flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2024-06-26. You can view files and clone it, but cannot push or open issues or pull requests.
sakura/libraries/Session.php

163 lines
4.5 KiB
PHP
Raw Normal View History

r20150915 (the last commit that claimed to be *15 was actually *14) Signed-off-by: Flashwave <me@flash.moe>
2015-09-15 20:37:29 +00:00
<?php
/*
* User session container
*/
namespace Sakura;
r20151018.2 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 19:06:30 +00:00
/**
* Class Session
* @package Sakura
*/
r20150915 (the last commit that claimed to be *15 was actually *14) Signed-off-by: Flashwave <me@flash.moe>
2015-09-15 20:37:29 +00:00
class Session
{
// Current user data
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
public $userId = 0;
public $sessionId = "";
r20150915 (the last commit that claimed to be *15 was actually *14) Signed-off-by: Flashwave <me@flash.moe>
2015-09-15 20:37:29 +00:00
// Initialise new session
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
public function __construct($userId, $sessionId = null)
r20150915 (the last commit that claimed to be *15 was actually *14) Signed-off-by: Flashwave <me@flash.moe>
2015-09-15 20:37:29 +00:00
{
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
// Set the supposed session data
$this->userId = $userId;
$this->sessionId = $sessionId;
r20150915 (the last commit that claimed to be *15 was actually *14) Signed-off-by: Flashwave <me@flash.moe>
2015-09-15 20:37:29 +00:00
// Check if a PHP session was already started and if not start one
if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
}
}
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
// Destroy this session
public function destroy()
{
// Invalidate the session key
Database::delete('sessions', [
'session_key' => [$this->sessionId, '='],
'user_id' => [$this->userId, '='],
]);
// Unset userId and sessionId
unset($this->userId);
unset($this->sessionId);
// Destroy the session
if (session_status() == PHP_SESSION_ACTIVE) {
session_destroy();
}
}
Second part of today's bread.
2015-11-20 12:21:12 +00:00
// Destroy all sessions keys for this user
public function destroyAll()
{
// Delete all database entries with this user in it
Database::delete('sessions', ['user_id' => [$this->userId, '=']]);
// Destroy this session to finish it off
$this->destroy();
}
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
// Create a new session
public function create($permanent)
{
// Generate session key
$session = hash('sha256', $this->userId . base64_encode('sakura' . mt_rand(0, 99999999)) . time());
// Insert the session into the database
Database::insert('sessions', [
'user_id' => $this->userId,
r20160116/17
2016-01-17 01:58:31 +00:00
'user_ip' => Utils::getRemoteIP(),
'user_agent' => Utils::cleanString(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'No user agent header.'),
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
'session_key' => $session,
'session_start' => time(),
'session_expire' => time() + 604800,
'session_remember' => $permanent ? '1' : '0',
]);
// Return the session key
return $session;
}
// Validate an apparently existing session
public function validate()
{
// Get session from database
$session = Database::fetch('sessions', false, [
'user_id' => [$this->userId, '='],
'session_key' => [$this->sessionId, '='],
]);
// Check if we actually got something in return
if (!$session) {
return 0;
}
// Check if the session expired
if ($session['session_expire'] < time()) {
// ...and return false
return 0;
}
r20151018.2 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 19:06:30 +00:00
// IP Check
r20151204
2015-12-04 14:19:10 +00:00
$ipCheck = Config::get('session_check');
r20151018.2 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 19:06:30 +00:00
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
// Origin checking
r20151018.2 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 19:06:30 +00:00
if ($ipCheck) {
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
// Split both IPs up
$sessionIP = explode('.', $session['user_ip']);
r20160116/17
2016-01-17 01:58:31 +00:00
$userIP = explode('.', Utils::getRemoteIP());
r20151018 Signed-off-by: Flashwave <me@flash.moe>
2015-10-18 01:50:50 +00:00
// Take 1 off the ipCheck variable so it's equal to the array keys
$ipCheck = $ipCheck - 1;
// Check if the user's IP is similar to the session's registered IP
switch ($ipCheck) {
// 000.xxx.xxx.xxx
case 3:
if ($userIP[3] !== $sessionIP[3]) {
return 0;
}
// xxx.000.xxx.xxx
case 2:
case 3:
if ($userIP[2] !== $sessionIP[2]) {
return 0;
}
// xxx.xxx.000.xxx
case 1:
case 2:
case 3:
if ($userIP[1] !== $sessionIP[1]) {
return 0;
}
// xxx.xxx.xxx.000
case 0:
case 1:
case 2:
case 3:
if ($userIP[0] !== $sessionIP[0]) {
return 0;
}
}
}
// If the remember flag is set extend the session time
if ($session['session_remember']) {
Database::update('sessions', [
[
'session_expire' => time() + 604800,
],
[
'session_id' => [$session['session_id'], '='],
],
]);
}
// Return 2 if the remember flag is set and return 1 if not
return $session['session_remember'] ? 2 : 1;
}
r20150915 (the last commit that claimed to be *15 was actually *14) Signed-off-by: Flashwave <me@flash.moe>
2015-09-15 20:37:29 +00:00
}
Reference in a new issue Copy permalink