ElggSession.php 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463
  1. <?php
  2. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  3. use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
  4. use Symfony\Component\HttpFoundation\Session\Session;
  5. /**
  6. * Elgg Session Management
  7. *
  8. * Reserved keys: last_forward_from, msg, sticky_forms, user, guid, id, code, name, username
  9. * Deprecated keys: user, id, name, username
  10. *
  11. * \ArrayAccess was deprecated in Elgg 1.9. This means you should use
  12. * $session->get('foo') rather than $session['foo'].
  13. * Warning: You can not access multidimensional arrays through \ArrayAccess like
  14. * this $session['foo']['bar']
  15. *
  16. * @package Elgg.Core
  17. * @subpackage Session
  18. * @see elgg_get_session()
  19. */
  20. class ElggSession implements \ArrayAccess {
  21. /**
  22. * @var SessionInterface
  23. */
  24. protected $storage;
  25. /**
  26. * @var \ElggUser|null
  27. */
  28. protected $logged_in_user;
  29. /**
  30. * @var bool
  31. */
  32. protected $ignore_access = false;
  33. /**
  34. * Constructor
  35. *
  36. * @param SessionInterface $storage The underlying Session implementation
  37. * @access private Use elgg_get_session()
  38. */
  39. public function __construct(SessionInterface $storage) {
  40. $this->storage = $storage;
  41. }
  42. /**
  43. * Start the session
  44. *
  45. * @return boolean
  46. * @throws RuntimeException If session fails to start.
  47. * @since 1.9
  48. */
  49. public function start() {
  50. $result = $this->storage->start();
  51. $this->generateSessionToken();
  52. return $result;
  53. }
  54. /**
  55. * Migrates the session to a new session id while maintaining session attributes
  56. *
  57. * @param boolean $destroy Whether to delete the session or let gc handle clean up
  58. * @return boolean
  59. * @since 1.9
  60. */
  61. public function migrate($destroy = false) {
  62. return $this->storage->migrate($destroy);
  63. }
  64. /**
  65. * Invalidates the session
  66. *
  67. * Deletes session data and session persistence. Starts a new session.
  68. *
  69. * @return boolean
  70. * @since 1.9
  71. */
  72. public function invalidate() {
  73. $this->storage->clear();
  74. $this->logged_in_user = null;
  75. $result = $this->migrate(true);
  76. $this->generateSessionToken();
  77. return $result;
  78. }
  79. /**
  80. * Has the session been started
  81. *
  82. * @return boolean
  83. * @since 1.9
  84. */
  85. public function isStarted() {
  86. return $this->storage->isStarted();
  87. }
  88. /**
  89. * Get the session ID
  90. *
  91. * @return string
  92. * @since 1.9
  93. */
  94. public function getId() {
  95. return $this->storage->getId();
  96. }
  97. /**
  98. * Set the session ID
  99. *
  100. * @param string $id Session ID
  101. * @return void
  102. * @since 1.9
  103. */
  104. public function setId($id) {
  105. $this->storage->setId($id);
  106. }
  107. /**
  108. * Get the session name
  109. *
  110. * @return string
  111. * @since 1.9
  112. */
  113. public function getName() {
  114. return $this->storage->getName();
  115. }
  116. /**
  117. * Set the session name
  118. *
  119. * @param string $name Session name
  120. * @return void
  121. * @since 1.9
  122. */
  123. public function setName($name) {
  124. $this->storage->setName($name);
  125. }
  126. /**
  127. * Get an attribute of the session
  128. *
  129. * @param string $name Name of the attribute to get
  130. * @param mixed $default Value to return if attribute is not set (default is null)
  131. * @return mixed
  132. */
  133. public function get($name, $default = null) {
  134. return $this->storage->get($name, $default);
  135. }
  136. /**
  137. * Set an attribute
  138. *
  139. * @param string $name Name of the attribute to set
  140. * @param mixed $value Value to be set
  141. * @return void
  142. */
  143. public function set($name, $value) {
  144. $this->storage->set($name, $value);
  145. }
  146. /**
  147. * Remove an attribute
  148. *
