SproutCMS

This is the code documentation for the SproutCMS project

More info
Project:
Home   Sprout SproutModules

Search documentation

Search term:

What to search:





Path or filename:

source of /sprout/Helpers/Session.php

Copyright (C) 2017 Karmabunny Pty Ltd.

This file is a part of SproutCMS.

SproutCMS is free software: you can redistribute it and/or modify it under the terms
of the GNU General Public License as published by the Free Software Foundation, either
version 2 of the License, or (at your option) any later version.

For more information, visit <http://getsproutcms.com>.

This class was originally from Kohana 2.3.4
Copyright 2007-2008 Kohana Team
  1. <?php
  2. /**
  3.  * Copyright (C) 2017 Karmabunny Pty Ltd.
  4.  *
  5.  * This file is a part of SproutCMS.
  6.  *
  7.  * SproutCMS is free software: you can redistribute it and/or modify it under the terms
  8.  * of the GNU General Public License as published by the Free Software Foundation, either
  9.  * version 2 of the License, or (at your option) any later version.
  10.  *
  11.  * For more information, visit <http://getsproutcms.com>.
  12.  *
  13.  * This class was originally from Kohana 2.3.4
  14.  * Copyright 2007-2008 Kohana Team
  15.  */
  16. namespace Sprout\Helpers;
  17.  
  18. use Kohana;
  19. use Kohana_Exception;
  20. use Event;
  21.  
  22. use Sprout\Helpers\Drivers\SessionDriver;
  23.  
  24. /**
  25.  * Session library.
  26.  */
  27. class Session
  28. {
  29.  
  30.     // Session singleton
  31.     protected static $instance;
  32.  
  33.     // Protected key names (cannot be set by the user)
  34.     protected static $protect = array('session_id', 'user_agent', 'last_activity', 'ip_address', 'total_hits', '_kf_flash_');
  35.  
  36.     // Configuration and driver
  37.     protected static $config;
  38.     protected static $driver;
  39.  
  40.     // Flash variables
  41.     protected static $flash;
  42.  
  43.     /**
  44.      * Singleton instance of Session.
  45.      */
  46.     public static function instance()
  47.     {
  48.         if (Session::$instance == NULL)
  49.         {
  50.             // Create a new instance
  51.             new Session;
  52.         }
  53.  
  54.         return Session::$instance;
  55.     }
  56.  
  57.     /**
  58.      * On first session instance creation, sets up the driver and creates session.
  59.      */
  60.     public function __construct()
  61.     {
  62.         if (PHP_SAPI === 'cli') {
  63.             $_SESSION = [];
  64.             return;
  65.         }
  66.  
  67.         // This part only needs to be run once
  68.         if (Session::$instance === NULL)
  69.         {
  70.             // Load config
  71.             Session::$config = Kohana::config('session');
  72.  
  73.             // Makes a mirrored array, eg: foo=foo
  74.             Session::$protect = array_combine(Session::$protect, Session::$protect);
  75.  
  76.             // Configure garbage collection
  77.             ini_set('session.gc_probability', (int) Session::$config['gc_probability']);
  78.             ini_set('session.gc_divisor', 100);
  79.             ini_set('session.gc_maxlifetime', (Session::$config['expiration'] == 0) ? 86400 : Session::$config['expiration']);
  80.  
  81.             // Create a new session
  82.             static::create();
  83.  
  84.             if (Session::$config['regenerate'] > 0 AND ($_SESSION['total_hits'] % Session::$config['regenerate']) === 0)
  85.             {
  86.                 // Regenerate session id and update session cookie
  87.                 static::regenerate();
  88.             }
  89.  
  90.             // Close the session on system shutdown (run before sending the headers), so that
  91.             // the session cookie(s) can be written.
  92.             Event::add('system.shutdown', array($this, 'writeClose'));
  93.  
  94.             // Singleton instance
  95.             Session::$instance = $this;
  96.         }
  97.     }
  98.  
  99.     /**
  100.      * Get the session id.
  101.      *
  102.      * @return  string
  103.      */
  104.     public static function id()
  105.     {
  106.         return $_SESSION['session_id'];
  107.     }
  108.  
  109.     /**
  110.      * Create a new session.
  111.      *
  112.      * @param   array  variables to set after creation
  113.      * @return  void
  114.      */
