Elgg  Version 6.2
SessionManagerService.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
5 use Elgg\Cache\AccessCache;
6 use Elgg\Cache\EntityCache;
7 use Elgg\Exceptions\LoginException;
8 use Elgg\Exceptions\SecurityException;
9 use Elgg\I18n\Translator;
10 
16 class SessionManagerService {
17 
18  protected bool $ignore_access = false;
19 
20  protected ?\ElggUser $logged_in_user = null;
21 
22  protected bool $show_disabled_entities = false;
23 
24  protected bool $show_deleted_entities = false;
25 
36  public function __construct(
37  protected \ElggSession $session,
38  protected EventsService $events,
39  protected Translator $translator,
40  protected PersistentLoginService $persistent_login,
41  protected AccessCache $access_cache,
42  protected EntityCache $entity_cache
43  ) {
44  }
45 
51  public function getIgnoreAccess(): bool {
52  return $this->ignore_access;
53  }
54 
62  public function setIgnoreAccess(bool $ignore = true): bool {
63  $prev = $this->ignore_access;
64  $this->ignore_access = $ignore;
65 
66  return $prev;
67  }
68 
74  public function getDisabledEntityVisibility(): bool {
75  return $this->show_disabled_entities;
76  }
77 
85  public function setDisabledEntityVisibility(bool $show = true): bool {
86  $prev = $this->show_disabled_entities;
87  $this->show_disabled_entities = $show;
88 
89  return $prev;
90  }
91 
98  public function getDeletedEntityVisibility(): bool {
99  return $this->show_deleted_entities;
100  }
101 
110  public function setDeletedEntityVisibility(bool $show = true): bool {
111  $prev = $this->show_deleted_entities;
112  $this->show_deleted_entities = $show;
113 
114  return $prev;
115  }
116 
127  public function setUserToken(?\ElggUser $user = null): void {
128  if (!$user instanceof \ElggUser) {
129  $user = $this->getLoggedInUser();
130  }
131 
132  if (!$user instanceof \ElggUser) {
133  return;
134  }
135 
136  $this->session->set('__user_token', $this->generateUserToken($user));
137  }
138 
148  public function validateUserToken(\ElggUser $user): void {
149  $session_token = $this->session->get('__user_token');
150  $user_token = $this->generateUserToken($user);
151 
152  if ($session_token !== $user_token) {
153  throw new SecurityException($this->translator->translate('session_expired'));
154  }
155  }
156 
165  protected function generateUserToken(\ElggUser $user): string {
166  $hmac = _elgg_services()->hmac->getHmac([
167  $user->time_created,
168  $user->guid,
169  ], 'sha256', $user->password_hash);
170 
171  return $hmac->getToken();
172  }
173 
184  public function login(\ElggUser $user, bool $persistent = false): void {
185  if ($user->isBanned()) {
186  throw new LoginException($this->translator->translate('LoginException:BannedUser'));
187  }
188 
189  // check before updating last login to determine first login
190  $first_login = empty($user->last_login);
191 
192  $this->events->triggerSequence('login', 'user', $user, function(\ElggUser $user) use ($persistent) {
193  if (!$user->isEnabled()) {
194  return false;
195  }
196 
197  $this->setLoggedInUser($user, true);
198  $this->setUserToken($user);
199 
200  // re-register at least the core language file for users with language other than site default
201  $this->translator->registerTranslations(\Elgg\Project\Paths::elgg() . 'languages/');
202 
203  // if remember me checked, set cookie with token and store hash(token) for user
204  if ($persistent) {
205  $this->persistent_login->makeLoginPersistent($user);
206  }
207 
208  // User's privilege has been elevated, so change the session id (prevents session fixation)
209  $this->session->migrate();
210 
211  $user->setLastLogin();
212 
213  _elgg_services()->accounts->resetAuthenticationFailures($user); // can't inject DI service because of circular reference
214 
215  return true;
216  });
217 
218  if (!$user->isEnabled()) {
219  $this->removeLoggedInUser();
220 
