Refactor PHP session handling during login/logout

Changed: - move $_SESSION handling to SessionManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
author: VirtualTam <virtualtam@flibidi.net> 2018-02-17 01:14:58 +0100
committer: VirtualTam <virtualtam@flibidi.net> 2018-05-29 22:53:54 +0200
commit: 49f183231662c642ca9df6ceabf43fe128a5ffc1 (patch)
tree: 37367944aef0f998b12e307a2510cb2c06d3aa0f /application/SessionManager.php
parent: db45a36a53dbd722e5e891827e49d9e7651f2a5e (diff)
download: Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.tar.gz
Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.tar.zst
Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/application/SessionManager.php b/application/SessionManager.php
index 704f8504..7bfd2220 100644
--- a/application/SessionManager.php
+++ b/application/SessionManager.php
@@ -9,9 +9,15 @@ class SessionManager
    /** Session expiration timeout, in seconds */
    public static $INACTIVITY_TIMEOUT = 3600;
+    /** Name of the cookie set after logging in **/
+    public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn';
    /** Local reference to the global $_SESSION array */
    protected $session = [];
+    /** ConfigManager instance **/
+    protected $conf = null;
    /**
     * Constructor
     *
@@ -84,4 +90,38 @@ class SessionManager
        return true;
    }
+    /**
+     * Store user login information after a successful login
+     *
+     * @param array $server The global $_SERVER array
+     */
+    public function storeLoginInfo($server)
+    {
+        // Generate unique random number (different than phpsessionid)
+        $this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand());
+        $this->session['ip'] = client_ip_id($server);
+        $this->session['username'] = $this->conf->get('credentials.login');
+        $this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT;
+    }
+    /**
+     * Logout a user by unsetting all login information
+     *
+     * See:
+     * - https://secure.php.net/manual/en/function.setcookie.php
+     *
+     * @param string $webPath path on the server in which the cookie will be available on
+     */
+    public function logout($webPath)
+    {
+        if (isset($this->session)) {
+            unset($this->session['uid']);
+            unset($this->session['ip']);
+            unset($this->session['username']);
+            unset($this->session['visibility']);
+            unset($this->session['untaggedonly']);
+        }
+        setcookie(self::$LOGGED_IN_COOKIE, 'false', 0, $webPath);
+    }
 }
author	VirtualTam <virtualtam@flibidi.net>	2018-02-17 01:14:58 +0100
committer	VirtualTam <virtualtam@flibidi.net>	2018-05-29 22:53:54 +0200
commit	49f183231662c642ca9df6ceabf43fe128a5ffc1 (patch)
tree	37367944aef0f998b12e307a2510cb2c06d3aa0f /application/SessionManager.php
parent	db45a36a53dbd722e5e891827e49d9e7651f2a5e (diff)
download	Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.tar.gz Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.tar.zst Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.zip

diff --git a/application/SessionManager.php b/application/SessionManager.php index 704f8504..7bfd2220 100644 --- a/application/SessionManager.php +++ b/application/SessionManager.php
@@ -9,9 +9,15 @@ class SessionManager
9	/** Session expiration timeout, in seconds */	9	/** Session expiration timeout, in seconds */
10	public static $INACTIVITY_TIMEOUT = 3600;	10	public static $INACTIVITY_TIMEOUT = 3600;
11		11
		12	/ Name of the cookie set after logging in /
		13	public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn';
		14
12	/** Local reference to the global $_SESSION array */	15	/** Local reference to the global $_SESSION array */
13	protected $session = [];	16	protected $session = [];
14		17
		18	/ ConfigManager instance /
		19	protected $conf = null;
		20
15	/**	21	/**
16	* Constructor	22	* Constructor
17	*	23	*
@@ -84,4 +90,38 @@ class SessionManager
84		90
85	return true;	91	return true;
86	}	92	}
		93
		94	/**
		95	* Store user login information after a successful login
		96	*
		97	* @param array $server The global $_SERVER array
		98	*/
		99	public function storeLoginInfo($server)
		100	{
		101	// Generate unique random number (different than phpsessionid)
		102	$this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand());
		103	$this->session['ip'] = client_ip_id($server);
		104	$this->session['username'] = $this->conf->get('credentials.login');
		105	$this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT;
		106	}
		107
		108	/**
		109	* Logout a user by unsetting all login information
		110	*
		111	* See:
		112	* - https://secure.php.net/manual/en/function.setcookie.php
		113	*
		114	* @param string $webPath path on the server in which the cookie will be available on
		115	*/
		116	public function logout($webPath)
		117	{
		118	if (isset($this->session)) {
		119	unset($this->session['uid']);
		120	unset($this->session['ip']);
		121	unset($this->session['username']);
		122	unset($this->session['visibility']);
		123	unset($this->session['untaggedonly']);
		124	}
		125	setcookie(self::$LOGGED_IN_COOKIE, 'false', 0, $webPath);
		126	}
87	}	127	}