Delegate session operations to SessionManager
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
This commit is contained in:
VirtualTam
parent
1b28c66cc7
commit
c7721487b2
2 changed files with 69 additions and 24 deletions
|
|
@ -1,6 +1,8 @@
|
|||
<?php
|
||||
namespace Shaarli;
|
||||
|
||||
use Shaarli\Config\ConfigManager;
|
||||
|
||||
/**
|
||||
* User login management
|
||||
*/
|
||||
|
|
@ -62,34 +64,24 @@ public function checkLoginState($server, & $session, $cookie, $webPath, $token)
|
|||
return;
|
||||
}
|
||||
|
||||
$clientIpId = client_ip_id($server);
|
||||
|
||||
if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
|
||||
&& $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
|
||||
) {
|
||||
$this->sessionManager->storeLoginInfo($server);
|
||||
$this->sessionManager->storeLoginInfo($clientIpId);
|
||||
$this->isLoggedIn = true;
|
||||
}
|
||||
|
||||
// Logout when:
|
||||
// - the session does not exist on the server side
|
||||
// - the session has expired
|
||||
// - the client IP address has changed
|
||||
if (empty($session['uid'])
|
||||
|| ($this->configManager->get('security.session_protection_disabled') === false
|
||||
&& $session['ip'] != client_ip_id($server))
|
||||
|| time() >= $session['expires_on']
|
||||
if ($this->sessionManager->hasSessionExpired()
|
||||
|| $this->sessionManager->hasClientIpChanged($clientIpId)
|
||||
) {
|
||||
$this->sessionManager->logout($webPath);
|
||||
$this->isLoggedIn = false;
|
||||
return;
|
||||
}
|
||||
|
||||
// Extend session validity
|
||||
if (! empty($session['longlastingsession'])) {
|
||||
// "Stay signed in" is enabled
|
||||
$session['expires_on'] = time() + $session['longlastingsession'];
|
||||
} else {
|
||||
$session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT;
|
||||
}
|
||||
$this->sessionManager->extendSession();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -129,7 +121,8 @@ public function checkCredentials($server, $login, $password)
|
|||
return false;
|
||||
}
|
||||
|
||||
$this->sessionManager->storeLoginInfo($server);
|
||||
$clientIpId = client_ip_id($server);
|
||||
$this->sessionManager->storeLoginInfo($clientIpId);
|
||||
logm(
|
||||
$this->configManager->get('resource.log'),
|
||||
$server['REMOTE_ADDR'],
|
||||
|
|
|
|||
|
|
@ -1,21 +1,23 @@
|
|||
<?php
|
||||
namespace Shaarli;
|
||||
|
||||
use Shaarli\Config\ConfigManager;
|
||||
|
||||
/**
|
||||
* Manages the server-side session
|
||||
*/
|
||||
class SessionManager
|
||||
{
|
||||
/** Session expiration timeout, in seconds */
|
||||
/** @var int Session expiration timeout, in seconds */
|
||||
public static $INACTIVITY_TIMEOUT = 3600;
|
||||
|
||||
/** Name of the cookie set after logging in **/
|
||||
/** @var string Name of the cookie set after logging in **/
|
||||
public static $LOGGED_IN_COOKIE = 'shaarli_staySignedIn';
|
||||
|
||||
/** Local reference to the global $_SESSION array */
|
||||
/** @var array Local reference to the global $_SESSION array */
|
||||
protected $session = [];
|
||||
|
||||
/** ConfigManager instance **/
|
||||
/** @var ConfigManager Configuration Manager instance **/
|
||||
protected $conf = null;
|
||||
|
||||
/**
|
||||
|
|
@ -94,17 +96,30 @@ public static function checkId($sessionId)
|
|||
/**
|
||||
* Store user login information after a successful login
|
||||
*
|
||||
* @param array $server The global $_SERVER array
|
||||
* @param string $clientIpId Client IP address identifier
|
||||
*/
|
||||
public function storeLoginInfo($server)
|
||||
public function storeLoginInfo($clientIpId)
|
||||
{
|
||||
// Generate unique random number (different than phpsessionid)
|
||||
$this->session['uid'] = sha1(uniqid('', true) . '_' . mt_rand());
|
||||
$this->session['ip'] = client_ip_id($server);
|
||||
$this->session['ip'] = $clientIpId;
|
||||
$this->session['username'] = $this->conf->get('credentials.login');
|
||||
$this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extend session validity
|
||||
*/
|
||||
public function extendSession()
|
||||
{
|
||||
if (! empty($this->session['longlastingsession'])) {
|
||||
// "Stay signed in" is enabled
|
||||
$this->session['expires_on'] = time() + $this->session['longlastingsession'];
|
||||
return;
|
||||
}
|
||||
$this->session['expires_on'] = time() + self::$INACTIVITY_TIMEOUT;
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout a user by unsetting all login information
|
||||
*
|
||||
|
|
@ -124,4 +139,41 @@ public function logout($webPath)
|
|||
}
|
||||
setcookie(self::$LOGGED_IN_COOKIE, 'false', 0, $webPath);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether the session has expired
|
||||
*
|
||||
* @param string $clientIpId Client IP address identifier
|
||||
*
|
||||
* @return bool true if the session has expired, false otherwise
|
||||
*/
|
||||
public function hasSessionExpired()
|
||||
{
|
||||
if (empty($this->session['uid'])) {
|
||||
return true;
|
||||
}
|
||||
if (time() >= $this->session['expires_on']) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether the client IP address has changed
|
||||
*
|
||||
* @param string $clientIpId Client IP address identifier
|
||||
*
|
||||
* @return bool true if the IP has changed, false if it has not, or
|
||||
* if session protection has been disabled
|
||||
*/
|
||||
public function hasClientIpChanged($clientIpId)
|
||||
{
|
||||
if ($this->conf->get('security.session_protection_disabled') === true) {
|
||||
return false;
|
||||
}
|
||||
if ($this->session['ip'] == $clientIpId) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue