Elgg  Version 6.2
SessionManagerService.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
5 use Elgg\Cache\AccessCache;
6 use Elgg\Cache\EntityCache;
7 use Elgg\Exceptions\LoginException;
8 use Elgg\Exceptions\SecurityException;
9 use Elgg\I18n\Translator;
10 
16 class SessionManagerService {
17 
18  protected bool $ignore_access = false;
19 
20  protected ?\ElggUser $logged_in_user = null;
21 
22  protected bool $show_disabled_entities = false;
23 
24  protected bool $show_deleted_entities = false;
25 
36  public function __construct(
37  protected \ElggSession $session,
38  protected EventsService $events,
39  protected Translator $translator,
40  protected PersistentLoginService $persistent_login,
41  protected AccessCache $access_cache,
42  protected EntityCache $entity_cache
43  ) {
44  }
45 
51  public function getIgnoreAccess(): bool {
52  return $this->ignore_access;
53  }
54 
62  public function setIgnoreAccess(bool $ignore = true): bool {
63  $prev = $this->ignore_access;
64  $this->ignore_access = $ignore;
65 
66  return $prev;
67  }
68 
74  public function getDisabledEntityVisibility(): bool {
75  return $this->show_disabled_entities;
76  }
77 
85  public function setDisabledEntityVisibility(bool $show = true): bool {
86  $prev = $this->show_disabled_entities;
87  $this->show_disabled_entities = $show;
88 
89  return $prev;
90  }
91 
98  public function getDeletedEntityVisibility(): bool {
99  return $this->show_deleted_entities;
100  }
101 
110  public function setDeletedEntityVisibility(bool $show = true): bool {
111  $prev = $this->show_deleted_entities;
112  $this->show_deleted_entities = $show;
113 
114  return $prev;
115  }
116 
127  public function setUserToken(?\ElggUser $user = null): void {
128  if (!$user instanceof \ElggUser) {
129  $user = $this->getLoggedInUser();
130  }
131 
132  if (!$user instanceof \ElggUser) {
133  return;
134  }
135 
136  $this->session->set('__user_token', $this->generateUserToken($user));
137  }
138 
148  public function validateUserToken(\ElggUser $user): void {
149  $session_token = $this->session->get('__user_token');
150  $user_token = $this->generateUserToken($user);
151 
152  if ($session_token !== $user_token) {
153  throw new SecurityException($this->translator->translate('session_expired'));
154  }
155  }
156 
165  protected function generateUserToken(\ElggUser $user): string {
166  $hmac = _elgg_services()->hmac->getHmac([
167  $user->time_created,
168  $user->guid,
169  ], 'sha256', $user->password_hash);
170 
171  return $hmac->getToken();
172  }
173 
184  public function login(\ElggUser $user, bool $persistent = false): void {
185  if ($user->isBanned()) {
186  throw new LoginException($this->translator->translate('LoginException:BannedUser'));
187  }
188 
189  // check before updating last login to determine first login
190  $first_login = empty($user->last_login);
191 
192  $this->events->triggerSequence('login', 'user', $user, function(\ElggUser $user) use ($persistent) {
193  if (!$user->isEnabled()) {
194  return false;
195  }
196 
197  $this->setLoggedInUser($user, true);
198  $this->setUserToken($user);
199 
200  // re-register at least the core language file for users with language other than site default
201  $this->translator->registerTranslations(\Elgg\Project\Paths::elgg() . 'languages/');
202 
203  // if remember me checked, set cookie with token and store hash(token) for user
204  if ($persistent) {
205  $this->persistent_login->makeLoginPersistent($user);
206  }
207 
208  // User's privilege has been elevated, so change the session id (prevents session fixation)
209  $this->session->migrate();
210 
211  $user->setLastLogin();
212 
213  _elgg_services()->accounts->resetAuthenticationFailures($user); // can't inject DI service because of circular reference
214 
215  return true;
216  });
217 
218  if (!$user->isEnabled()) {
219  $this->removeLoggedInUser();
220 
221  throw new LoginException($this->translator->translate('LoginException:DisabledUser'));
222  }
223 
224  if (!elgg_is_logged_in()) {
225  // login might be prevented without throwing a custom exception
226  throw new LoginException($this->translator->translate('LoginException:Unknown'));
227  }
228 
229  if ($first_login) {
230  $this->events->trigger('login:first', 'user', $user);
231  $user->first_login = time();
232  }
233  }
234 
241  public function logout(): bool {
242  $user = $this->getLoggedInUser();
243  if (!$user instanceof \ElggUser) {
244  return false;
245  }
246 
247  if (!$this->events->triggerBefore('logout', 'user', $user)) {
