Elgg  Version 4.x
ElggSession.php
Go to the documentation of this file.
1 <?php
2 
3 use Elgg\Config;
4 use Elgg\Database;
5 use Elgg\Http\DatabaseSessionHandler;
6 use Elgg\Traits\Debug\Profilable;
7 use Symfony\Component\HttpFoundation\Session\Session;
8 use Symfony\Component\HttpFoundation\Session\SessionInterface;
9 use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
10 use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
11 
19 class ElggSession {
20 
21  use Profilable;
22 
26  protected $storage;
27 
31  protected $logged_in_user;
32 
36  protected $ignore_access = false;
37 
41  protected $show_disabled_entities = false;
42 
48  public function __construct(SessionInterface $storage) {
49  $this->storage = $storage;
50  }
51 
59  public function boot(): void {
60 
61  $this->beginTimer([__METHOD__]);
62 
63  $this->start();
64 
65  // test whether we have a user session
66  if ($this->has('guid')) {
67  $user = _elgg_services()->entityTable->get($this->get('guid'), 'user');
68  if (!$user instanceof ElggUser) {
69  // OMG user has been deleted.
70  $this->invalidate();
71 
72  // redirect to homepage
73  $this->endTimer([__METHOD__]);
74  _elgg_services()->responseFactory->redirect('');
75  }
76  } else {
77  $user = _elgg_services()->persistentLogin->bootSession();
78  if ($user instanceof ElggUser) {
79  _elgg_services()->persistentLogin->updateTokenUsage($user);
80  }
81  }
82 
83  if ($user instanceof ElggUser) {
84  $this->setLoggedInUser($user);
85  $user->setLastAction();
86 
87  // logout a user with open session who has been banned
88  if ($user->isBanned()) {
89  logout();
90  }
91  }
92 
93  $this->endTimer([__METHOD__]);
94  }
95 
103  public function start() {
104 
105  if ($this->storage->getId()) {
106  return true;
107  }
108 
109  $result = $this->storage->start();
110  $this->generateSessionToken();
111  return $result;
112  }
113 
121  public function migrate($destroy = false) {
122  return $this->storage->migrate($destroy);
123  }
124 
133  public function invalidate() {
134  $this->storage->clear();
135  $this->logged_in_user = null;
136  $result = $this->migrate(true);
137  $this->generateSessionToken();
138  _elgg_services()->sessionCache->clear();
139  return $result;
140  }
141 
148  public function save() {
149  $this->storage->save();
150  }
151 
158  public function isStarted() {
159  return $this->storage->isStarted();
160  }
161 
168  public function getID() {
169  return $this->storage->getId();
170  }
171 
179  public function setId($id) {
180  $this->storage->setId($id);
181  }
182 
189  public function getName() {
190  return $this->storage->getName();
191  }
192 
200  public function setName($name) {
201  $this->storage->setName($name);
202  }
203 
211  public function get($name, $default = null) {
212  return $this->storage->get($name, $default);
213  }
214 
222  public function set($name, $value) {
223  $this->storage->set($name, $value);
224  }
225 
233  public function remove($name) {
234  return $this->storage->remove($name);
235  }
236 
244  public function has($name) {
245  return $this->storage->has($name);
246  }
247 
255  public function setLoggedInUser(\ElggUser $user) {
256  $current_user = $this->getLoggedInUser();
257  if ($current_user != $user) {
258  $this->set('guid', $user->guid);
259  $this->logged_in_user = $user;
260  _elgg_services()->sessionCache->clear();
261  _elgg_services()->entityCache->save($user);
262  _elgg_services()->translator->setCurrentLanguage($user->language);
263  }
264  }
265 
272  public function getLoggedInUser() {
273  return $this->logged_in_user;
274  }
275 
282  public function getLoggedInUserGuid() {
283  $user = $this->getLoggedInUser();
284  return $user ? $user->guid : 0;
285  }
286 
292  public function isAdminLoggedIn() {
293  $user = $this->getLoggedInUser();
294 
295  return $user && $user->isAdmin();
296  }
297 
303  public function isLoggedIn() {
304  return (bool) $this->getLoggedInUser();
305  }
306 
313  public function removeLoggedInUser() {
314  $this->logged_in_user = null;
315  $this->remove('guid');
316  _elgg_services()->sessionCache->clear();
317  }
318 
324  public function getIgnoreAccess() {
325  return $this->ignore_access;
326  }
327 
335  public function setIgnoreAccess($ignore = true) {
336 // debug_print_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 5);
337  $prev = $this->ignore_access;
338  $this->ignore_access = $ignore;
339 
340  return $prev;
341  }
342 
348  public function getDisabledEntityVisibility() {
349  return $this->show_disabled_entities;
350  }
351 
359  public function setDisabledEntityVisibility($show = true) {
360  $prev = $this->show_disabled_entities;
361  $this->show_disabled_entities = $show;
362 
363  return $prev;
364  }
365 
374  protected function generateSessionToken() {
375  // Generate a simple token that we store server side
376  if (!$this->has('__elgg_session')) {
377  $this->set('__elgg_session', _elgg_services()->crypto->getRandomString(22));
378  }
379  }
380 
388  public static function getMock() {
389  $storage = new MockArraySessionStorage();
390  $session = new Session($storage);
391  return new self($session);
392  }
393 
404  public static function fromDatabase(Config $config, Database $db) {
405  $params = $config->getCookieConfig()['session'];
406  $options = [
407  // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
408  // constructor, so we must capture and inject it directly.
