application/SessionManager.php

   1 <?php
   2 namespace Shaarli;
   3
   4 /**
   5  * Manages the server-side session
   6  */
   7 class SessionManager
   8 {
   9     protected $session = [];
  10
  11     /**
  12      * Constructor
  13      *
  14      * @param array         $session The $_SESSION array (reference)
  15      * @param ConfigManager $conf    ConfigManager instance (reference)
  16      */
  17     public function __construct(& $session, & $conf)
  18     {
  19         $this->session = &$session;
  20         $this->conf = &$conf;
  21     }
  22
  23     /**
  24      * Generates a session token
  25      *
  26      * @return string token
  27      */
  28     public function generateToken()
  29     {
  30         $token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt'));
  31         $this->session['tokens'][$token] = 1;
  32         return $token;
  33     }
  34
  35     /**
  36      * Checks the validity of a session token, and destroys it afterwards
  37      *
  38      * @param string $token The token to check
  39      *
  40      * @return bool true if the token is valid, else false
  41      */
  42     public function checkToken($token)
  43     {
  44         if (! isset($this->session['tokens'][$token])) {
  45             // the token is wrong, or has already been used
  46             return false;
  47         }
  48
  49         // destroy the token to prevent future use
  50         unset($this->session['tokens'][$token]);
  51         return true;
  52     }
  53 }