248  return false;
249  }
250 
251  $this->persistent_login->removePersistentLogin();
252 
253  // pass along any messages into new session
254  $old_msg = $this->session->get(SystemMessagesService::SESSION_KEY, []);
255  $this->session->invalidate();
256 
257  $this->logged_in_user = null;
258 
259  $this->session->set(SystemMessagesService::SESSION_KEY, $old_msg);
260 
261  $this->events->triggerAfter('logout', 'user', $user);
262 
263  return true;
264  }
265 
275  public function setLoggedInUser(\ElggUser $user, ?bool $migrate = null): void {
276  $current_user = $this->getLoggedInUser();
277  if ($current_user != $user) {
278  if (!isset($migrate)) {
279  $migrate = !\Elgg\Application::isCli();
280  }
281 
282  if ($migrate) {
283  $this->session->migrate(true);
284  }
285 
286  $this->session->set('guid', $user->guid);
287  $this->logged_in_user = $user;
288  $this->access_cache->clear();
289  $this->entity_cache->save($user->guid, $user);
290  $this->translator->setCurrentLanguage($user->language);
291  }
292  }
293 
301  public function getLoggedInUser(): ?\ElggUser {
302  return $this->logged_in_user;
303  }
304 
310  public function getLoggedInUserGuid(): int {
311  $user = $this->getLoggedInUser();
312  return $user ? $user->guid : 0;
313  }
314 
320  public function isAdminLoggedIn(): bool {
321  $user = $this->getLoggedInUser();
322 
323  return $user && $user->isAdmin();
324  }
325 
331  public function isLoggedIn(): bool {
332  return (bool) $this->getLoggedInUser();
333  }
334 
341  public function removeLoggedInUser(): void {
342  $this->logged_in_user = null;
343  $this->session->remove('guid');
344  $this->access_cache->clear();
345  }
346 }
$hmac
if(empty($entity_guid)||empty($recipient)||empty($muted_settings)||empty($hmac_token)) $hmac
Definition: mute.php:18
return
return[ 'admin/delete_admin_notices'=>['access'=> 'admin'], 'admin/menu/save'=>['access'=> 'admin'], 'admin/plugins/activate'=>['access'=> 'admin'], 'admin/plugins/activate_all'=>['access'=> 'admin'], 'admin/plugins/deactivate'=>['access'=> 'admin'], 'admin/plugins/deactivate_all'=>['access'=> 'admin'], 'admin/plugins/set_priority'=>['access'=> 'admin'], 'admin/security/security_txt'=>['access'=> 'admin'], 'admin/security/settings'=>['access'=> 'admin'], 'admin/security/regenerate_site_secret'=>['access'=> 'admin'], 'admin/site/cache/invalidate'=>['access'=> 'admin'], 'admin/site/flush_cache'=>['access'=> 'admin'], 'admin/site/icons'=>['access'=> 'admin'], 'admin/site/set_maintenance_mode'=>['access'=> 'admin'], 'admin/site/set_robots'=>['access'=> 'admin'], 'admin/site/theme'=>['access'=> 'admin'], 'admin/site/unlock_upgrade'=>['access'=> 'admin'], 'admin/site/settings'=>['access'=> 'admin'], 'admin/upgrade'=>['access'=> 'admin'], 'admin/upgrade/reset'=>['access'=> 'admin'], 'admin/user/ban'=>['access'=> 'admin'], 'admin/user/bulk/ban'=>['access'=> 'admin'], 'admin/user/bulk/delete'=>['access'=> 'admin'], 'admin/user/bulk/unban'=>['access'=> 'admin'], 'admin/user/bulk/validate'=>['access'=> 'admin'], 'admin/user/change_email'=>['access'=> 'admin'], 'admin/user/delete'=>['access'=> 'admin'], 'admin/user/login_as'=>['access'=> 'admin'], 'admin/user/logout_as'=>[], 'admin/user/makeadmin'=>['access'=> 'admin'], 'admin/user/resetpassword'=>['access'=> 'admin'], 'admin/user/removeadmin'=>['access'=> 'admin'], 'admin/user/unban'=>['access'=> 'admin'], 'admin/user/validate'=>['access'=> 'admin'], 'annotation/delete'=>[], 'avatar/upload'=>[], 'comment/save'=>[], 'diagnostics/download'=>['access'=> 'admin'], 'entity/chooserestoredestination'=>[], 'entity/delete'=>[], 'entity/mute'=>[], 'entity/restore'=>[], 'entity/subscribe'=>[], 'entity/trash'=>[], 'entity/unmute'=>[], 'entity/unsubscribe'=>[], 'login'=>['access'=> 'logged_out'], 'logout'=>[], 'notifications/mute'=>['access'=> 'public'], 'plugins/settings/remove'=>['access'=> 'admin'], 'plugins/settings/save'=>['access'=> 'admin'], 'plugins/usersettings/save'=>[], 'register'=>['access'=> 'logged_out', 'middleware'=>[\Elgg\Router\Middleware\RegistrationAllowedGatekeeper::class,],], 'river/delete'=>[], 'settings/notifications'=>[], 'settings/notifications/subscriptions'=>[], 'user/changepassword'=>['access'=> 'public'], 'user/requestnewpassword'=>['access'=> 'public'], 'useradd'=>['access'=> 'admin'], 'usersettings/save'=>[], 'widgets/add'=>[], 'widgets/delete'=>[], 'widgets/move'=>[], 'widgets/save'=>[],]
Definition: actions.php:73
$user
$user
Definition: ban.php:7
ElggSession
Elgg Session Management.
