logout.php b/web/html/logout.php
index e51eeb9..fe8ffb0 100644
--- a/web/html/logout.php
+++ b/web/html/logout.php
@@ -10,10 +10,10 @@ include_once("acctfuncs.inc.php");         # access AUR common functions
 # sending any HTML output.
 #
 if (isset($_COOKIE["AURSID"])) {
-	$dbh = db_connect();
-	$q = "DELETE FROM Sessions WHERE SessionID = '";
-	$q.= db_escape_string($_COOKIE["AURSID"]) . "'";
-	db_query($q, $dbh);
+	if (!$dbh) {
+		$dbh = db_connect();
+	}
+	delete_session_id($_COOKIE["AURSID"], $dbh);
 	# setting expiration to 1 means '1 second after midnight January 1, 1970'
 	setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
 	unset($_COOKIE['AURSID']);
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 7a18f76..ecb9f99 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -681,10 +681,25 @@ function user_is_privileged($id, $dbh) {
 
 }
 
+# Remove session on logout
+function delete_session_id($sid, $dbh=NULL) {
+	if(!$dbh) {
+		$dbh = db_connect();
+	}
+
+	$q = "DELETE FROM Sessions WHERE SessionID = '";
+	$q.= db_escape_string($sid) . "'";
+	db_query($q, $dbh);
+}
+
 # Clear out old expired sessions.
-function clear_expired_sessions( $dbh ) {
+function clear_expired_sessions($dbh=NULL) {
 	global $LOGIN_TIMEOUT;
 
+	if(!$dbh) {
+		$dbh = db_connect();
+	}
+
 	$q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - $LOGIN_TIMEOUT)";
 	db_query($q, $dbh);