SessionManagerService_8php_source.html

 <?php

 namespace Elgg;

 use Elgg\Cache\EntityCache;
 use Elgg\Cache\SessionCache;
 use Elgg\Exceptions\LoginException;
 use Elgg\Exceptions\SecurityException;
 use Elgg\I18n\Translator;

 class SessionManagerService {

     protected $entity_cache;

     protected $events;

     protected $ignore_access = false;

     protected $logged_in_user;

     protected $persistent_login;

     protected $show_disabled_entities = false;

     protected $session;

     protected $session_cache;

     protected $translator;

     public function __construct(
         \ElggSession $session,
         EventsService $events,
         Translator $translator,
         PersistentLoginService $persistent_login,
         SessionCache $session_cache,
         EntityCache $entity_cache
         ) {
         $this->session = $session;
         $this->events = $events;
         $this->translator = $translator;
         $this->persistent_login = $persistent_login;
         $this->session_cache = $session_cache;
         $this->entity_cache = $entity_cache;
     }

     public function getIgnoreAccess(): bool {
         return $this->ignore_access;
     }

     public function setIgnoreAccess(bool $ignore = true): bool {
         $prev = $this->ignore_access;
         $this->ignore_access = $ignore;

         return $prev;
     }

     public function getDisabledEntityVisibility(): bool {
         return $this->show_disabled_entities;
     }

     public function setDisabledEntityVisibility(bool $show = true): bool {
         $prev = $this->show_disabled_entities;
         $this->show_disabled_entities = $show;

         return $prev;
     }

     public function setUserToken(\ElggUser $user = null): void {
         if (!$user instanceof \ElggUser) {
             $user = $this->getLoggedInUser();
         }

         if (!$user instanceof \ElggUser) {
             return;
         }

         $this->session->set('__user_token', $this->generateUserToken($user));
     }

     public function validateUserToken(\ElggUser $user): void {
         $session_token = $this->session->get('__user_token');
         $user_token = $this->generateUserToken($user);

         if ($session_token !== $user_token) {
             throw new SecurityException($this->translator->translate('session_expired'));
         }
     }

     protected function generateUserToken(\ElggUser $user): string {
         $hmac = _elgg_services()->hmac->getHmac([
             $user->time_created,
             $user->guid,
         ], 'sha256', $user->password_hash);

         return $hmac->getToken();
     }

     public function login(\ElggUser $user, bool $persistent = false): void {
         if ($user->isBanned()) {
             throw new LoginException($this->translator->translate('LoginException:BannedUser'));
         }

         // give plugins a chance to reject the login of this user (no user in session!)
         if (!$this->events->triggerBefore('login', 'user', $user)) {
             throw new LoginException($this->translator->translate('LoginException:Unknown'));
         }

         if (!$user->isEnabled()) {
             // fallback if no plugin provided a reason
             throw new LoginException($this->translator->translate('LoginException:DisabledUser'));
         }

         // #5933: set logged in user early so code in login event will be able to
         // use elgg_get_logged_in_user_entity().
         $this->setLoggedInUser($user);
         $this->setUserToken($user);

         // re-register at least the core language file for users with language other than site default
         $this->translator->registerTranslations(\Elgg\Project\Paths::elgg() . 'languages/');

         // if remember me checked, set cookie with token and store hash(token) for user
         if ($persistent) {
             $this->persistent_login->makeLoginPersistent($user);
         }

         // User's privilege has been elevated, so change the session id (prevents session fixation)
         $this->session->migrate();

         // check before updating last login to determine first login
         $first_login = empty($user->last_login);

         $user->setLastLogin();
         _elgg_services()->accounts->resetAuthenticationFailures($user); // can't inject DI service because of circular reference

         $this->events->triggerAfter('login', 'user', $user);

         if ($first_login) {
             $this->events->trigger('login:first', 'user', $user);
             $user->first_login = time();
         }
     }

     public function logout(): bool {
         $user = $this->getLoggedInUser();
         if (!$user instanceof \ElggUser) {
             return false;
         }

         if (!$this->events->triggerBefore('logout', 'user', $user)) {
             return false;
         }

         $this->persistent_login->removePersistentLogin();

         // pass along any messages into new session
         $old_msg = $this->session->get(SystemMessagesService::SESSION_KEY, []);
         $this->session->invalidate();

         $this->logged_in_user = null;

         $this->session->set(SystemMessagesService::SESSION_KEY, $old_msg);

         $this->events->triggerAfter('logout', 'user', $user);

         return true;
     }

     public function setLoggedInUser(\ElggUser $user): void {
         $current_user = $this->getLoggedInUser();
         if ($current_user != $user) {
             $this->session->set('guid', $user->guid);
             $this->logged_in_user = $user;
             $this->session_cache->clear();
             $this->entity_cache->save($user);
             $this->translator->setCurrentLanguage($user->language);
         }
     }

     public function getLoggedInUser(): ?\ElggUser {
         return $this->logged_in_user;
     }

     public function getLoggedInUserGuid(): int {
         $user = $this->getLoggedInUser();
         return $user ? $user->guid : 0;
     }

     public function isAdminLoggedIn(): bool {
         $user = $this->getLoggedInUser();

         return $user && $user->isAdmin();
     }

     public function isLoggedIn(): bool {
         return (bool) $this->getLoggedInUser();
     }

     public function removeLoggedInUser(): void {
         $this->logged_in_user = null;
         $this->session->remove('guid');
         $this->session_cache->clear();
     }
 }
Elgg\SessionManagerService\getLoggedInUser
getLoggedInUser()
Gets the logged in user.
Definition: SessionManagerService.php:303