Definition: ElggSession.php:19
Elgg\Application\isCli
static isCli()
Is application running in CLI.
Definition: Application.php:637
Elgg\Cache\EntityCache
Volatile cache for entities.
Definition: EntityCache.php:12
Elgg\EventsService
Events service.
Definition: EventsService.php:15
Elgg\Exceptions\LoginException
Generic parent class for login exceptions.
Definition: LoginException.php:12
Elgg\Exceptions\SecurityException
Throw when a Security Exception occurs.
Definition: SecurityException.php:10
Elgg\PersistentLoginService
\Elgg\PersistentLoginService
Definition: PersistentLoginService.php:17
Elgg\SessionManagerService\getDeletedEntityVisibility
getDeletedEntityVisibility()
Are deleted entities shown?
Definition: SessionManagerService.php:98
Elgg\SessionManagerService\validateUserToken
validateUserToken(\ElggUser $user)
Validate the user token stored in the session.
Definition: SessionManagerService.php:148
Elgg\SessionManagerService\setDisabledEntityVisibility
setDisabledEntityVisibility(bool $show=true)
Include disabled entities in queries.
Definition: SessionManagerService.php:85
Elgg\SessionManagerService\getDisabledEntityVisibility
getDisabledEntityVisibility()
Are disabled entities shown?
Definition: SessionManagerService.php:74
Elgg\SessionManagerService\getLoggedInUserGuid
getLoggedInUserGuid()
Return the current logged-in user by guid.
Definition: SessionManagerService.php:310
Elgg\SessionManagerService\getIgnoreAccess
getIgnoreAccess()
Get current ignore access setting.
Definition: SessionManagerService.php:51
Elgg\SessionManagerService\login
login(\ElggUser $user, bool $persistent=false)
Log in a user.
Definition: SessionManagerService.php:184
Elgg\SessionManagerService\__construct
__construct(protected \ElggSession $session, protected EventsService $events, protected Translator $translator, protected PersistentLoginService $persistent_login, protected AccessCache $access_cache, protected EntityCache $entity_cache)
Constructor.
Definition: SessionManagerService.php:36
Elgg\SessionManagerService\generateUserToken
generateUserToken(\ElggUser $user)
Generate a token for a specific user.
Definition: SessionManagerService.php:165
Elgg\SessionManagerService\removeLoggedInUser
removeLoggedInUser()
Remove the logged-in user.
Definition: SessionManagerService.php:341
Elgg\SessionManagerService\getLoggedInUser
getLoggedInUser()
Gets the logged-in user.
Definition: SessionManagerService.php:301
Elgg\SessionManagerService\isAdminLoggedIn
isAdminLoggedIn()
Returns whether the viewer is currently logged-in and an admin user.
Definition: SessionManagerService.php:320
Elgg\SessionManagerService\setUserToken
setUserToken(?\ElggUser $user=null)
Set a user specific token in the session for the currently logged-in user.
Definition: SessionManagerService.php:127
Elgg\SessionManagerService\logout
logout()
Log the current user out.
Definition: SessionManagerService.php:241
Elgg\SessionManagerService\setDeletedEntityVisibility
setDeletedEntityVisibility(bool $show=true)
Include deleted entities in queries.
Definition: SessionManagerService.php:110
Elgg\SessionManagerService\isLoggedIn
isLoggedIn()
Returns whether the user is currently logged-in.
Definition: SessionManagerService.php:331
Elgg\SessionManagerService\setLoggedInUser
setLoggedInUser(\ElggUser $user, ?bool $migrate=null)
Sets the logged-in user.
Definition: SessionManagerService.php:275
Elgg\SessionManagerService\setIgnoreAccess
setIgnoreAccess(bool $ignore=true)
Set ignore access.
Definition: SessionManagerService.php:62
elgg
elgg()
Bootstrapping and helper procedural code available for use in Elgg core and plugins.
Definition: elgglib.php:12
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353
$persistent
$persistent
Definition: login_as.php:21
$session
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:29
if
if(parse_url(elgg_get_site_url(), PHP_URL_PATH) !=='/') if(file_exists(elgg_get_root_path() . 'robots.txt'))
Set robots.txt.
Definition: robots.php:10
elgg_is_logged_in
elgg_is_logged_in()
Returns whether or not the user is currently logged in.
Definition: sessions.php:43
Generated on Fri Aug 22 2025 00:00:19 for Elgg by doxygen 1.9.1