  115.     public static function create($vars = NULL)
  116.     {
  117.         // Destroy any current sessions
  118.         static::destroy();
  119.  
  120.         if (Session::$config['driver'] !== 'native')
  121.         {
  122.             // Set driver name
  123.             $driver = 'Sprout\\Helpers\\Drivers\\Session\\' . ucfirst(Session::$config['driver']);
  124.  
  125.             // Load the driver
  126.             if (!class_exists($driver))
  127.                 throw new Kohana_Exception('core.driver_not_found', Session::$config['driver'], get_class());
  128.  
  129.             // Initialize the driver
  130.             Session::$driver = new $driver();
  131.  
  132.             // Validate the driver
  133.             if ( ! (Session::$driver instanceof SessionDriver))
  134.                 throw new Kohana_Exception('core.driver_implements', Session::$config['driver'], get_class(), 'SessionDriver');
  135.  
  136.             // Register non-native driver as the session handler
  137.             session_set_save_handler
  138.             (
  139.                 array(Session::$driver, 'open'),
  140.                 array(Session::$driver, 'close'),
  141.                 array(Session::$driver, 'read'),
  142.                 array(Session::$driver, 'write'),
  143.                 array(Session::$driver, 'destroy'),
  144.                 array(Session::$driver, 'gc')
  145.             );
  146.         }
  147.  
  148.         // Validate the session name
  149.         if ( ! preg_match('~^(?=.*[a-z])[a-z0-9_]++$~iD', Session::$config['name']))
  150.             throw new Kohana_Exception('session.invalid_session_name', Session::$config['name']);
  151.  
  152.         // Name the session, this will also be the name of the cookie
  153.         session_name(Session::$config['name']);
  154.  
  155.         // Set the session cookie parameters
  156.         session_set_cookie_params
  157.         (
  158.             Session::$config['expiration'],
  159.             Kohana::config('cookie.path'),
  160.             Kohana::config('cookie.domain'),
  161.             Kohana::config('cookie.secure'),
  162.             true    // never allow javascript to access session cookies
  163.         );
  164.  
  165.         // Start the session!
  166.         session_start();
  167.  
  168.         // Put session_id in the session variable
  169.         $_SESSION['session_id'] = session_id();
  170.  
  171.         // Set defaults
  172.         if ( ! isset($_SESSION['_kf_flash_']))
  173.         {
  174.             $_SESSION['total_hits'] = 0;
  175.             $_SESSION['_kf_flash_'] = array();
  176.  
  177.             $_SESSION['user_agent'] = Kohana::$user_agent;
  178.             $_SESSION['ip_address'] = Request::userIp();
  179.         }
  180.  
  181.         // Set up flash variables
  182.         Session::$flash =& $_SESSION['_kf_flash_'];
  183.  
  184.         // Increase total hits
  185.         $_SESSION['total_hits'] += 1;
  186.  
  187.         // Validate data only on hits after one
  188.         if ($_SESSION['total_hits'] > 1)
  189.         {
  190.             // Validate the session
  191.             foreach (Session::$config['validate'] as $valid)
  192.             {
  193.                 switch ($valid)
  194.                 {
  195.                     // Check user agent for consistency
  196.                     case 'user_agent':
  197.                         if ($_SESSION[$valid] !== Kohana::$user_agent)
  198.                             return static::create();
  199.                     break;
  200.  
  201.                     // Check ip address for consistency
  202.                     case 'ip_address':
  203.                         if ($_SESSION[$valid] !== Request::userIp())
  204.                             return static::create();
  205.                     break;
  206.  
  207.                     // Check expiration time to prevent users from manually modifying it
  208.                     case 'expiration':
  209.                         if (time() - $_SESSION['last_activity'] > ini_get('session.gc_maxlifetime'))
  210.                             return static::create();
  211.                     break;
  212.                 }
  213.             }
  214.         }
  215.  
  216.         // Expire flash keys
  217.         static::expireFlash();
  218.  
  219.         // Update last activity