Translator

Elgg\Exceptions\LoginException
Generic parent class for login exceptions.
Definition: LoginException.php:12

Elgg\Cache\SessionCache
Definition: SessionCache.php:12

void
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215

Elgg\SessionManagerService\login
login(\ElggUser $user, bool $persistent=false)
Log in a user.
Definition: SessionManagerService.php:202

Elgg\EventsService
Events service.
Definition: EventsService.php:15

Elgg\SessionManagerService\$session
$session
Definition: SessionManagerService.php:51

Elgg\SessionManagerService\isAdminLoggedIn
isAdminLoggedIn()
Returns whether or not the viewer is currently logged in and an admin user.
Definition: SessionManagerService.php:322

Elgg\SessionManagerService\logout
logout()
Log the current user out.
Definition: SessionManagerService.php:253

ElggUser\setLastLogin
setLastLogin()
Sets the last logon time of the user to right now.
Definition: ElggUser.php:240

Elgg\SessionManagerService\$persistent_login
$persistent_login
Definition: SessionManagerService.php:41

Elgg\SessionManagerService\getDisabledEntityVisibility
getDisabledEntityVisibility()
Are disabled entities shown?
Definition: SessionManagerService.php:117

Elgg\SessionManagerService\removeLoggedInUser
removeLoggedInUser()
Remove the logged in user.
Definition: SessionManagerService.php:343

EntityCache

Elgg\SessionManagerService\setUserToken
setUserToken(\ElggUser $user=null)
Set a user specific token in the session for the currently logged in user.
Definition: SessionManagerService.php:145

Elgg\SessionManagerService\isLoggedIn
isLoggedIn()
Returns whether or not the user is currently logged in.
Definition: SessionManagerService.php:333

Elgg\SessionManagerService\setDisabledEntityVisibility
setDisabledEntityVisibility(bool $show=true)
Include disabled entities in queries.
Definition: SessionManagerService.php:128

ElggSession
Elgg Session Management.
Definition: ElggSession.php:19

Elgg\SessionManagerService\$logged_in_user
$logged_in_user
Definition: SessionManagerService.php:36

SessionCache

Elgg\I18n\Translator
Translator.
Definition: Translator.php:16

Elgg\Exceptions\SecurityException
Throw when a Security Exception occurs.
Definition: SecurityException.php:10

Elgg\SessionManagerService
Session manager.
Definition: SessionManagerService.php:16

Elgg
Definition: ActionsService.php:3

$hmac
if(empty($entity_guid)||empty($recipient)||empty($muted_settings)||empty($hmac_token)) $hmac
Definition: mute.php:18

SecurityException

Elgg\Cache\EntityCache
Volatile cache for entities.
Definition: EntityCache.php:10

Elgg\SessionManagerService\$entity_cache
$entity_cache
Definition: SessionManagerService.php:21

Elgg\PersistentLoginService
Definition: PersistentLoginService.php:17

Elgg\SessionManagerService\validateUserToken
validateUserToken(\ElggUser $user)
Validate the user token stored in the session.
Definition: SessionManagerService.php:166

$user
$user
Definition: ban.php:7

Elgg\SessionManagerService\getLoggedInUserGuid
getLoggedInUserGuid()
Return the current logged in user by guid.
Definition: SessionManagerService.php:312

ElggEntity\isEnabled
isEnabled()
Is this entity enabled?
Definition: ElggEntity.php:1642

$session
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:29

Elgg\SessionManagerService\__construct
__construct(\ElggSession $session, EventsService $events, Translator $translator, PersistentLoginService $persistent_login, SessionCache $session_cache, EntityCache $entity_cache)
Constructor.
Definition: SessionManagerService.php:73

Elgg\SessionManagerService\setLoggedInUser
setLoggedInUser(\ElggUser $user)
Sets the logged in user.
Definition: SessionManagerService.php:285

Elgg\SessionManagerService\setIgnoreAccess
setIgnoreAccess(bool $ignore=true)
Set ignore access.
Definition: SessionManagerService.php:105

_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:346

$persistent
$persistent
Definition: login_as.php:21

Elgg\SessionManagerService\getIgnoreAccess
getIgnoreAccess()
Get current ignore access setting.
Definition: SessionManagerService.php:94

ElggUser\isBanned
isBanned()
Is this user banned or not?
Definition: ElggUser.php:178

Elgg\SessionManagerService\$events
$events
Definition: SessionManagerService.php:26

Elgg\SessionManagerService\$session_cache
$session_cache
Definition: SessionManagerService.php:56

LoginException
Login as the specified user.

elgg
var elgg
Definition: elgglib.js:4

Elgg\SessionManagerService\generateUserToken
generateUserToken(\ElggUser $user)
Generate a token for a specific user.
Definition: SessionManagerService.php:183

Elgg\SessionManagerService\$translator
$translator
Definition: SessionManagerService.php:61

ElggUser
Definition: ElggUser.php:28