diff options
Diffstat (limited to 'application/security/SessionManager.php')
| -rw-r--r-- | application/security/SessionManager.php | 114 |
1 files changed, 110 insertions, 4 deletions
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index b8b8ab8d..36df8c1c 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php | |||
| @@ -8,6 +8,14 @@ use Shaarli\Config\ConfigManager; | |||
| 8 | */ | 8 | */ |
| 9 | class SessionManager | 9 | class SessionManager |
| 10 | { | 10 | { |
| 11 | public const KEY_LINKS_PER_PAGE = 'LINKS_PER_PAGE'; | ||
| 12 | public const KEY_VISIBILITY = 'visibility'; | ||
| 13 | public const KEY_UNTAGGED_ONLY = 'untaggedonly'; | ||
| 14 | |||
| 15 | public const KEY_SUCCESS_MESSAGES = 'successes'; | ||
| 16 | public const KEY_WARNING_MESSAGES = 'warnings'; | ||
| 17 | public const KEY_ERROR_MESSAGES = 'errors'; | ||
| 18 | |||
| 11 | /** @var int Session expiration timeout, in seconds */ | 19 | /** @var int Session expiration timeout, in seconds */ |
| 12 | public static $SHORT_TIMEOUT = 3600; // 1 hour | 20 | public static $SHORT_TIMEOUT = 3600; // 1 hour |
| 13 | 21 | ||
| @@ -23,16 +31,35 @@ class SessionManager | |||
| 23 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ | 31 | /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */ |
| 24 | protected $staySignedIn = false; | 32 | protected $staySignedIn = false; |
| 25 | 33 | ||
| 34 | /** @var string */ | ||
| 35 | protected $savePath; | ||
| 36 | |||
| 26 | /** | 37 | /** |
| 27 | * Constructor | 38 | * Constructor |
| 28 | * | 39 | * |
| 29 | * @param array $session The $_SESSION array (reference) | 40 | * @param array $session The $_SESSION array (reference) |
| 30 | * @param ConfigManager $conf ConfigManager instance | 41 | * @param ConfigManager $conf ConfigManager instance |
| 42 | * @param string $savePath Session save path returned by builtin function session_save_path() | ||
| 31 | */ | 43 | */ |
| 32 | public function __construct(& $session, $conf) | 44 | public function __construct(&$session, $conf, string $savePath) |
| 33 | { | 45 | { |
| 34 | $this->session = &$session; | 46 | $this->session = &$session; |
| 35 | $this->conf = $conf; | 47 | $this->conf = $conf; |
| 48 | $this->savePath = $savePath; | ||
| 49 | } | ||
| 50 | |||
| 51 | /** | ||
| 52 | * Initialize XSRF token and links per page session variables. | ||
| 53 | */ | ||
| 54 | public function initialize(): void | ||
| 55 | { | ||
| 56 | if (!isset($this->session['tokens'])) { | ||
| 57 | $this->session['tokens'] = []; | ||
| 58 | } | ||
| 59 | |||
| 60 | if (!isset($this->session['LINKS_PER_PAGE'])) { | ||
| 61 | $this->session['LINKS_PER_PAGE'] = $this->conf->get('general.links_per_page', 20); | ||
| 62 | } | ||
| 36 | } | 63 | } |
| 37 | 64 | ||
| 38 | /** | 65 | /** |
| @@ -156,7 +183,6 @@ class SessionManager | |||
| 156 | unset($this->session['expires_on']); | 183 | unset($this->session['expires_on']); |
| 157 | unset($this->session['username']); | 184 | unset($this->session['username']); |
| 158 | unset($this->session['visibility']); | 185 | unset($this->session['visibility']); |
| 159 | unset($this->session['untaggedonly']); | ||
| 160 | } | 186 | } |
| 161 | } | 187 | } |
| 162 | 188 | ||
| @@ -196,4 +222,84 @@ class SessionManager | |||
| 196 | } | 222 | } |
| 197 | return true; | 223 | return true; |
| 198 | } | 224 | } |
| 225 | |||
| 226 | /** @return array Local reference to the global $_SESSION array */ | ||
| 227 | public function getSession(): array | ||
| 228 | { | ||
| 229 | return $this->session; | ||
| 230 | } | ||
| 231 | |||
| 232 | /** | ||
| 233 | * @param mixed $default value which will be returned if the $key is undefined | ||
| 234 | * | ||
| 235 | * @return mixed Content stored in session | ||
| 236 | */ | ||
| 237 | public function getSessionParameter(string $key, $default = null) | ||
| 238 | { | ||
| 239 | return $this->session[$key] ?? $default; | ||
| 240 | } | ||
| 241 | |||
| 242 | /** | ||
| 243 | * Store a variable in user session. | ||
| 244 | * | ||
| 245 | * @param string $key Session key | ||
| 246 | * @param mixed $value Session value to store | ||
| 247 | * | ||
| 248 | * @return $this | ||
| 249 | */ | ||
| 250 | public function setSessionParameter(string $key, $value): self | ||
| 251 | { | ||
| 252 | $this->session[$key] = $value; | ||
| 253 | |||
| 254 | return $this; | ||
| 255 | } | ||
| 256 | |||
| 257 | /** | ||
| 258 | * Store a variable in user session. | ||
| 259 | * | ||
| 260 | * @param string $key Session key | ||
| 261 | * | ||
| 262 | * @return $this | ||
| 263 | */ | ||
| 264 | public function deleteSessionParameter(string $key): self | ||
| 265 | { | ||
| 266 | unset($this->session[$key]); | ||
| 267 | |||
| 268 | return $this; | ||
| 269 | } | ||
| 270 | |||
| 271 | public function getSavePath(): string | ||
| 272 | { | ||
| 273 | return $this->savePath; | ||
| 274 | } | ||
| 275 | |||
| 276 | /* | ||
| 277 | * Next public functions wrapping native PHP session API. | ||
| 278 | */ | ||
| 279 | |||
| 280 | public function destroy(): bool | ||
| 281 | { | ||
| 282 | $this->session = []; | ||
| 283 | |||
| 284 | return session_destroy(); | ||
| 285 | } | ||
| 286 | |||
| 287 | public function start(): bool | ||
| 288 | { | ||
| 289 | if (session_status() === PHP_SESSION_ACTIVE) { | ||
| 290 | $this->destroy(); | ||
| 291 | } | ||
| 292 | |||
| 293 | return session_start(); | ||
| 294 | } | ||
| 295 | |||
| 296 | public function cookieParameters(int $lifeTime, string $path, string $domain): bool | ||
| 297 | { | ||
| 298 | return session_set_cookie_params($lifeTime, $path, $domain); | ||
| 299 | } | ||
| 300 | |||
| 301 | public function regenerateId(bool $deleteOldSession = false): bool | ||
| 302 | { | ||
| 303 | return session_regenerate_id($deleteOldSession); | ||
| 304 | } | ||
| 199 | } | 305 | } |