221  throw new LoginException($this->translator->translate('LoginException:DisabledUser'));
222  }
223 
224  if (!elgg_is_logged_in()) {
225  // login might be prevented without throwing a custom exception
226  throw new LoginException($this->translator->translate('LoginException:Unknown'));
227  }
228 
229  if ($first_login) {
230  $this->events->trigger('login:first', 'user', $user);
231  $user->first_login = time();
232  }
233  }
234 
241  public function logout(): bool {
242  $user = $this->getLoggedInUser();
243  if (!$user instanceof \ElggUser) {
244  return false;
245  }
246 
247  if (!$this->events->triggerBefore('logout', 'user', $user)) {
248  return false;
249  }
250 
251  $this->persistent_login->removePersistentLogin();
252 
253  // pass along any messages into new session
254  $old_msg = $this->session->get(SystemMessagesService::SESSION_KEY, []);
255  $this->session->invalidate();
256 
257  $this->logged_in_user = null;
258 
259  $this->session->set(SystemMessagesService::SESSION_KEY, $old_msg);
260 
261  $this->events->triggerAfter('logout', 'user', $user);
262 
263  return true;
264  }
265 
275  public function setLoggedInUser(\ElggUser $user, ?bool $migrate = null): void {
276  $current_user = $this->getLoggedInUser();
277  if ($current_user != $user) {
278  if (!isset($migrate)) {
279  $migrate = !\Elgg\Application::isCli();
280  }
281 
282  if ($migrate) {
283  $this->session->migrate(true);
284  }
285 
286  $this->session->set('guid', $user->guid);
287  $this->logged_in_user = $user;
288  $this->access_cache->clear();
289  $this->entity_cache->save($user->guid, $user);
290  $this->translator->setCurrentLanguage($user->language);
291  }
292  }
293 
301  public function getLoggedInUser(): ?\ElggUser {
302  return $this->logged_in_user;
303  }
304 
310  public function getLoggedInUserGuid(): int {
311  $user = $this->getLoggedInUser();
312  return $user ? $user->guid : 0;
313  }
314 
320  public function isAdminLoggedIn(): bool {
321  $user = $this->getLoggedInUser();
322 
323  return $user && $user->isAdmin();
324  }
325 
331  public function isLoggedIn(): bool {
332  return (bool) $this->getLoggedInUser();
333  }
334 
341  public function removeLoggedInUser(): void {
342  $this->logged_in_user = null;
343  $this->session->remove('guid');
344  $this->access_cache->clear();
345  }
346 }
elgg
elgg
Definition: install.js:27
Elgg\SessionManagerService\getLoggedInUser
getLoggedInUser()
Gets the logged-in user.
Definition: SessionManagerService.php:301
elgg_is_logged_in
elgg_is_logged_in()
Returns whether or not the user is currently logged in.
Definition: sessions.php:43
Elgg\SessionManagerService\setUserToken
setUserToken(?\ElggUser $user=null)
Set a user specific token in the session for the currently logged-in user.
Definition: SessionManagerService.php:127
Elgg\Exceptions\LoginException
Generic parent class for login exceptions.
Definition: LoginException.php:12
void
c Accompany it with the information you received as to the offer to distribute corresponding source complete source code means all the source code for all modules it plus any associated interface definition plus the scripts used to control compilation and installation of the executable as a special the source code distributed need not include anything that is normally and so on of the operating system on which the executable unless that component itself accompanies the executable If distribution of executable or object code is made by offering access to copy from a designated then offering equivalent access to copy the source code from the same place counts as distribution of the source even though third parties are not compelled to copy the source along with the object code You may not or distribute the Program except as expressly provided under this License Any attempt otherwise to sublicense or distribute the Program is void
Definition: LICENSE.txt:215
Elgg\SessionManagerService\login
login(\ElggUser $user, bool $persistent=false)
Log in a user.
