This repository has been archived on 2024-06-26. You can view files and clone it, but cannot push or open issues or pull requests.
sakura/app/Session.php

179 lines
4 KiB
PHP
Raw Permalink Normal View History

<?php
2016-02-03 22:22:56 +00:00
/**
2016-08-07 14:10:27 +00:00
* Holds the session object.
2016-02-03 22:22:56 +00:00
* @package Sakura
*/
namespace Sakura;
/**
2016-08-07 14:10:27 +00:00
* Session object.
* @package Sakura
2016-02-02 21:04:15 +00:00
* @author Julian van de Groep <me@flash.moe>
*/
class Session
{
2016-02-02 21:04:15 +00:00
/**
2016-08-07 14:10:27 +00:00
* Session storage id.
2016-02-02 21:04:15 +00:00
* @var int
*/
2016-08-07 14:10:27 +00:00
public $id = 0;
2016-02-02 21:04:15 +00:00
/**
2016-08-07 14:10:27 +00:00
* User id.
* @var int
*/
public $user = 0;
/**
* IP address this session was started from.
2016-02-02 21:04:15 +00:00
* @var string
*/
2016-08-07 14:10:27 +00:00
public $ip = '';
2016-02-02 21:04:15 +00:00
/**
2016-08-07 14:10:27 +00:00
* Country this session was started from.
* @var string
2016-02-02 21:04:15 +00:00
*/
2016-08-07 14:10:27 +00:00
public $country = '';
2016-03-31 20:03:25 +00:00
2016-08-07 14:10:27 +00:00
/**
* User agent this session was started from.
* @var string
*/
public $agent = '';
/**
* Session secret key.
* @var string
*/
public $key = '';
/**
* Timestamp from when this session was created.
* @var int
*/
public $start = 0;
/**
* Timestamp on which this session will invalidate.
* @var int
*/
public $expire = 0;
2016-02-02 21:04:15 +00:00
/**
2016-08-07 14:10:27 +00:00
* Constructor, $id can be a number or the secret key.
* @param mixed $id
2016-02-02 21:04:15 +00:00
*/
2016-08-07 14:10:27 +00:00
public function __construct($id)
{
2016-08-07 14:10:27 +00:00
$data = DB::table('sessions');
2016-08-07 14:10:27 +00:00
if (is_numeric($id)) {
$data->where('session_id', $id);
} else {
$data->where('session_key', $id);
}
2016-08-07 14:10:27 +00:00
$data = $data->first();
if ($data) {
$this->id = intval($data->session_id);
$this->user = intval($data->user_id);
$this->ip = Net::ntop($data->user_ip);
$this->country = $data->session_country;
$this->agent = $data->user_agent;
$this->key = $data->session_key;
$this->start = intval($data->session_start);
$this->expire = intval($data->session_expire);
}
}
2016-02-02 21:04:15 +00:00
/**
2016-08-07 14:10:27 +00:00
* Create a new session
* @param int $user
* @param string $ip
* @param string $country
* @param string $agent
* @param int $length
* @return Session
2016-02-02 21:04:15 +00:00
*/
2016-12-07 23:34:59 +00:00
public static function create(int $user, string $ip, string $country, string $agent = null, int $length = 604800)
2015-11-20 12:21:12 +00:00
{
2016-08-07 14:10:27 +00:00
$start = time();
$key = bin2hex(random_bytes(64));
$id = DB::table('sessions')
->insertGetId([
'user_id' => $user,
'user_ip' => Net::pton($ip),
'user_agent' => $agent,
'session_key' => $key,
'session_start' => $start,
'session_expire' => $start + $length,
'session_country' => $country,
]);
2015-11-20 12:21:12 +00:00
2016-08-07 14:10:27 +00:00
return new Session($id);
2015-11-20 12:21:12 +00:00
}
2016-02-02 21:04:15 +00:00
/**
2016-08-07 14:10:27 +00:00
* Delete this session.
2016-02-02 21:04:15 +00:00
*/
2016-12-04 16:33:52 +00:00
public function delete(): void
{
2016-02-25 16:06:29 +00:00
DB::table('sessions')
2016-08-07 14:10:27 +00:00
->where('session_id', $this->id)
->delete();
}
2016-02-02 21:04:15 +00:00
/**
* Validate the session.
2016-08-07 14:10:27 +00:00
* @param int $user
* @param string $ip
* @return bool
2016-02-02 21:04:15 +00:00
*/
2016-12-04 16:33:52 +00:00
public function validate(int $user, string $ip = null): bool
{
// Get session from database
2016-02-25 16:06:29 +00:00
$session = DB::table('sessions')
2016-08-07 14:10:27 +00:00
->where([
'session_key' => $this->key,
'user_id' => $user,
])
2016-08-06 14:09:01 +00:00
->first();
// Check if we actually got something in return
if (!$session) {
2016-08-07 14:10:27 +00:00
return false;
}
// Check if the session expired
2016-08-06 14:09:01 +00:00
if ($session->session_expire < time()) {
2016-08-07 14:10:27 +00:00
$this->delete();
return false;
}
2016-09-21 11:30:01 +00:00
if ($ip !== null) {
/* completely removed the code for ip checking because it only worked with IPv4
2016-04-25 02:01:14 +00:00
good thing is i can probably do CIDR based checking */
2016-09-21 11:30:01 +00:00
}
2016-12-07 23:34:59 +00:00
DB::table('sessions')
->where('session_id', $session->session_id)
->update(['session_expire' => time() + 604800]);
2016-08-07 14:10:27 +00:00
return true;
}
/**
* Get the country.
* @param bool $long
* @return string
*/
2016-12-04 16:33:52 +00:00
public function country(bool $long = false): string
2016-08-07 14:10:27 +00:00
{
return $long ? get_country_name($this->country) : $this->country;
}
}