PersistentLoginService_8php_source.html

 <?php

 namespace Elgg;

 use Elgg\Database\UsersRememberMeCookiesTable;
 use Elgg\Traits\TimeUsing;

 class PersistentLoginService {

     use TimeUsing;

     protected $cookie_config;

     protected $cookie_token;

     protected $session;

     protected $crypto;

     protected $persistent_cookie_table;

     public $_callable_elgg_set_cookie = 'elgg_set_cookie';

     public function __construct(
             UsersRememberMeCookiesTable $cookie_table,
             \ElggSession $session,
             \Elgg\Security\Crypto $crypto,
             \Elgg\Config $config,
             \Elgg\Http\Request $request) {
         $this->persistent_cookie_table = $cookie_table;
         $this->session = $session;
         $this->crypto = $crypto;

         $global_cookies_config = $config->getCookieConfig();

         $this->cookie_config = $global_cookies_config['remember_me'];
         $this->cookie_token = $request->cookies->get($this->cookie_config['name'], '');
     }

     public function makeLoginPersistent(\ElggUser $user): void {
         $token = $this->generateToken();
         $hash = $this->hashToken($token);

         $this->persistent_cookie_table->insertHash($user, $hash);
         $this->setCookie($token);
         $this->setSessionToken($token);
     }

     public function removePersistentLogin(): void {
         if ($this->cookie_token) {
             $client_hash = $this->hashToken($this->cookie_token);
             $this->persistent_cookie_table->deleteHash($client_hash);
         }

         $this->setCookie('');
         $this->setSessionToken('');
     }

     public function handlePasswordChange(\ElggUser $subject, \ElggUser $modifier = null): void {
         $this->persistent_cookie_table->deleteAllHashes($subject);
         if (!$modifier || ($modifier->guid !== $subject->guid) || !$this->cookie_token) {
             return;
         }

         $this->makeLoginPersistent($subject);
     }

     public function bootSession(): ?\ElggUser {
         if (!$this->cookie_token) {
             return null;
         }

         // is this token good?
         $user = $this->getUserFromToken($this->cookie_token);
         if ($user) {
             $this->setSessionToken($this->cookie_token);

             return $user;
         }

         $this->setCookie('');
         return null;
     }

     public function getUserFromToken(string $token): ?\ElggUser {
         if (empty($token)) {
             return null;
         }

         $hash = $this->hashToken($token);
         if (empty($hash)) {
             return null;
         }

         $user_row = $this->persistent_cookie_table->getRowFromHash($hash);
         if (empty($user_row)) {
             return null;
         }

         $user = get_user($user_row->guid);
         return ($user instanceof \ElggUser) ? $user : null;
     }

     public function updateTokenUsage(\ElggUser $user): ?bool {
         if (!$this->cookie_token) {
             return null;
         }

         // update the database record
         // not interested in number of updated rows, as an update in the same second won't update the row
         $this->persistent_cookie_table->updateHash($user, $this->hashToken($this->cookie_token));

         // also update the cookie lifetime client-side
         $this->setCookie($this->cookie_token);

         return true;
     }

     public function removeExpiredTokens($time): bool {
         $time = Values::normalizeTime($time);

         $expires = Values::normalizeTime($this->cookie_config['expire']);
         $diff = $time->diff($expires);

         $time->sub($diff);
         if ($time->getTimestamp() > time()) {
             return false;
         }

         return (bool) $this->persistent_cookie_table->deleteExpiredHashes($time->getTimestamp());
     }

     protected function hashToken(string $token): string {
         // note: with user passwords, you'd want legit password hashing, but since these are randomly
         // generated and long tokens, rainbow tables aren't any help.
         return md5($token);
     }

     protected function setCookie(string $token): void {
         $cookie = new \ElggCookie($this->cookie_config['name']);
         foreach (['expire', 'path', 'domain', 'secure', 'httpOnly'] as $key) {
             $cookie->$key = $this->cookie_config[strtolower($key)];
         }

         $cookie->value = $token;
         if (!$token) {
             $cookie->expire = $this->getCurrentTime('-30 days')->getTimestamp();
         }

         call_user_func($this->_callable_elgg_set_cookie, $cookie);
     }

     protected function setSessionToken(string $token): void {
         if ($token) {
             $this->session->set('code', $token);
         } else {
             $this->session->remove('code');
         }
     }

     protected function generateToken(): string {
         return 'z' . $this->crypto->getRandomString(31);
     }
 }
Elgg\PersistentLoginService\makeLoginPersistent
makeLoginPersistent(\ElggUser $user)
Make the user&#39;s login persistent.
Definition: PersistentLoginService.php:84