  220.         $_SESSION['last_activity'] = time();
  221.  
  222.         // Set the new data
  223.         Session::set($vars);
  224.     }
  225.  
  226.     /**
  227.      * Regenerates the global session id.
  228.      *
  229.      * @return  void
  230.      */
  231.     public static function regenerate()
  232.     {
  233.         if (Session::$config['driver'] === 'native')
  234.         {
  235.             // Generate a new session id
  236.             // Note: also sets a new session cookie with the updated id
  237.             session_regenerate_id(TRUE);
  238.  
  239.             // Update session with new id
  240.             $_SESSION['session_id'] = session_id();
  241.         }
  242.         else
  243.         {
  244.             // Pass the regenerating off to the driver in case it wants to do anything special
  245.             $_SESSION['session_id'] = Session::$driver->regenerate();
  246.         }
  247.  
  248.         // Get the session name
  249.         $name = session_name();
  250.  
  251.         if (isset($_COOKIE[$name]))
  252.         {
  253.             // Change the cookie value to match the new session id to prevent "lag"
  254.             Cookie::set(
  255.                 $name,
  256.                 $_SESSION['session_id'],
  257.                 Session::$config['expiration'],
  258.                 Kohana::config('cookie.path'),
  259.                 Kohana::config('cookie.domain'),
  260.                 Kohana::config('cookie.secure'),
  261.                 true     // httpOnly flag, i.e. no javascript access
  262.             );
  263.         }
  264.     }
  265.  
  266.     /**
  267.      * Destroys the current session.
  268.      *
  269.      * @return  void
  270.      */
  271.     public static function destroy()
  272.     {
  273.         if (session_id() !== '')
  274.         {
  275.             // Get the session name
  276.             $name = session_name();
  277.  
  278.             // Destroy the session
  279.             session_destroy();
  280.  
  281.             // Re-initialize the array
  282.             $_SESSION = array();
  283.  
  284.             // Delete the session cookie
  285.             Cookie::delete($name);
  286.         }
  287.     }
  288.  
  289.     /**
  290.      * Runs the system.session_write event, then calls session_write_close.
  291.      *
  292.      * @return  void
  293.      */
  294.     public static function writeClose()
  295.     {
  296.         static $run;
  297.  
  298.         if ($run === NULL)
  299.         {
  300.             $run = TRUE;
  301.  
  302.             // Run the events that depend on the session being open
  303.             Event::run('system.session_write');
  304.  
  305.             // Expire flash keys
  306.             static::expireFlash();
  307.  
  308.             // Close the session
  309.             session_write_close();
  310.         }
  311.     }
  312.  
  313.     /**
  314.      * Set a session variable.
  315.      *
  316.      * @param   string|array  key, or array of values
  317.      * @param   mixed         value (if keys is not an array)
  318.      * @return  void
  319.      */
  320.     public static function set($keys, $val = FALSE)
  321.     {
  322.         if (empty($keys))
  323.             return FALSE;
  324.  
  325.         if ( ! is_array($keys))
  326.         {
  327.             $keys = array($keys => $val);
  328.         }
  329.  
  330.         foreach ($keys as $key => $val)
  331.         {
  332.             if (isset(Session::$protect[$key]))
  333.                 continue;
  334.  
  335.             // Set the key
  336.             $_SESSION[$key] = $val;
  337.         }
  338.     }
  339.  
  340.     /**
  341.      * Set a flash variable.
  342.      *
  343.      * @param   string|array  key, or array of values
  344.      * @param   mixed         value (if keys is not an array)
  345.      * @return  void
  346.      */
  347.     public static function setFlash($keys, $val = FALSE)
  348.     {
  349.         if (empty($keys))
  350.             return FALSE;
  351.  
  352.         if ( ! is_array($keys))
  353.         {
  354.             $keys = array($keys => $val);
  355.         }
  356.  
  357.         foreach ($keys as $key => $val)
  358.         {
  359.             if ($key == FALSE)
  360.                 continue;
