1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2023 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <https://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees; 21 22use Psr\Http\Message\ServerRequestInterface; 23use SessionHandlerInterface; 24 25use function date; 26use function time; 27 28/** 29 * Session handling - stores sessions in the database. 30 */ 31class SessionDatabaseHandler implements SessionHandlerInterface 32{ 33 private ServerRequestInterface $request; 34 35 private ?object $row; 36 37 /** 38 * @param ServerRequestInterface $request 39 */ 40 public function __construct(ServerRequestInterface $request) 41 { 42 $this->request = $request; 43 } 44 45 /** 46 * @param string $path 47 * @param string $name 48 * 49 * @return bool 50 */ 51 public function open(string $path, string $name): bool 52 { 53 return true; 54 } 55 56 /** 57 * @return bool 58 */ 59 public function close(): bool 60 { 61 return true; 62 } 63 64 /** 65 * @param string $id 66 * 67 * @return string 68 */ 69 public function read(string $id): string 70 { 71 $this->row = DB::table('session') 72 ->where('session_id', '=', $id) 73 ->first(); 74 75 76 return $this->row->session_data ?? ''; 77 } 78 79 /** 80 * @param string $id 81 * @param string $data 82 * 83 * @return bool 84 */ 85 public function write(string $id, string $data): bool 86 { 87 $ip_address = Validator::attributes($this->request)->string('client-ip'); 88 $user_id = (int) Auth::id(); 89 $now = Registry::timestampFactory()->now(); 90 91 if ($this->row === null) { 92 DB::table('session')->insert([ 93 'session_id' => $id, 94 'session_time' => $now->toDateTimeString(), 95 'user_id' => $user_id, 96 'ip_address' => $ip_address, 97 'session_data' => $data, 98 ]); 99 } else { 100 $updates = []; 101 102 // The user ID can change if we masquerade as another user. 103 if ((int) $this->row->user_id !== $user_id) { 104 $updates['user_id'] = $user_id; 105 } 106 107 if ($this->row->ip_address !== $ip_address) { 108 $updates['ip_address'] = $ip_address; 109 } 110 111 if ($this->row->session_data !== $data) { 112 $updates['session_data'] = $data; 113 } 114 115 // Only update session once a minute to reduce contention on the session table. 116 if ($now->subtractMinutes(1)->timestamp() > Registry::timestampFactory()->fromString($this->row->session_time)->timestamp()) { 117 $updates['session_time'] = $now->toDateTimeString(); 118 } 119 120 if ($updates !== []) { 121 DB::table('session') 122 ->where('session_id', '=', $id) 123 ->update($updates); 124 } 125 } 126 127 return true; 128 } 129 130 /** 131 * @param string $id 132 * 133 * @return bool 134 */ 135 public function destroy(string $id): bool 136 { 137 DB::table('session') 138 ->where('session_id', '=', $id) 139 ->delete(); 140 141 return true; 142 } 143 144 /** 145 * @param int $max_lifetime 146 * 147 * @return int 148 */ 149 public function gc(int $max_lifetime): int 150 { 151 return DB::table('session') 152 ->where('session_time', '<', date('Y-m-d H:i:s', time() - $max_lifetime)) 153 ->delete(); 154 } 155} 156