]>
Commit | Line | Data |
---|---|---|
ebd650c0 V |
1 | <?php |
2 | namespace Shaarli; | |
3 | ||
4 | /** | |
5 | * Manages the server-side session | |
6 | */ | |
7 | class SessionManager | |
8 | { | |
9 | protected $session = []; | |
10 | ||
11 | /** | |
12 | * Constructor | |
13 | * | |
14 | * @param array $session The $_SESSION array (reference) | |
15 | * @param ConfigManager $conf ConfigManager instance (reference) | |
16 | */ | |
17 | public function __construct(& $session, & $conf) | |
18 | { | |
19 | $this->session = &$session; | |
20 | $this->conf = &$conf; | |
21 | } | |
22 | ||
23 | /** | |
24 | * Generates a session token | |
25 | * | |
26 | * @return string token | |
27 | */ | |
28 | public function generateToken() | |
29 | { | |
30 | $token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt')); | |
31 | $this->session['tokens'][$token] = 1; | |
32 | return $token; | |
33 | } | |
34 | ||
35 | /** | |
36 | * Checks the validity of a session token, and destroys it afterwards | |
37 | * | |
38 | * @param string $token The token to check | |
39 | * | |
40 | * @return bool true if the token is valid, else false | |
41 | */ | |
42 | public function checkToken($token) | |
43 | { | |
44 | if (! isset($this->session['tokens'][$token])) { | |
45 | // the token is wrong, or has already been used | |
46 | return false; | |
47 | } | |
48 | ||
49 | // destroy the token to prevent future use | |
50 | unset($this->session['tokens'][$token]); | |
51 | return true; | |
52 | } | |
53 | } |