  361.  
  362.             Session::$flash[$key] = 'new';
  363.             Session::set($key, $val);
  364.         }
  365.     }
  366.  
  367.     /**
  368.      * Freshen one, multiple or all flash variables.
  369.      *
  370.      * @param   string  variable key(s)
  371.      * @return  void
  372.      */
  373.     public static function keepFlash($keys = NULL)
  374.     {
  375.         $keys = ($keys === NULL) ? array_keys(Session::$flash) : func_get_args();
  376.  
  377.         foreach ($keys as $key)
  378.         {
  379.             if (isset(Session::$flash[$key]))
  380.             {
  381.                 Session::$flash[$key] = 'new';
  382.             }
  383.         }
  384.     }
  385.  
  386.     /**
  387.      * Expires old flash data and removes it from the session.
  388.      *
  389.      * @return  void
  390.      */
  391.     public static function expireFlash()
  392.     {
  393.         static $run;
  394.  
  395.         // Method can only be run once
  396.         if ($run === TRUE)
  397.             return;
  398.  
  399.         if ( ! empty(Session::$flash))
  400.         {
  401.             foreach (Session::$flash as $key => $state)
  402.             {
  403.                 if ($state === 'old')
  404.                 {
  405.                     // Flash has expired
  406.                     unset(Session::$flash[$key], $_SESSION[$key]);
  407.                 }
  408.                 else
  409.                 {
  410.                     // Flash will expire
  411.                     Session::$flash[$key] = 'old';
  412.                 }
  413.             }
  414.         }
  415.  
  416.         // Method has been run
  417.         $run = TRUE;
  418.     }
  419.  
  420.     /**
  421.      * Get a variable. Access to sub-arrays is supported with key.subkey.
  422.      *
  423.      * @param   string  variable key
  424.      * @param   mixed   default value returned if variable does not exist
  425.      * @return  mixed   Variable data if key specified, otherwise array containing all session data.
  426.      */
  427.     public static function get($key = FALSE, $default = FALSE)
  428.     {
  429.         if (empty($key))
  430.             return $_SESSION;
  431.  
  432.         $result = isset($_SESSION[$key]) ? $_SESSION[$key] : Kohana::keyString($_SESSION, $key);
  433.  
  434.         return ($result === NULL) ? $default : $result;
  435.     }
  436.  
  437.  
  438.     /**
  439.      *
  440.      * @param string $key
  441.      * @return bool
  442.      */
  443.     public static function has($key)
  444.     {
  445.         return self::get($key, null) !== null;
  446.     }
  447.  
  448.  
  449.     /**
  450.      * Get a variable, and delete it.
  451.      *
  452.      * @param   string  variable key
  453.      * @param   mixed   default value returned if variable does not exist
  454.      * @return  mixed
  455.      */
  456.     public static function getOnce($key, $default = FALSE)
  457.     {
  458.         $return = Session::get($key, $default);
  459.         Session::delete($key);
  460.  
  461.         return $return;
  462.     }
  463.  
  464.     /**
  465.      * Delete one or more variables.
  466.      *
  467.      * @param   string  variable key(s)
  468.      * @return  void
  469.      */
  470.     public static function delete($keys)
  471.     {
  472.         $args = func_get_args();
  473.  
  474.         foreach ($args as $key)
  475.         {
  476.             if (isset(Session::$protect[$key]))
  477.                 continue;
  478.  
  479.             // Unset the key
  480.             unset($_SESSION[$key]);
  481.         }
  482.     }
  483.  
  484.  
  485.     /**
  486.      * Removes all session variables.
  487.      */
  488.     public static function deletall()
  489.     {
  490.         foreach ($_SESSION as $key => $_) {
  491.             unset($_SESSION[$key]);
  492.         }
  493.     }
  494.  
  495.  
  496.     /**
  497.      * Return the entire session object.
  498.      *
  499.      * @return array
  500.      */
  501.     public static function list()
  502.     {
  503.         return $_SESSION;
  504.     }
  505.  
  506. } // End Session Class
  507.  
Powered by Pelzini, version 0.9.0 Documentation is made available under the GNU Free Documentation License 1.2.
Generated: Monday, 3rd April, 2023 at 02:59 pm