miniflux-legacy/app/core/session.php

<?php

namespace Miniflux\Session;

use Miniflux\Helper;

class SessionManager
{
    const SESSION_LIFETIME = 2678400;

    public static function open($base_path = '/', $save_path = '', $duration = self::SESSION_LIFETIME)
    {
        if ($save_path !== '') {
            session_save_path($save_path);
        }

        // HttpOnly and secure flags for session cookie
        session_set_cookie_params(
            $duration,
            $base_path ?: '/',
            null,
            Helper\is_secure_connection(),
            true
        );

        // Avoid session id in the URL
        ini_set('session.use_only_cookies', true);

        // Ensure session ID integrity
        ini_set('session.entropy_file', '/dev/urandom');
        ini_set('session.entropy_length', '32');
        ini_set('session.hash_bits_per_character', 6);

        // Custom session name
        session_name('MX_SID');

        session_start();

        // Regenerate the session id to avoid session fixation issue
        if (empty($_SESSION['__validated'])) {
            session_regenerate_id(true);
            $_SESSION['__validated'] = 1;
        }
    }

    public static function close()
    {
        session_destroy();
    }
}


class SessionStorage
{
    private static $instance = null;

    public function __construct(array $session = null)
    {
        if (! isset($_SESSION)) {
            $_SESSION = array();
        }

        $_SESSION = $session ?: $_SESSION;
    }

    public static function getInstance(array $session = null)
    {
        if (self::$instance === null) {
            self::$instance = new static($session);
        }

        return self::$instance;
    }

    public function flush()
    {
        $_SESSION = array();
        return $this;
    }

    public function flushConfig()
    {
        unset($_SESSION['config']);
        return $this;
    }

    public function setConfig(array $config)
    {
        $_SESSION['config'] = $config;
        return $this;
    }

    public function getConfig()
    {
        return $this->getValue('config');
    }

    public function setUser(array $user)
    {
        $_SESSION['user_id'] = $user['id'];
        $_SESSION['username'] = $user['username'];
        $_SESSION['is_admin'] = (bool) $user['is_admin'];
        return $this;
    }

    public function getUserId()
    {
        return $this->getValue('user_id');
    }

    public function getUsername()
    {
        return $this->getValue('username');
    }

    public function isAdmin()
    {
        return $this->getValue('is_admin');
    }

    public function isLogged()
    {
        return $this->getValue('user_id') !== null;
    }

    public function setFlashMessage($message)
    {
        $_SESSION['flash_message'] = $message;
        return $this;
    }

    public function setFlashErrorMessage($message)
    {
        $_SESSION['flash_error_message'] = $message;
        return $this;
    }

    public function getFlashMessage()
    {
        $message = $this->getValue('flash_message');
        unset($_SESSION['flash_message']);
        return $message;
    }

    public function getFlashErrorMessage()
    {
        $message = $this->getValue('flash_error_message');
        unset($_SESSION['flash_error_message']);
        return $message;
    }

    protected function getValue($key)
    {
        return isset($_SESSION[$key]) ? $_SESSION[$key] : null;
    }
}
first commit 2013-02-18 03:48:21 +01:00			`<?php`

Add Miniflux namespace everywhere 2016-08-25 03:17:58 +02:00			`namespace Miniflux\Session;`
first commit 2013-02-18 03:48:21 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`use Miniflux\Helper;`
first commit 2013-02-18 03:48:21 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`class SessionManager`
first commit 2013-02-18 03:48:21 +01:00			`{`
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`const SESSION_LIFETIME = 2678400;`

