131bc7874SGreg Roach<?php 231bc7874SGreg Roach/** 331bc7874SGreg Roach * webtrees: online genealogy 46bdf7674SGreg Roach * Copyright (C) 2017 webtrees development team 531bc7874SGreg Roach * This program is free software: you can redistribute it and/or modify 631bc7874SGreg Roach * it under the terms of the GNU General Public License as published by 731bc7874SGreg Roach * the Free Software Foundation, either version 3 of the License, or 831bc7874SGreg Roach * (at your option) any later version. 931bc7874SGreg Roach * This program is distributed in the hope that it will be useful, 1031bc7874SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 1131bc7874SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1231bc7874SGreg Roach * GNU General Public License for more details. 1331bc7874SGreg Roach * You should have received a copy of the GNU General Public License 1431bc7874SGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>. 1531bc7874SGreg Roach */ 1676692c8bSGreg Roachnamespace Fisharebest\Webtrees; 1731bc7874SGreg Roach 1831bc7874SGreg Roach/** 19*42af74e7SGreg Roach * Session handling 2031bc7874SGreg Roach */ 2131bc7874SGreg Roachclass Session { 2231bc7874SGreg Roach /** 2331bc7874SGreg Roach * Start a session 2431bc7874SGreg Roach * 2531bc7874SGreg Roach * @param array $config 2631bc7874SGreg Roach */ 2713abd6f3SGreg Roach public static function start(array $config = []) { 2813abd6f3SGreg Roach $default_config = [ 299c927afbSGreg Roach 'use_cookies' => '1', 3031bc7874SGreg Roach 'name' => 'WT_SESSION', 319c927afbSGreg Roach 'cookie_lifetime' => '0', 329c927afbSGreg Roach 'gc_maxlifetime' => '7200', 339c927afbSGreg Roach 'gc_probability' => '1', 349c927afbSGreg Roach 'gc_divisor' => '100', 3531bc7874SGreg Roach 'cookie_path' => '', 369c927afbSGreg Roach 'cookie_httponly' => '1', 3713abd6f3SGreg Roach ]; 3831bc7874SGreg Roach session_register_shutdown(); 3931bc7874SGreg Roach foreach ($config + $default_config as $key => $value) { 403b8c3a1cSGreg Roach ini_set('session.' . $key, $value); 4131bc7874SGreg Roach } 4231bc7874SGreg Roach session_start(); 4331bc7874SGreg Roach } 4431bc7874SGreg Roach 4531bc7874SGreg Roach /** 4631bc7874SGreg Roach * Read a value from the session 4731bc7874SGreg Roach * 4831bc7874SGreg Roach * @param string $name 4931bc7874SGreg Roach * @param mixed $default 5031bc7874SGreg Roach * 5131bc7874SGreg Roach * @return mixed 5231bc7874SGreg Roach */ 5331bc7874SGreg Roach public static function get($name, $default = null) { 5431bc7874SGreg Roach if (isset($_SESSION[$name])) { 5531bc7874SGreg Roach return $_SESSION[$name]; 5631bc7874SGreg Roach } else { 5731bc7874SGreg Roach return $default; 5831bc7874SGreg Roach } 5931bc7874SGreg Roach } 6031bc7874SGreg Roach 6131bc7874SGreg Roach /** 6231bc7874SGreg Roach * Write a value to the session 6331bc7874SGreg Roach * 6431bc7874SGreg Roach * @param string $name 6531bc7874SGreg Roach * @param mixed $value 6631bc7874SGreg Roach */ 6731bc7874SGreg Roach public static function put($name, $value) { 6831bc7874SGreg Roach $_SESSION[$name] = $value; 6931bc7874SGreg Roach } 7031bc7874SGreg Roach 7131bc7874SGreg Roach /** 7231bc7874SGreg Roach * Remove a value from the session 7331bc7874SGreg Roach * 7431bc7874SGreg Roach * @param string $name 7531bc7874SGreg Roach */ 7631bc7874SGreg Roach public static function forget($name) { 7731bc7874SGreg Roach unset($_SESSION[$name]); 7831bc7874SGreg Roach } 7931bc7874SGreg Roach 8031bc7874SGreg Roach /** 8131bc7874SGreg Roach * Does a session variable exist? 