objectify all the session management stuff
This commit is contained in:
redmatrix
parent
2db59f3b76
commit
9b66b5eee3
91
Zotlabs/Web/Session.php
Normal file
91
Zotlabs/Web/Session.php
Normal file
@ -0,0 +1,91 @@
|
||||
<?php
|
||||
|
||||
namespace Zotlabs\Web;
|
||||
|
||||
/**
|
||||
*
|
||||
* @brief This file includes session related functions.
|
||||
*
|
||||
* Session management functions. These provide database storage of PHP
|
||||
* session info.
|
||||
*/
|
||||
|
||||
|
||||
class Session {
|
||||
|
||||
function init() {
|
||||
|
||||
$gc_probability = 50;
|
||||
|
||||
ini_set('session.gc_probability', $gc_probability);
|
||||
ini_set('session.use_only_cookies', 1);
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
|
||||
/*
|
||||
* Set our session storage functions.
|
||||
*/
|
||||
|
||||
$handler = new \Zotlabs\Web\SessionHandler();
|
||||
|
||||
session_set_save_handler($handler,true);
|
||||
|
||||
// Force cookies to be secure (https only) if this site is SSL enabled.
|
||||
// Must be done before session_start().
|
||||
|
||||
if(intval(\App::$config['system']['ssl_cookie_protection'])) {
|
||||
$arr = session_get_cookie_params();
|
||||
session_set_cookie_params(
|
||||
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
|
||||
((isset($arr['path'])) ? $arr['path'] : '/'),
|
||||
((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()),
|
||||
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
|
||||
((isset($arr['httponly'])) ? $arr['httponly'] : true)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
function start() {
|
||||
session_start();
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Resets the current session.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
|
||||
function nuke() {
|
||||
self::new_cookie(0); // 0 means delete on browser exit
|
||||
if($_SESSION && count($_SESSION)) {
|
||||
foreach($_SESSION as $k => $v) {
|
||||
unset($_SESSION[$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
function new_cookie($time) {
|
||||
|
||||
$old_sid = session_id();
|
||||
|
||||
session_regenerate_id(false);
|
||||
|
||||
q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
|
||||
dbesc(session_id()),
|
||||
dbesc($old_sid)
|
||||
);
|
||||
|
||||
if (x($_COOKIE, 'jsAvailable')) {
|
||||
if ($time) {
|
||||
$expires = time() + $time;
|
||||
} else {
|
||||
$expires = 0;
|
||||
}
|
||||
setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
|
||||
}
|
||||
setcookie(session_name(),session_id(),$expires);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
78
Zotlabs/Web/SessionHandler.php
Normal file
78
Zotlabs/Web/SessionHandler.php
Normal file
@ -0,0 +1,78 @@
|
||||
<?php
|
||||
|
||||
namespace Zotlabs\Web;
|
||||
|
||||
|
||||
class SessionHandler implements \SessionHandlerInterface {
|
||||
|
||||
private $session_exists;
|
||||
private $session_expire;
|
||||
|
||||
|
||||
function open ($s, $n) {
|
||||
$this->session_exists = 0;
|
||||
$this->session_expire = 180000;
|
||||
return true;
|
||||
}
|
||||
|
||||
function read ($id) {
|
||||
|
||||
if(x($id))
|
||||
$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
|
||||
|
||||
if($r) {
|
||||
$this->session_exists = true;
|
||||
return $r[0]['data'];
|
||||
}
|
||||
|
||||
return '';
|
||||
}
|
||||
|
||||
|
||||
function write ($id, $data) {
|
||||
|
||||
if(! $id || ! $data) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$expire = time() + $this->session_expire;
|
||||
$default_expire = time() + 300;
|
||||
|
||||
if($this->session_exists) {
|
||||
q("UPDATE `session`
|
||||
SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
|
||||
dbesc($data),
|
||||
dbesc($expire),
|
||||
dbesc($id)
|
||||
);
|
||||
}
|
||||
else {
|
||||
q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
|
||||
dbesc($id),
|
||||
dbesc($default_expire),
|
||||
dbesc($data)
|
||||