			`public static function open($base_path = '/', $save_path = '', $duration = self::SESSION_LIFETIME)`
			`{`
			`if ($save_path !== '') {`
			`session_save_path($save_path);`
			`}`
Improve files organization 2014-02-08 20:13:14 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`// HttpOnly and secure flags for session cookie`
			`session_set_cookie_params(`
			`$duration,`
			`$base_path ?: '/',`
			`null,`
			`Helper\is_secure_connection(),`
			`true`
			`);`
Session cookies have the parameter "secure" when the connection is HTTPS 2013-03-26 02:29:30 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`// Avoid session id in the URL`
			`ini_set('session.use_only_cookies', true);`
Update PicoFarad (session creation improvements) 2014-02-28 03:02:35 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`// Ensure session ID integrity`
			`ini_set('session.entropy_file', '/dev/urandom');`
			`ini_set('session.entropy_length', '32');`
			`ini_set('session.hash_bits_per_character', 6);`
Update PicoFarad (session creation improvements) 2014-02-28 03:02:35 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`// Custom session name`
			`session_name('MX_SID');`
Update PicoFarad (session creation improvements) 2014-02-28 03:02:35 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`session_start();`
Update PicoFarad (session creation improvements) 2014-02-28 03:02:35 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`// Regenerate the session id to avoid session fixation issue`
			`if (empty($_SESSION['__validated'])) {`
			`session_regenerate_id(true);`
			`$_SESSION['__validated'] = 1;`
			`}`
Update PicoFarad (session creation improvements) 2014-02-28 03:02:35 +01:00			`}`
first commit 2013-02-18 03:48:21 +01:00
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`public static function close()`
			`{`
			`session_destroy();`
			`}`
first commit 2013-02-18 03:48:21 +01:00			`}`


Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`class SessionStorage`
first commit 2013-02-18 03:48:21 +01:00			`{`
Change the database structure to have a single database This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file 2016-12-26 15:44:53 +01:00			`private static $instance = null;`

			`public function __construct(array $session = null)`
			`{`
			`if (! isset($_SESSION)) {`
			`$_SESSION = array();`
			`}`

			`$_SESSION = $session ?: $_SESSION;`
			`}`

			`public static function getInstance(array $session = null)`
			`{`
			`if (self::$instance === null) {`
			`self::$instance = new static($session);`
			`}`

			`return self::$instance;`
			`}`

			`public function flush()`
			`{`
			`$_SESSION = array();`
			`return $this;`
			`}`

			`public function flushConfig()`
			`{`
			`unset($_SESSION['config']);`
			`return $this;`
			`}`

			`public function setConfig(array $config)`
			`{`
			`$_SESSION['config'] = $config;`
			`return $this;`
			`}`

			`public function getConfig()`
			`{`
			`return $this->getValue('config');`
			`}`

			`public function setUser(array $user)`
			`{`
			`$_SESSION['user_id'] = $user['id'];`
			`$_SESSION['username'] = $user['username'];`
			`$_SESSION['is_admin'] = (bool) $user['is_admin'];`
			`return $this;`
			`}`

			`public function getUserId()`
			`{`
			`return $this->getValue('user_id');`
			`}`

			`public function getUsername()`
			`{`
			`return $this->getValue('username');`
			`}`

			`public function isAdmin()`
			`{`
			`return $this->getValue('is_admin');`
			`}`

			`public function isLogged()`
			`{`
			`return $this->getValue('user_id') !== null;`
			`}`

			`public function setFlashMessage($message)`
			`{`
			`$_SESSION['flash_message'] = $message;`
			`return $this;`
			`}`

			`public function setFlashErrorMessage($message)`
			`{`
			`$_SESSION['flash_error_message'] = $message;`
			`return $this;`
			`}`

			`public function getFlashMessage()`
			`{`
			`$message = $this->getValue('flash_message');`
			`unset($_SESSION['flash_message']);`
			`return $message;`
			`}`

			`public function getFlashErrorMessage()`
			`{`
			`$message = $this->getValue('flash_error_message');`
			`unset($_SESSION['flash_error_message']);`
			`return $message;`
			`}`

			`protected function getValue($key)`
			`{`
			`return isset($_SESSION[$key]) ? $_SESSION[$key] : null;`
			`}`
Fix cosmetic errors 2015-10-20 03:21:18 +02:00			`}`