  149. * @param string $name The name of the attribute to remove
  150. * @return mixed The removed attribute
  151. * @since 1.9
  152. */
  153. public function remove($name) {
  154. return $this->storage->remove($name);
  155. }
  156. /**
  157. * Alias to offsetUnset()
  158. *
  159. * @param string $key Name
  160. * @return void
  161. * @deprecated 1.9 Use remove()
  162. */
  163. public function del($key) {
  164. elgg_deprecated_notice(__METHOD__ . " has been deprecated.", 1.9);
  165. $this->remove($key);
  166. }
  167. /**
  168. * Has the attribute been defined
  169. *
  170. * @param string $name Name of the attribute
  171. * @return bool
  172. * @since 1.9
  173. */
  174. public function has($name) {
  175. return $this->storage->has($name);
  176. }
  177. /**
  178. * Sets the logged in user
  179. *
  180. * @param \ElggUser $user The user who is logged in
  181. * @return void
  182. * @since 1.9
  183. */
  184. public function setLoggedInUser(\ElggUser $user) {
  185. $this->set('guid', $user->guid);
  186. $this->logged_in_user = $user;
  187. }
  188. /**
  189. * Gets the logged in user
  190. *
  191. * @return \ElggUser
  192. * @since 1.9
  193. */
  194. public function getLoggedInUser() {
  195. return $this->logged_in_user;
  196. }
  197. /**
  198. * Return the current logged in user by guid.
  199. *
  200. * @see elgg_get_logged_in_user_entity()
  201. * @return int
  202. */
  203. public function getLoggedInUserGuid() {
  204. $user = $this->getLoggedInUser();
  205. return $user ? $user->guid : 0;
  206. }
  207. /**
  208. * Returns whether or not the viewer is currently logged in and an admin user.
  209. *
  210. * @return bool
  211. */
  212. public function isAdminLoggedIn() {
  213. $user = $this->getLoggedInUser();
  214. return $user && $user->isAdmin();
  215. }
  216. /**
  217. * Returns whether or not the user is currently logged in
  218. *
  219. * @return bool
  220. */
  221. public function isLoggedIn() {
  222. return (bool)$this->getLoggedInUser();
  223. }
  224. /**
  225. * Remove the logged in user
  226. *
  227. * @return void
  228. * @since 1.9
  229. */
  230. public function removeLoggedInUser() {
  231. $this->logged_in_user = null;
  232. $this->remove('guid');
  233. }
  234. /**
  235. * Get current ignore access setting.
  236. *
  237. * @return bool
  238. */
  239. public function getIgnoreAccess() {
  240. return $this->ignore_access;
  241. }
  242. /**
  243. * Set ignore access.
  244. *
  245. * @param bool $ignore Ignore access
  246. *
  247. * @return bool Previous setting
  248. */
  249. public function setIgnoreAccess($ignore = true) {
  250. _elgg_services()->accessCache->clear();
  251. $prev = $this->ignore_access;
  252. $this->ignore_access = $ignore;
  253. return $prev;
  254. }
  255. // @codingStandardsIgnoreStart
  256. /**
  257. * Alias of getIgnoreAccess()
  258. *
  259. * @todo remove with elgg_get_access_object()
  260. *
  261. * @return bool
  262. * @deprecated 1.8 Use elgg_get_ignore_access()
  263. */
  264. public function get_ignore_access() {
  265. return $this->getIgnoreAccess();
  266. }
  267. // @codingStandardsIgnoreEnd
  268. // @codingStandardsIgnoreStart
  269. /**
  270. * Alias of setIgnoreAccess()
  271. *
  272. * @todo remove with elgg_get_access_object()
  273. *
  274. * @param bool $ignore Ignore access
  275. *
  276. * @return bool Previous setting
  277. *
  278. * @deprecated 1.8 Use elgg_set_ignore_access()
  279. */
  280. public function set_ignore_access($ignore = true) {
  281. return $this->setIgnoreAccess($ignore);
  282. }
  283. // @codingStandardsIgnoreEnd
  284. /**
  285. * Adds a token to the session
  286. *
  287. * This is used in creation of CSRF token
  288. *
  289. * @return void
  290. */
  291. protected function generateSessionToken() {
  292. // Generate a simple token that we store server side
  293. if (!$this->has('__elgg_session')) {
  294. $this->set('__elgg_session', md5(microtime() . rand()));
  295. }
  296. }
  297. /**
  298. * Test if property is set either as an attribute or metadata.
