1 files changed, 53 insertions, 0 deletions
diff --git a/application/SessionManager.php b/application/SessionManager.php
new file mode 100644
index 00000000..2083df42
--- /dev/null
+++ b/application/SessionManager.php
@@ -0,0 +1,53 @@
+<?php
+namespace Shaarli;
+/**
+ * Manages the server-side session
+ */
+class SessionManager
+{
+    protected $session = [];
+    /**
+     * Constructor
+     *
+     * @param array         $session The $_SESSION array (reference)
+     * @param ConfigManager $conf    ConfigManager instance (reference)
+     */
+    public function __construct(& $session, & $conf)
+    {
+        $this->session = &$session;
+        $this->conf = &$conf;
+    }
+    /**
+     * Generates a session token
+     *
+     * @return string token
+     */
+    public function generateToken()
+    {
+        $token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt'));
+        $this->session['tokens'][$token] = 1;
+        return $token;
+    }
+    /**
+     * Checks the validity of a session token, and destroys it afterwards
+     *
+     * @param string $token The token to check
+     *
+     * @return bool true if the token is valid, else false
+     */
+    public function checkToken($token)
+    {
+        if (! isset($this->session['tokens'][$token])) {
+            // the token is wrong, or has already been used
+            return false;
+        }
+        // destroy the token to prevent future use
+        unset($this->session['tokens'][$token]);
+        return true;
+    }
+}

diff --git a/application/SessionManager.php b/application/SessionManager.php new file mode 100644 index 00000000..2083df42 --- /dev/null +++ b/application/SessionManager.php
@@ -0,0 +1,53 @@
	1	<?php
	2	namespace Shaarli;
	3
	4	/**
	5	* Manages the server-side session
	6	*/
	7	class SessionManager
	8	{
	9	protected $session = [];
	10
	11	/**
	12	* Constructor
	13	*
	14	* @param array $session The $_SESSION array (reference)
	15	* @param ConfigManager $conf ConfigManager instance (reference)
	16	*/
	17	public function __construct(& $session, & $conf)
	18	{
	19	$this->session = &$session;
	20	$this->conf = &$conf;
	21	}
	22
	23	/**
	24	* Generates a session token
	25	*
	26	* @return string token
	27	*/
	28	public function generateToken()
	29	{
	30	$token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt'));
	31	$this->session['tokens'][$token] = 1;
	32	return $token;
	33	}
	34
	35	/**
	36	* Checks the validity of a session token, and destroys it afterwards
	37	*
	38	* @param string $token The token to check
	39	*
	40	* @return bool true if the token is valid, else false
	41	*/
	42	public function checkToken($token)
	43	{
	44	if (! isset($this->session['tokens'][$token])) {
	45	// the token is wrong, or has already been used
	46	return false;
	47	}
	48
	49	// destroy the token to prevent future use
	50	unset($this->session['tokens'][$token]);
	51	return true;
	52	}
	53	}