8231bc7874SGreg Roach * 8331bc7874SGreg Roach * @param string $name 8431bc7874SGreg Roach * 85cbc1590aSGreg Roach * @return bool 8631bc7874SGreg Roach */ 8731bc7874SGreg Roach public static function has($name) { 8891fb15f0SGreg Roach return isset($_SESSION[$name]); 8931bc7874SGreg Roach } 9031bc7874SGreg Roach 9131bc7874SGreg Roach /** 92f5004097SGreg Roach * Remove all stored data from the session. 93f5004097SGreg Roach */ 94f5004097SGreg Roach public static function clear() { 9513abd6f3SGreg Roach $_SESSION = []; 96f5004097SGreg Roach } 97f5004097SGreg Roach 98f5004097SGreg Roach /** 9931bc7874SGreg Roach * After any change in authentication level, we should use a new session ID. 10031bc7874SGreg Roach * 10131bc7874SGreg Roach * @param bool $destroy 10231bc7874SGreg Roach */ 10331bc7874SGreg Roach public static function regenerate($destroy = false) { 104f5004097SGreg Roach if ($destroy) { 105f5004097SGreg Roach self::clear(); 106f5004097SGreg Roach } 10731bc7874SGreg Roach session_regenerate_id($destroy); 10831bc7874SGreg Roach } 10931bc7874SGreg Roach 11031bc7874SGreg Roach /** 11131bc7874SGreg Roach * Set an explicit session ID. Typically used for search robots. 11231bc7874SGreg Roach * 11331bc7874SGreg Roach * @param string $id 11431bc7874SGreg Roach */ 11531bc7874SGreg Roach public static function setId($id) { 11631bc7874SGreg Roach session_id($id); 11731bc7874SGreg Roach } 11857514a4fSGreg Roach 11957514a4fSGreg Roach /** 12057514a4fSGreg Roach * Initialise our session save handler 12157514a4fSGreg Roach */ 12257514a4fSGreg Roach public static function setSaveHandler() { 12357514a4fSGreg Roach session_set_save_handler( 12457514a4fSGreg Roach function (): bool { 12557514a4fSGreg Roach return Session::open(); 12657514a4fSGreg Roach }, 12757514a4fSGreg Roach function ():bool { 12857514a4fSGreg Roach return Session::close(); 12957514a4fSGreg Roach }, 13057514a4fSGreg Roach function (string $id): string { 13157514a4fSGreg Roach return Session::read($id); 13257514a4fSGreg Roach }, 13357514a4fSGreg Roach function (string $id, string $data): bool { 13457514a4fSGreg Roach return Session::write($id, $data); 13557514a4fSGreg Roach }, 13657514a4fSGreg Roach function (string $id): bool { 13757514a4fSGreg Roach return Session::destroy($id); 13857514a4fSGreg Roach }, 13957514a4fSGreg Roach function (int $maxlifetime):bool { 14057514a4fSGreg Roach return Session::gc($maxlifetime); 14157514a4fSGreg Roach } 14257514a4fSGreg Roach ); 14357514a4fSGreg Roach } 14457514a4fSGreg Roach 14557514a4fSGreg Roach /** 14657514a4fSGreg Roach * For session_set_save_handler() 14757514a4fSGreg Roach * 14857514a4fSGreg Roach * @return bool 14957514a4fSGreg Roach */ 15057514a4fSGreg Roach private static function close() { 15157514a4fSGreg Roach return true; 15257514a4fSGreg Roach } 15357514a4fSGreg Roach 15457514a4fSGreg Roach /** 15557514a4fSGreg Roach * For session_set_save_handler() 15657514a4fSGreg Roach * 15757514a4fSGreg Roach * @param string $id 15857514a4fSGreg Roach * 15957514a4fSGreg Roach * @return bool 16057514a4fSGreg Roach */ 16157514a4fSGreg Roach private static function destroy(string $id) { 16257514a4fSGreg Roach