Elgg\PersistentLoginService\bootSession
bootSession()
Boot the persistent login session, possibly returning the user who should be silently logged in...
Definition: PersistentLoginService.php:131

Elgg\PersistentLoginService\$session
$session
Definition: PersistentLoginService.php:34

$request
$request
Definition: livesearch.php:12

Elgg\PersistentLoginService\$cookie_token
$cookie_token
Definition: PersistentLoginService.php:29

void
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215

Elgg\Config
Definition: Config.php:138

$time
if(!$annotation instanceof ElggAnnotation) $time
Definition: time.php:20

Elgg\Traits\TimeUsing
trait TimeUsing
Adds methods for setting the current time (for testing)
Definition: TimeUsing.php:10

Elgg\PersistentLoginService\setSessionToken
setSessionToken(string $token)
Store the token in the session (or remove it from the session)
Definition: PersistentLoginService.php:258

ElggSession
Elgg Session Management.
Definition: ElggSession.php:19

Elgg\Database\UsersRememberMeCookiesTable
Manage the users_remember_me_cookies table.
Definition: UsersRememberMeCookiesTable.php:14

$config
$config
Advanced site settings, debugging section.
Definition: debugging.php:6

Elgg\Traits\getCurrentTime
getCurrentTime($modifier= '')
Get the (cloned) time.
Definition: TimeUsing.php:25

Elgg\PersistentLoginService\__construct
__construct(UsersRememberMeCookiesTable $cookie_table,\ElggSession $session,\Elgg\Security\Crypto $crypto,\Elgg\Config $config,\Elgg\Http\Request $request)
Constructor.
Definition: PersistentLoginService.php:61

Elgg
Definition: ActionsService.php:3

Elgg\PersistentLoginService
Definition: PersistentLoginService.php:17

Elgg\PersistentLoginService\$cookie_config
$cookie_config
Definition: PersistentLoginService.php:24

$user
$user
Definition: ban.php:7

$expires
$expires
Definition: security_txt.php:19

Elgg\PersistentLoginService\removeExpiredTokens
removeExpiredTokens($time)
Remove all persistent codes from the database which have expired based on the cookie config...
Definition: PersistentLoginService.php:203

$token
$token
Definition: securitytoken.php:9

get_user
get_user(int $guid)
Elgg users Functions to manage multiple or single users in an Elgg install.
Definition: users.php:16

md5

$key
if($container instanceof ElggGroup &&$container->guid!=elgg_get_page_owner_guid()) $key
Definition: summary.php:44

Elgg\PersistentLoginService\$crypto
$crypto
Definition: PersistentLoginService.php:39

Elgg\PersistentLoginService\generateToken
generateToken()
Generate a random token (base 64 URL)
Definition: PersistentLoginService.php:274

$session
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:29

Elgg\PersistentLoginService\updateTokenUsage
updateTokenUsage(\ElggUser $user)
Update the timestamp linked to a persistent cookie code, this indicates that the code was used recent...
Definition: PersistentLoginService.php:181

Elgg\Request
Request container.
Definition: Request.php:12

Elgg\PersistentLoginService\removePersistentLogin
removePersistentLogin()
Remove the persisted login token from client and server.
Definition: PersistentLoginService.php:98

Elgg\PersistentLoginService\setCookie
setCookie(string $token)
Store the token in the client cookie (or remove the cookie)
Definition: PersistentLoginService.php:237

Elgg\PersistentLoginService\hashToken
hashToken(string $token)
Create a hash from the token.
Definition: PersistentLoginService.php:224

Elgg\PersistentLoginService\handlePasswordChange
handlePasswordChange(\ElggUser $subject,\ElggUser $modifier=null)
Handle a password change.
Definition: PersistentLoginService.php:116

UsersRememberMeCookiesTable

Elgg\PersistentLoginService\$persistent_cookie_table
$persistent_cookie_table
Definition: PersistentLoginService.php:44

$subject
$subject
Definition: useradd.php:54

Elgg\PersistentLoginService\getUserFromToken
getUserFromToken(string $token)
Get a user from a persistent cookie token.
Definition: PersistentLoginService.php:155

ElggUser
Definition: ElggUser.php:28