Definition: SessionManagerService.php:184
Elgg\EventsService
Events service.
Definition: EventsService.php:15
Elgg\SessionManagerService\isAdminLoggedIn
isAdminLoggedIn()
Returns whether the viewer is currently logged-in and an admin user.
Definition: SessionManagerService.php:320
Elgg\SessionManagerService\logout
logout()
Log the current user out.
Definition: SessionManagerService.php:241
ElggUser\setLastLogin
setLastLogin()
Sets the last logon time of the user to right now.
Definition: ElggUser.php:235
Elgg\SessionManagerService\getDisabledEntityVisibility
getDisabledEntityVisibility()
Are disabled entities shown?
Definition: SessionManagerService.php:74
Elgg\SessionManagerService\removeLoggedInUser
removeLoggedInUser()
Remove the logged-in user.
Definition: SessionManagerService.php:341
Elgg\SessionManagerService\isLoggedIn
isLoggedIn()
Returns whether the user is currently logged-in.
Definition: SessionManagerService.php:331
Elgg\SessionManagerService\setDisabledEntityVisibility
setDisabledEntityVisibility(bool $show=true)
Include disabled entities in queries.
Definition: SessionManagerService.php:85
ElggSession
Elgg Session Management.
Definition: ElggSession.php:19
Elgg\SessionManagerService\getDeletedEntityVisibility
getDeletedEntityVisibility()
Are deleted entities shown?
Definition: SessionManagerService.php:98
Elgg\SessionManagerService\__construct
__construct(protected\ElggSession $session, protected EventsService $events, protected Translator $translator, protected PersistentLoginService $persistent_login, protected AccessCache $access_cache, protected EntityCache $entity_cache)
Constructor.
Definition: SessionManagerService.php:36
Elgg\Exceptions\SecurityException
Throw when a Security Exception occurs.
Definition: SecurityException.php:10
$hmac
if(empty($entity_guid)||empty($recipient)||empty($muted_settings)||empty($hmac_token)) $hmac
Definition: mute.php:18
Elgg\Application\isCli
static isCli()
Is application running in CLI.
Definition: Application.php:637
Elgg\Cache\EntityCache
Volatile cache for entities.
Definition: EntityCache.php:12
Elgg\SessionManagerService\validateUserToken
validateUserToken(\ElggUser $user)
Validate the user token stored in the session.
Definition: SessionManagerService.php:148
$user
$user
Definition: ban.php:7
Elgg\SessionManagerService\setDeletedEntityVisibility
setDeletedEntityVisibility(bool $show=true)
Include deleted entities in queries.
Definition: SessionManagerService.php:110
Elgg\SessionManagerService\getLoggedInUserGuid
getLoggedInUserGuid()
Return the current logged-in user by guid.
Definition: SessionManagerService.php:310
ElggEntity\isEnabled
isEnabled()
Is this entity enabled?
Definition: ElggEntity.php:1000
$session
if(isset($_COOKIE['elggperm'])) $session
Definition: login_as.php:29
Elgg\SessionManagerService\setIgnoreAccess
setIgnoreAccess(bool $ignore=true)
Set ignore access.
Definition: SessionManagerService.php:62
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353
$persistent
$persistent
Definition: login_as.php:21
Elgg\SessionManagerService\getIgnoreAccess
getIgnoreAccess()
Get current ignore access setting.
Definition: SessionManagerService.php:51
ElggUser\isBanned
isBanned()
Is this user banned or not?
Definition: ElggUser.php:173
LoginException
Login as the specified user.
Elgg\SessionManagerService\generateUserToken
generateUserToken(\ElggUser $user)
Generate a token for a specific user.
Definition: SessionManagerService.php:165
Elgg\SessionManagerService\setLoggedInUser
setLoggedInUser(\ElggUser $user,?bool $migrate=null)
Sets the logged-in user.
Definition: SessionManagerService.php:275
Generated on Fri Aug 1 2025 00:00:13 for Elgg by   doxygen 1.8.11