Database::prepare( 16357514a4fSGreg Roach "DELETE FROM `##session` WHERE session_id = :session_id" 16457514a4fSGreg Roach )->execute([ 16557514a4fSGreg Roach 'session_id' => $id 16657514a4fSGreg Roach ]); 16757514a4fSGreg Roach 16857514a4fSGreg Roach return true; 16957514a4fSGreg Roach } 17057514a4fSGreg Roach 17157514a4fSGreg Roach /** 17257514a4fSGreg Roach * For session_set_save_handler() 17357514a4fSGreg Roach * 17457514a4fSGreg Roach * @param int $maxlifetime 17557514a4fSGreg Roach * 17657514a4fSGreg Roach * @return bool 17757514a4fSGreg Roach */ 17857514a4fSGreg Roach private static function gc(int $maxlifetime) { 17957514a4fSGreg Roach Database::prepare( 18057514a4fSGreg Roach "DELETE FROM `##session` WHERE session_time < DATE_SUB(NOW(), INTERVAL :maxlifetime SECOND)" 18157514a4fSGreg Roach )->execute([ 18257514a4fSGreg Roach 'maxlifetime' => $maxlifetime 18357514a4fSGreg Roach ]); 18457514a4fSGreg Roach 18557514a4fSGreg Roach return true; 18657514a4fSGreg Roach } 18757514a4fSGreg Roach 18857514a4fSGreg Roach /** 18957514a4fSGreg Roach * For session_set_save_handler() 19057514a4fSGreg Roach * 19157514a4fSGreg Roach * @return bool 19257514a4fSGreg Roach */ 19357514a4fSGreg Roach private static function open() { 19457514a4fSGreg Roach return true; 19557514a4fSGreg Roach } 19657514a4fSGreg Roach 19757514a4fSGreg Roach /** 19857514a4fSGreg Roach * For session_set_save_handler() 19957514a4fSGreg Roach * 20057514a4fSGreg Roach * @param string $id 20157514a4fSGreg Roach * 20257514a4fSGreg Roach * @return string 20357514a4fSGreg Roach */ 20457514a4fSGreg Roach private static function read(string $id): string { 20557514a4fSGreg Roach return (string) Database::prepare( 20657514a4fSGreg Roach "SELECT session_data FROM `##session` WHERE session_id = :session_id" 20757514a4fSGreg Roach )->execute([ 20857514a4fSGreg Roach 'session_id' => $id 20957514a4fSGreg Roach ])->fetchOne(); 21057514a4fSGreg Roach } 21157514a4fSGreg Roach 21257514a4fSGreg Roach /** 21357514a4fSGreg Roach * For session_set_save_handler() 21457514a4fSGreg Roach * 21557514a4fSGreg Roach * @param string $id 21657514a4fSGreg Roach * @param string $data 21757514a4fSGreg Roach * 21857514a4fSGreg Roach * @return bool 21957514a4fSGreg Roach */ 22057514a4fSGreg Roach private static function write(string $id, string $data): bool { 22157514a4fSGreg Roach // Only update the session table once per minute, unless the session data has actually changed. 22257514a4fSGreg Roach Database::prepare( 22357514a4fSGreg Roach "INSERT INTO `##session` (session_id, user_id, ip_address, session_data, session_time)" . 22457514a4fSGreg Roach " VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP - SECOND(CURRENT_TIMESTAMP))" . 22557514a4fSGreg Roach " ON DUPLICATE KEY UPDATE" . 22657514a4fSGreg Roach " user_id = VALUES(user_id)," . 22757514a4fSGreg Roach " ip_address = VALUES(ip_address)," . 22857514a4fSGreg Roach " session_data = VALUES(session_data)," . 22957514a4fSGreg Roach " session_time = CURRENT_TIMESTAMP - SECOND(CURRENT_TIMESTAMP)" 23057514a4fSGreg Roach )->execute([ 23157514a4fSGreg Roach $id, 23257514a4fSGreg Roach (int) Auth::id(), 23357514a4fSGreg Roach WT_CLIENT_IP, 23457514a4fSGreg Roach $data] 23557514a4fSGreg Roach ); 23657514a4fSGreg Roach 23757514a4fSGreg Roach return true; 23857514a4fSGreg Roach } 23931bc7874SGreg Roach} 240