X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Fsecurity%2FSessionManager.php;h=96bf193c1040debe1e14003c1f3eaab7deba71bf;hb=refs%2Fpull%2F1630%2Fhead;hp=994fcbe52ceb30cd4086369c46c89b9d66832260;hpb=c653ae3bfb11f663a52f55817e6d02a66d0852c8;p=github%2Fshaarli%2FShaarli.git diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 994fcbe5..96bf193c 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php @@ -8,6 +8,14 @@ use Shaarli\Config\ConfigManager; */ class SessionManager { + public const KEY_LINKS_PER_PAGE = 'LINKS_PER_PAGE'; + public const KEY_VISIBILITY = 'visibility'; + public const KEY_UNTAGGED_ONLY = 'untaggedonly'; + + public const KEY_SUCCESS_MESSAGES = 'successes'; + public const KEY_WARNING_MESSAGES = 'warnings'; + public const KEY_ERROR_MESSAGES = 'errors'; + /** @var int Session expiration timeout, in seconds */ public static $SHORT_TIMEOUT = 3600; // 1 hour @@ -23,16 +31,35 @@ class SessionManager /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ protected $staySignedIn = false; + /** @var string */ + protected $savePath; + /** * Constructor * - * @param array $session The $_SESSION array (reference) - * @param ConfigManager $conf ConfigManager instance + * @param array $session The $_SESSION array (reference) + * @param ConfigManager $conf ConfigManager instance + * @param string $savePath Session save path returned by builtin function session_save_path() */ - public function __construct(& $session, $conf) + public function __construct(&$session, $conf, string $savePath) { $this->session = &$session; $this->conf = $conf; + $this->savePath = $savePath; + } + + /** + * Initialize XSRF token and links per page session variables. + */ + public function initialize(): void + { + if (!isset($this->session['tokens'])) { + $this->session['tokens'] = []; + } + + if (!isset($this->session['LINKS_PER_PAGE'])) { + $this->session['LINKS_PER_PAGE'] = $this->conf->get('general.links_per_page', 20); + } } /** @@ -156,7 +183,6 @@ class SessionManager unset($this->session['expires_on']); unset($this->session['username']); unset($this->session['visibility']); - unset($this->session['untaggedonly']); } } @@ -202,4 +228,81 @@ class SessionManager { return $this->session; } + + /** + * @param mixed $default value which will be returned if the $key is undefined + * + * @return mixed Content stored in session + */ + public function getSessionParameter(string $key, $default = null) + { + return $this->session[$key] ?? $default; + } + + /** + * Store a variable in user session. + * + * @param string $key Session key + * @param mixed $value Session value to store + * + * @return $this + */ + public function setSessionParameter(string $key, $value): self + { + $this->session[$key] = $value; + + return $this; + } + + /** + * Store a variable in user session. + * + * @param string $key Session key + * + * @return $this + */ + public function deleteSessionParameter(string $key): self + { + unset($this->session[$key]); + + return $this; + } + + public function getSavePath(): string + { + return $this->savePath; + } + + /* + * Next public functions wrapping native PHP session API. + */ + + public function destroy(): bool + { + $this->session = []; + + return session_destroy(); + } + + public function start(): bool + { + if (session_status() === PHP_SESSION_ACTIVE) { + $this->destroy(); + } + + return session_start(); + } + + /** + * Be careful, return type of session_set_cookie_params() changed between PHP 7.1 and 7.2. + */ + public function cookieParameters(int $lifeTime, string $path, string $domain): void + { + session_set_cookie_params($lifeTime, $path, $domain); + } + + public function regenerateId(bool $deleteOldSession = false): bool + { + return session_regenerate_id($deleteOldSession); + } }