409  'cache_limiter' => session_cache_limiter(),
410 
411  'name' => $params['name'],
412  'cookie_path' => $params['path'],
413  'cookie_domain' => $params['domain'],
414  'cookie_secure' => $params['secure'],
415  'cookie_httponly' => $params['httponly'],
416  'cookie_lifetime' => $params['lifetime'],
417  ];
418 
419  $handler = new DatabaseSessionHandler($db);
420  $storage = new NativeSessionStorage($options, $handler);
421  $session = new Session($storage);
422  return new self($session);
423  }
424 
434  public static function fromFiles(Config $config) {
435  $params = $config->getCookieConfig()['session'];
436  $options = [
437  // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
438  // constructor, so we must capture and inject it directly.
439  'cache_limiter' => session_cache_limiter(),
440 
441  'name' => $params['name'],
442  'cookie_path' => $params['path'],
443  'cookie_domain' => $params['domain'],
444  'cookie_secure' => $params['secure'],
445  'cookie_httponly' => $params['httponly'],
446  'cookie_lifetime' => $params['lifetime'],
447  ];
448 
449  $storage = new NativeSessionStorage($options);
450  $session = new Session($storage);
451  return new self($session);
452  }
453 }
ElggSession\setId
setId($id)
Set the session ID.
Definition: ElggSession.php:179
Elgg\Traits\Debug\Profilable
trait Profilable
Make an object accept a timer.
Definition: Profilable.php:12
$default
$default
Definition: checkbox.php:31
ElggSession\setName
setName($name)
Set the session name.
Definition: ElggSession.php:200
ElggSession\setLoggedInUser
setLoggedInUser(\ElggUser $user)
Sets the logged in user.
Definition: ElggSession.php:255
ElggSession\has
has($name)
Has the attribute been defined.
Definition: ElggSession.php:244
ElggSession\save
save()
Save the session data and closes the session.
Definition: ElggSession.php:148
$name
if(!$user||!$user->canDelete()) $name
Definition: delete.php:22
$params
$params
Saves global plugin settings.
Definition: save.php:13
$result
$result
Definition: set_maintenance_mode.php:11
ElggSession\setDisabledEntityVisibility
setDisabledEntityVisibility($show=true)
Include disabled entities in queries.
Definition: ElggSession.php:359
Elgg\Database
The Elgg database.
Definition: Database.php:24
ElggSession\generateSessionToken
generateSessionToken()
Adds a token to the session.
Definition: ElggSession.php:374
ElggSession\migrate
migrate($destroy=false)
Migrates the session to a new session id while maintaining session attributes.
Definition: ElggSession.php:121
ElggSession\getName
getName()
Get the session name.
Definition: ElggSession.php:189
ElggSession\isLoggedIn
isLoggedIn()
Returns whether or not the user is currently logged in.
Definition: ElggSession.php:303
ElggSession\removeLoggedInUser
removeLoggedInUser()
Remove the logged in user.
Definition: ElggSession.php:313
void
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
ElggSession\invalidate
invalidate()
Invalidates the session.
Definition: ElggSession.php:133
ElggSession\fromFiles
static fromFiles(Config $config)
Create a session stored in files.
Definition: ElggSession.php:434
ElggSession\getDisabledEntityVisibility
getDisabledEntityVisibility()
Are disabled entities shown?
Definition: ElggSession.php:348
ElggSession\isStarted
isStarted()
Has the session been started.
Definition: ElggSession.php:158
ElggSession\start
start()
Start the session.
Definition: ElggSession.php:103
ElggSession\getLoggedInUserGuid
getLoggedInUserGuid()
Return the current logged in user by guid.
Definition: ElggSession.php:282
$options
$options
Elgg admin footer.
Definition: footer.php:6
$value
$value
Definition: generic.php:51
$config
$config
Advanced site settings, debugging section.
Definition: debugging.php:6
ElggSession\getIgnoreAccess
getIgnoreAccess()
Get current ignore access setting.
Definition: ElggSession.php:324
ElggSession\getLoggedInUser
getLoggedInUser()
Gets the logged in user.
Definition: ElggSession.php:272
$db
foreach($recommendedExtensions as $extension) if(empty(ini_get('session.gc_probability'))||empty(ini_get('session.gc_divisor'))) $db
Definition: requirements.php:92
ElggSession\isAdminLoggedIn
isAdminLoggedIn()
Returns whether or not the viewer is currently logged in and an admin user.
Definition: ElggSession.php:292
$user
$user
Definition: ban.php:7
ElggSession\getID
getID()
Get the session ID.
Definition: ElggSession.php:168
ElggSession\__construct
__construct(SessionInterface $storage)
Constructor.
Definition: ElggSession.php:48
logout
logout()
Log the current user out.
Definition: sessions.php:231
$session
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:28
Elgg\Config\getCookieConfig
getCookieConfig()
Set up and return the cookie configuration array resolved from settings.
Definition: Config.php:415
ElggSession\setIgnoreAccess
setIgnoreAccess($ignore=true)
Set ignore access.
Definition: ElggSession.php:335
Elgg\Traits\Debug\beginTimer
beginTimer(array $keys)
Start the timer (when enabled)
Definition: Profilable.php:46
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:777
ElggSession\getMock
static getMock()
Get an isolated ElggSession that does not persist between requests.
Definition: ElggSession.php:388
ElggSession\boot
boot()
Initializes the session and checks for the remember me cookie.
Definition: ElggSession.php:59
$handler
$handler
Definition: add.php:7
$id
$id
Generic annotation delete action.
Definition: delete.php:6
Elgg\Traits\Debug\endTimer
endTimer(array $keys)
Ends the timer (when enabled)
Definition: Profilable.php:62
ElggSession\fromDatabase
static fromDatabase(Config $config, Database $db)
Create a session stored in the DB.
Definition: ElggSession.php:404
Generated on Thu Jul 7 2022 00:00:18 for Elgg by   doxygen 1.8.11