diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-02-17 01:14:58 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-05-29 22:53:54 +0200 |
commit | 49f183231662c642ca9df6ceabf43fe128a5ffc1 (patch) | |
tree | 37367944aef0f998b12e307a2510cb2c06d3aa0f /application | |
parent | db45a36a53dbd722e5e891827e49d9e7651f2a5e (diff) | |
download | Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.tar.gz Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.tar.zst Shaarli-49f183231662c642ca9df6ceabf43fe128a5ffc1.zip |
Refactor PHP session handling during login/logout
Changed:
- move $_SESSION handling to SessionManager
- code cleanup
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r-- | application/SessionManager.php | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/application/SessionManager.php b/application/SessionManager.php index 704f8504..7bfd2220 100644 --- a/application/SessionManager.php +++ b/application/SessionManager.php | |||
@@ -9,9 +9,15 @@ class SessionManager | |||
9 | /** Session expiration timeout, in seconds */ | 9 | /** Session expiration timeout, in seconds */ |
10 | public static $INACTIVITY_TIMEOUT = 3600; | 10 | public static $INACTIVITY_TIMEOUT = 3600; |
11 | 11 | ||
12 | /** Name of the cookie set after logging in **/ | ||
13 | public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn'; | ||
14 | |||
12 | /** Local reference to the global $_SESSION array */ | 15 | /** Local reference to the global $_SESSION array */ |
13 | protected $session = []; | 16 | protected $session = []; |
14 | 17 | ||
18 | /** ConfigManager instance **/ | ||
19 | protected $conf = null; | ||
20 | |||
15 | /** | 21 | /** |
16 | * Constructor | 22 | * Constructor |
17 | * | 23 | * |
@@ -84,4 +90,38 @@ class SessionManager | |||
84 | 90 | ||
85 | return true; | 91 | return true; |
86 | } | 92 | } |
93 | |||
94 | /** | ||
95 | * Store user login information after a successful login | ||
96 | * | ||
97 | * @param array $server The global $_SERVER array | ||
98 | */ | ||
99 | public function storeLoginInfo($server) | ||
100 | { | ||
101 | // Generate unique random number (different than phpsessionid) | ||
102 | $this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand()); | ||
103 | $this->session['ip'] = client_ip_id($server); | ||
104 | $this->session['username'] = $this->conf->get('credentials.login'); | ||
105 | $this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT; | ||
106 | } | ||
107 | |||
108 | /** | ||
109 | * Logout a user by unsetting all login information | ||
110 | * | ||
111 | * See: | ||
112 | * - https://secure.php.net/manual/en/function.setcookie.php | ||
113 | * | ||
114 | * @param string $webPath path on the server in which the cookie will be available on | ||
115 | */ | ||
116 | public function logout($webPath) | ||
117 | { | ||
118 | if (isset($this->session)) { | ||
119 | unset($this->session['uid']); | ||
120 | unset($this->session['ip']); | ||
121 | unset($this->session['username']); | ||
122 | unset($this->session['visibility']); | ||
123 | unset($this->session['untaggedonly']); | ||
124 | } | ||
125 | setcookie(self::$LOGGED_IN_COOKIE, 'false', 0, $webPath); | ||
126 | } | ||
87 | } | 127 | } |