2013-02-18 03:48:21 +01:00
|
|
|
<?php
|
|
|
|
|
2016-08-25 03:17:58 +02:00
|
|
|
namespace Miniflux\Session;
|
2013-02-18 03:48:21 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
use Miniflux\Helper;
|
2013-02-18 03:48:21 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
class SessionManager
|
2013-02-18 03:48:21 +01:00
|
|
|
{
|
2016-12-26 15:44:53 +01:00
|
|
|
const SESSION_LIFETIME = 2678400;
|
|
|
|
|
|
|
|
public static function open($base_path = '/', $save_path = '', $duration = self::SESSION_LIFETIME)
|
|
|
|
{
|
|
|
|
if ($save_path !== '') {
|
|
|
|
session_save_path($save_path);
|
|
|
|
}
|
2014-02-08 20:13:14 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
// HttpOnly and secure flags for session cookie
|
|
|
|
session_set_cookie_params(
|
|
|
|
$duration,
|
|
|
|
$base_path ?: '/',
|
|
|
|
null,
|
|
|
|
Helper\is_secure_connection(),
|
|
|
|
true
|
|
|
|
);
|
2013-03-26 02:29:30 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
// Avoid session id in the URL
|
|
|
|
ini_set('session.use_only_cookies', true);
|
2014-02-28 03:02:35 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
// Ensure session ID integrity
|
|
|
|
ini_set('session.entropy_file', '/dev/urandom');
|
|
|
|
ini_set('session.entropy_length', '32');
|
|
|
|
ini_set('session.hash_bits_per_character', 6);
|
2014-02-28 03:02:35 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
// Custom session name
|
|
|
|
session_name('MX_SID');
|
2014-02-28 03:02:35 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
session_start();
|
2014-02-28 03:02:35 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
// Regenerate the session id to avoid session fixation issue
|
|
|
|
if (empty($_SESSION['__validated'])) {
|
|
|
|
session_regenerate_id(true);
|
|
|
|
$_SESSION['__validated'] = 1;
|
|
|
|
}
|
2014-02-28 03:02:35 +01:00
|
|
|
}
|
2013-02-18 03:48:21 +01:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
public static function close()
|
|
|
|
{
|
|
|
|
session_destroy();
|
|
|
|
}
|
2013-02-18 03:48:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
class SessionStorage
|
2013-02-18 03:48:21 +01:00
|
|
|
{
|
2016-12-26 15:44:53 +01:00
|
|
|
private static $instance = null;
|
|
|
|
|
|
|
|
public function __construct(array $session = null)
|
|
|
|
{
|
|
|
|
if (! isset($_SESSION)) {
|
|
|
|
$_SESSION = array();
|
|
|
|
}
|
|
|
|
|
|
|
|
$_SESSION = $session ?: $_SESSION;
|
|
|
|
}
|
|
|
|
|
|
|
|
public static function getInstance(array $session = null)
|
|
|
|
{
|
|
|
|
if (self::$instance === null) {
|
|
|
|
self::$instance = new static($session);
|
|
|
|
}
|
|
|
|
|
|
|
|
return self::$instance;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function flush()
|
|
|
|
{
|
|
|
|
$_SESSION = array();
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function flushConfig()
|
|
|
|
{
|
|
|
|
unset($_SESSION['config']);
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setConfig(array $config)
|
|
|
|
{
|
|
|
|
$_SESSION['config'] = $config;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getConfig()
|
|
|
|
{
|
|
|
|
return $this->getValue('config');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setUser(array $user)
|
|
|
|
{
|
|
|
|
$_SESSION['user_id'] = $user['id'];
|
|
|
|
$_SESSION['username'] = $user['username'];
|
|
|
|
$_SESSION['is_admin'] = (bool) $user['is_admin'];
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getUserId()
|
|
|
|
{
|
|
|
|
return $this->getValue('user_id');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getUsername()
|
|
|
|
{
|
|
|
|
return $this->getValue('username');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function isAdmin()
|
|
|
|
{
|
|
|
|
return $this->getValue('is_admin');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function isLogged()
|
|
|
|
{
|
|
|
|
return $this->getValue('user_id') !== null;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setFlashMessage($message)
|
|
|
|
{
|
|
|
|
$_SESSION['flash_message'] = $message;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setFlashErrorMessage($message)
|
|
|
|
{
|
|
|
|
$_SESSION['flash_error_message'] = $message;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getFlashMessage()
|
|
|
|
{
|
|
|
|
$message = $this->getValue('flash_message');
|
|
|
|
unset($_SESSION['flash_message']);
|
|
|
|
return $message;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getFlashErrorMessage()
|
|
|
|
{
|
|
|
|
$message = $this->getValue('flash_error_message');
|
|
|
|
unset($_SESSION['flash_error_message']);
|
|
|
|
return $message;
|
|
|
|
}
|
|
|
|
|
|
|
|
protected function getValue($key)
|
|
|
|
{
|
|
|
|
return isset($_SESSION[$key]) ? $_SESSION[$key] : null;
|
|
|
|
}
|
2015-10-20 03:21:18 +02:00
|
|
|
}
|