aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-02-17 01:14:58 +0100
committerVirtualTam <virtualtam@flibidi.net>2018-05-29 22:53:54 +0200
commit49f183231662c642ca9df6ceabf43fe128a5ffc1 (patch)
tree37367944aef0f998b12e307a2510cb2c06d3aa0f /application
parentdb45a36a53dbd722e5e891827e49d9e7651f2a5e (diff)
downloadShaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.tar.gz
Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.tar.zst
Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.zip
Refactor PHP session handling during login/logout
Changed: - move $_SESSION handling to SessionManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r--application/SessionManager.php40
1 files changed, 40 insertions, 0 deletions
diff --git a/application/SessionManager.php b/application/SessionManager.php
index 704f8504..7bfd2220 100644
--- a/application/SessionManager.php
+++ b/application/SessionManager.php
@@ -9,9 +9,15 @@ class SessionManager
9 /** Session expiration timeout, in seconds */ 9 /** Session expiration timeout, in seconds */
10 public static $INACTIVITY_TIMEOUT = 3600; 10 public static $INACTIVITY_TIMEOUT = 3600;
11 11
12 /** Name of the cookie set after logging in **/
13 public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn';
14
12 /** Local reference to the global $_SESSION array */ 15 /** Local reference to the global $_SESSION array */
13 protected $session = []; 16 protected $session = [];
14 17
18 /** ConfigManager instance **/
19 protected $conf = null;
20
15 /** 21 /**
16 * Constructor 22 * Constructor
17 * 23 *
@@ -84,4 +90,38 @@ class SessionManager
84 90
85 return true; 91 return true;
86 } 92 }
93
94 /**
95 * Store user login information after a successful login
96 *
97 * @param array $server The global $_SERVER array
98 */
99 public function storeLoginInfo($server)
100 {
101 // Generate unique random number (different than phpsessionid)
102 $this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand());
103 $this->session['ip'] = client_ip_id($server);
104 $this->session['username'] = $this->conf->get('credentials.login');
105 $this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT;
106 }
107
108 /**
109 * Logout a user by unsetting all login information
110 *
111 * See:
112 * - https://secure.php.net/manual/en/function.setcookie.php
113 *
114 * @param string $webPath path on the server in which the cookie will be available on
115 */
116 public function logout($webPath)
117 {
118 if (isset($this->session)) {
119 unset($this->session['uid']);
120 unset($this->session['ip']);
121 unset($this->session['username']);
122 unset($this->session['visibility']);
123 unset($this->session['untaggedonly']);
124 }
125 setcookie(self::$LOGGED_IN_COOKIE, 'false', 0, $webPath);
126 }
87} 127}