  299. *
  300. * @param string $key The name of the attribute or metadata.
  301. *
  302. * @return bool
  303. * @deprecated 1.9 Use has()
  304. */
  305. public function __isset($key) {
  306. elgg_deprecated_notice(__METHOD__ . " has been deprecated.", 1.9);
  307. // Note: We use offsetExists() for BC
  308. return $this->offsetExists($key);
  309. }
  310. /**
  311. * Set a value, go straight to session.
  312. *
  313. * @param string $key Name
  314. * @param mixed $value Value
  315. *
  316. * @return void
  317. * @deprecated 1.9 Use set()
  318. */
  319. public function offsetSet($key, $value) {
  320. elgg_deprecated_notice(__METHOD__ . " has been deprecated.", 1.9);
  321. $this->set($key, $value);
  322. }
  323. /**
  324. * Get a variable from either the session, or if its not in the session
  325. * attempt to get it from an api call.
  326. *
  327. * @see \ArrayAccess::offsetGet()
  328. *
  329. * @param mixed $key Name
  330. *
  331. * @return mixed
  332. * @deprecated 1.9 Use get()
  333. */
  334. public function offsetGet($key) {
  335. elgg_deprecated_notice(__METHOD__ . " has been deprecated.", 1.9);
  336. if (in_array($key, array('user', 'id', 'name', 'username'))) {
  337. elgg_deprecated_notice("Only 'guid' is stored in session for user now", 1.9);
  338. if ($this->logged_in_user) {
  339. switch ($key) {
  340. case 'user':
  341. return $this->logged_in_user;
  342. break;
  343. case 'id':
  344. return $this->logged_in_user->guid;
  345. break;
  346. case 'name':
  347. case 'username':
  348. return $this->logged_in_user->$key;
  349. break;
  350. }
  351. } else {
  352. return null;
  353. }
  354. }
  355. if ($this->has($key)) {
  356. return $this->get($key);
  357. }
  358. $orig_value = null;
  359. $value = _elgg_services()->hooks->trigger('session:get', $key, null, $orig_value);
  360. if ($orig_value !== $value) {
  361. elgg_deprecated_notice("Plugin hook session:get has been deprecated.", 1.9);
  362. }
  363. $this->set($key, $value);
  364. return $value;
  365. }
  366. /**
  367. * Unset a value from the cache and the session.
  368. *
  369. * @see \ArrayAccess::offsetUnset()
  370. *
  371. * @param mixed $key Name
  372. *
  373. * @return void
  374. * @deprecated 1.9 Use remove()
  375. */
  376. public function offsetUnset($key) {
  377. elgg_deprecated_notice(__METHOD__ . " has been deprecated.", 1.9);
  378. $this->remove($key);
  379. }
  380. /**
  381. * Return whether the value is set in either the session or the cache.
  382. *
  383. * @see \ArrayAccess::offsetExists()
  384. *
  385. * @param int $offset Offset
  386. *
  387. * @return bool
  388. * @deprecated 1.9 Use has()
  389. */
  390. public function offsetExists($offset) {
  391. elgg_deprecated_notice(__METHOD__ . " has been deprecated.", 1.9);
  392. if (in_array($offset, array('user', 'id', 'name', 'username'))) {
  393. elgg_deprecated_notice("Only 'guid' is stored in session for user now", 1.9);
  394. return (bool)$this->logged_in_user;
  395. }
  396. if ($this->has($offset)) {
  397. return true;
  398. }
  399. // Note: We use offsetGet() for BC
  400. if ($this->offsetGet($offset)) {
  401. return true;
  402. }
  403. return false;
  404. }
  405. /**
  406. * Get an isolated ElggSession that does not persist between requests
  407. *
  408. * @return self
  409. */
  410. public static function getMock() {
  411. $storage = new MockArraySessionStorage();
  412. $session = new Session($storage);
  413. return new self($session);
  414. }
  415. }