1b5979037SGreg Roach<?php 23976b470SGreg Roach 3b5979037SGreg Roach/** 4b5979037SGreg Roach * webtrees: online genealogy 5b5979037SGreg Roach * Copyright (C) 2019 webtrees development team 6b5979037SGreg Roach * This program is free software: you can redistribute it and/or modify 7b5979037SGreg Roach * it under the terms of the GNU General Public License as published by 8b5979037SGreg Roach * the Free Software Foundation, either version 3 of the License, or 9b5979037SGreg Roach * (at your option) any later version. 10b5979037SGreg Roach * This program is distributed in the hope that it will be useful, 11b5979037SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12b5979037SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13b5979037SGreg Roach * GNU General Public License for more details. 14b5979037SGreg Roach * You should have received a copy of the GNU General Public License 15b5979037SGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>. 16b5979037SGreg Roach */ 17fcfa147eSGreg Roach 18b5979037SGreg Roachdeclare(strict_types=1); 19b5979037SGreg Roach 20b5979037SGreg Roachnamespace Fisharebest\Webtrees\Http\Middleware; 21b5979037SGreg Roach 22b5979037SGreg Roachuse Fisharebest\Webtrees\Auth; 234459dc9aSGreg Roachuse Fisharebest\Webtrees\Carbon; 24b5979037SGreg Roachuse Fisharebest\Webtrees\Session; 257c4add84SGreg Roachuse Fisharebest\Webtrees\User; 266ccdf4f0SGreg Roachuse Psr\Http\Message\ResponseInterface; 276ccdf4f0SGreg Roachuse Psr\Http\Message\ServerRequestInterface; 286ccdf4f0SGreg Roachuse Psr\Http\Server\MiddlewareInterface; 296ccdf4f0SGreg Roachuse Psr\Http\Server\RequestHandlerInterface; 30b5979037SGreg Roach 31dc6156d0SGreg Roachuse function session_destroy; 32dc6156d0SGreg Roachuse function session_status; 33dc6156d0SGreg Roach 34dc6156d0SGreg Roachuse const PHP_SESSION_ACTIVE; 35dc6156d0SGreg Roach 36b5979037SGreg Roach/** 37b5979037SGreg Roach * Middleware to activate sessions. 38b5979037SGreg Roach */ 39b5979037SGreg Roachclass UseSession implements MiddlewareInterface 40b5979037SGreg Roach{ 41b5979037SGreg Roach /** 426ccdf4f0SGreg Roach * @param ServerRequestInterface $request 436ccdf4f0SGreg Roach * @param RequestHandlerInterface $handler 44b5979037SGreg Roach * 456ccdf4f0SGreg Roach * @return ResponseInterface 46b5979037SGreg Roach */ 476ccdf4f0SGreg Roach public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface 48b5979037SGreg Roach { 49dc6156d0SGreg Roach // Some sites (e.g. Wordpress/NinjaFirewall) use the PHP auto_prepend_file 50dc6156d0SGreg Roach // setting to run their own startup code - which may start a session. 51dc6156d0SGreg Roach if (session_status() === PHP_SESSION_ACTIVE) { 52dc6156d0SGreg Roach session_destroy(); 53dc6156d0SGreg Roach } 54dc6156d0SGreg Roach 55b5979037SGreg Roach // Sessions 564d7dd147SGreg Roach Session::start($request); 57b5979037SGreg Roach 5857ab2231SGreg Roach $user = Auth::user(); 5957ab2231SGreg Roach 60b5979037SGreg Roach // Update the last-login time no more than once a minute. 61b5979037SGreg Roach $next_session_update = Carbon::createFromTimestamp((int) Session::get('session_time_updates'))->addMinute(); 62b5979037SGreg Roach if ($next_session_update < Carbon::now()) { 634459dc9aSGreg Roach $timestamp_now = Carbon::now()->unix(); 64b5979037SGreg Roach 65b5979037SGreg Roach if (Session::get('masquerade') === null) { 667c4add84SGreg Roach $user->setPreference(User::PREF_TIMESTAMP_ACTIVE, (string) $timestamp_now); 67b5979037SGreg Roach } 68b5979037SGreg Roach Session::put('session_time_updates', $timestamp_now); 69b5979037SGreg Roach } 70b5979037SGreg Roach 7157ab2231SGreg Roach $request = $request->withAttribute('user', $user); 720c8c69d4SGreg Roach 738246ffa1SGreg Roach $response = $handler->handle($request); 748246ffa1SGreg Roach 75*dc6b8e0eSGreg Roach Session::save(); 768246ffa1SGreg Roach 778246ffa1SGreg Roach return $response; 78b5979037SGreg Roach } 79b5979037SGreg Roach} 80