47 $this->crypto = $crypto;
48 $this->cookie_config = $cookie_config;
49 $this->cookie_token = $cookie_token;
51 $prefix = $this->db->getTablePrefix();
52 $this->
table =
"{$prefix}users_remember_me_cookies";
53 $this->time = is_numeric($time) ? (int)$time : time();
64 $token = $this->generateToken();
65 $hash = $this->hashToken(
$token);
67 $this->storeHash(
$user, $hash);
78 if ($this->cookie_token) {
79 $client_hash = $this->hashToken($this->cookie_token);
80 $this->removeHash($client_hash);
84 $this->setSession(
"");
97 if (!$modifier || ($modifier->guid !==
$subject->guid) || !$this->cookie_token) {
101 $this->makeLoginPersistent($modifier);
111 if (!$this->cookie_token) {
116 $cookie_hash = $this->hashToken($this->cookie_token);
117 $user = $this->getUserFromHash($cookie_hash);
119 $this->setSession($this->cookie_token);
124 if ($this->isLegacyToken($this->cookie_token)) {
126 call_user_func($this->_callable_sleep, 1);
128 $this->setCookie(
'');
140 if (!$this->cookie_token || !$this->isLegacyToken($this->cookie_token)) {
145 $this->removeHash($this->hashToken($this->cookie_token));
146 $this->makeLoginPersistent($logged_in_user);
161 $hash = $this->db->sanitizeString($hash);
162 $query =
"SELECT guid FROM {$this->table} WHERE code = '$hash'";
164 $user_row = $this->db->getDataRow($query);
166 return $this->handleDbException(
$e);
172 $user = call_user_func($this->_callable_get_user, $user_row->guid);
186 $hash = $this->db->sanitizeString($hash);
189 INSERT INTO {$this->table} (code, guid, timestamp)
190 VALUES ('$hash', {$user->guid}, $time)
193 $this->db->insertData($query);
195 $this->handleDbException(
$e);
206 $hash = $this->db->sanitizeString($hash);
208 $query =
"DELETE FROM {$this->table} WHERE code = '$hash'";
210 $this->db->deleteData($query);
212 $this->handleDbException(
$e);
227 if (
false !== strpos(
$exception->getMessage(),
"users_remember_me_cookies' doesn't exist")) {
243 $query =
"DELETE FROM {$this->table} WHERE guid = '{$user->guid}'";
245 $this->db->deleteData($query);
247 $this->handleDbException(
$e);
272 $cookie = new \ElggCookie($this->cookie_config[
'name']);
273 foreach (array(
'expire',
'path',
'domain',
'secure',
'httponly') as
$key) {
274 $cookie->$key = $this->cookie_config[
$key];
278 $cookie->expire = $this->time - (86400 * 30);
280 call_user_func($this->_callable_elgg_set_cookie, $cookie);
292 $this->session->set(
'code',
$token);
294 $this->session->remove(
'code');
307 return 'z' . $this->crypto->getRandomString(31);
360 public $_callable_get_user =
'get_user';
366 public $_callable_elgg_set_cookie =
'elgg_set_cookie';
372 public $_callable_sleep =
'sleep';
generateToken()
Generate a random token (base 64 URL)
handlePasswordChange(\ElggUser $subject, \ElggUser $modifier=null)
Handle a password change.
__construct(Database $db, \ElggSession $session, \ElggCrypto $crypto, array $cookie_config, $cookie_token, $time=null)
Constructor.
getUserFromHash($hash)
Find a user with the given hash.
setCookie($token)
Store the token in the client cookie (or remove the cookie)
bootSession()
Boot the persistent login session, possibly returning the user who should be silently logged in.
removeAllHashes(\ElggUser $user)
Remove all the hashes associated with a user.
replaceLegacyToken(\ElggUser $logged_in_user)
Replace the user's token if it's a legacy hexadecimal token.
removePersistentLogin()
Remove the persisted login token from client and server.
setSession($token)
Store the token in the session (or remove it from the session)
isLegacyToken($token)
Is the given token a legacy MD5 hash?
makeLoginPersistent(\ElggUser $user)
Make the user's login persistent.
hashToken($token)
Create a hash from the token.
storeHash(\ElggUser $user, $hash)
Store a hash in the DB.
handleDbException(\DatabaseException $exception, $default=null)
Swallow a schema not upgraded exception, otherwise rethrow it.
removeHash($hash)
Remove a hash from the DB.