);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
function close() {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
function destroy ($id) {
|
||||
q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
function gc($expire) {
|
||||
q("DELETE FROM session WHERE expire < %d", dbesc(time()));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@ -389,7 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=false) {
|
||||
proc_run('php','include/directory.php',$channel_id);
|
||||
|
||||
if($channel_id == local_channel() && $unset_session) {
|
||||
nuke_session();
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
goaway(z_root());
|
||||
}
|
||||
|
||||
|
||||
@ -486,7 +486,7 @@ require_once('include/api_auth.php');
|
||||
|
||||
function api_account_logout(&$a, $type){
|
||||
require_once('include/auth.php');
|
||||
nuke_session();
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
return api_apply_template("user", $type, array('$user' => null));
|
||||
|
||||
}
|
||||
|
||||
@ -101,7 +101,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
||||
// process logout request
|
||||
$args = array('channel_id' => local_channel());
|
||||
call_hooks('logging_out', $args);
|
||||
nuke_session();
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
info( t('Logged out.') . EOL);
|
||||
goaway(z_root());
|
||||
}
|
||||
@ -117,7 +117,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
||||
intval(ACCOUNT_ROLE_ADMIN)
|
||||
);
|
||||
if($x) {
|
||||
new_cookie(60 * 60 * 24); // one day
|
||||
\Zotlabs\Web\Session::new_cookie(60 * 60 * 24); // one day
|
||||
$_SESSION['last_login_date'] = datetime_convert();
|
||||
unset($_SESSION['visitor_id']); // no longer a visitor
|
||||
authenticate_success($x[0], true, true);
|
||||
@ -172,7 +172,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
||||
// check any difference at all
|
||||
logger('Session address changed. Paranoid setting in effect, blocking session. '
|
||||
. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
|
||||
nuke_session();
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
goaway(z_root());
|
||||
break;
|
||||
}
|
||||
@ -196,7 +196,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
||||
}
|
||||
else {
|
||||
$_SESSION['account_id'] = 0;
|
||||
nuke_session();
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
goaway(z_root());
|
||||
}
|
||||
} // end logged in user returning
|
||||
@ -204,7 +204,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
|
||||
else {
|
||||
|
||||
if(isset($_SESSION)) {
|
||||
nuke_session();
|
||||
\Zotlabs\Web\Session::nuke();
|
||||
}
|
||||
|
||||
// handle a fresh login request
|
||||
@ -275,10 +275,10 @@ else {
|
||||
// on the cookie
|
||||
|
||||
if($_POST['remember_me']) {
|
||||
new_cookie(31449600); // one year
|
||||
\Zotlabs\Web\Session::new_cookie(31449600); // one year
|
||||
}
|
||||
else {
|
||||
new_cookie(0); // 0 means delete on browser exit
|
||||
\Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit
|
||||
}
|
||||
|
||||
// if we haven't failed up this point, log them in.
|
||||
|
||||
@ -30,7 +30,7 @@ function cli_startup() {
|
||||
unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
|
||||
};
|
||||
|
||||
require_once('include/session.php');
|
||||
\Zotlabs\Web\Session::init();
|
||||
|
||||
load_config('system');
|
||||
|
||||
|
||||
@ -62,7 +62,7 @@ if(! App::$install) {
|
||||
load_config('system');
|
||||
load_config('feature');
|
||||
|
||||
require_once('include/session.php');
|
||||
\Zotlabs\Web\Session::init();
|
||||
load_hooks();
|
||||
call_hooks('init_1');
|
||||
|
||||
@ -84,7 +84,7 @@ if(! App::$install) {
|
||||
*
|
||||
*/
|
||||
|
||||
session_start();
|
||||
\Zotlabs\Web\Session::start();
|
||||
|
||||
/**
|
||||
* Language was set earlier, but we can over-ride it in the session.
|
||||
|
||||
Reference in New Issue
Block a user