misuzu/src/Users/session.php

<?php
define('MSZ_SESSION_DATA_STORE', '_msz_user_session_data');
define('MSZ_SESSION_KEY_SIZE', 64);

function user_session_create(
    int $userId,
    string $ipAddress,
    string $userAgent
): string {
    $sessionKey = user_session_generate_key();

    $createSession = db_prepare('
        INSERT INTO `msz_sessions`
            (
                `user_id`, `session_ip`, `session_country`,
                `session_user_agent`, `session_key`, `session_created`, `session_expires`
            )
        VALUES
            (
                :user_id, INET6_ATON(:session_ip), :session_country,
                :session_user_agent, :session_key, NOW(), NOW() + INTERVAL 1 MONTH
            )
    ');
    $createSession->bindValue('user_id', $userId);
    $createSession->bindValue('session_ip', $ipAddress);
    $createSession->bindValue('session_country', ip_country_code($ipAddress));
    $createSession->bindValue('session_user_agent', $userAgent);
    $createSession->bindValue('session_key', $sessionKey);

    return $createSession->execute() ? $sessionKey : '';
}

function user_session_find($sessionId, bool $byKey = false): array
{
    if (!$byKey && $sessionId < 1) {
        return [];
    }

    $findSession = db_prepare(sprintf('
        SELECT
            `session_id`, `user_id`, INET6_NTOA(`session_ip`) as `session_ip`,
            `session_country`, `session_user_agent`, `session_key`, `session_created`, `session_expires`, `session_active`
        FROM `msz_sessions`
        WHERE `%s` = :session_id
    ', $byKey ? 'session_key' : 'session_id'));
    $findSession->bindValue('session_id', $sessionId);
    $session = $findSession->execute() ? $findSession->fetch(PDO::FETCH_ASSOC) : false;
    return $session ? $session : [];
}

function user_session_delete(int $sessionId): void
{
    $deleteSession = db_prepare('
        DELETE FROM `msz_sessions`
        WHERE `session_id` = :session_id
    ');
    $deleteSession->bindValue('session_id', $sessionId);
    $deleteSession->execute();
}

function user_session_generate_key(): string
{
    return bin2hex(random_bytes(MSZ_SESSION_KEY_SIZE / 2));
}

function user_session_purge_all(int $userId): void
{
    db_prepare('
        DELETE FROM `msz_sessions`
        WHERE `user_id` = :user_id
    ')->execute([
        'user_id' => $userId,
    ]);
}

function user_session_count($userId = 0): int
{
    $getCount = db_prepare(sprintf('
        SELECT COUNT(`session_id`)
        FROM `msz_sessions`
        WHERE %s
    ', $userId < 1 ? '1' : '`user_id` = :user_id'));

    if ($userId >= 1) {
        $getCount->bindValue('user_id', $userId);
    }

    return $getCount->execute() ? (int)$getCount->fetchColumn() : 0;
}

function user_session_list(int $offset, int $take, int $userId = 0): array
{
    $offset = max(0, $offset);
    $take = max(1, $take);

    $getSessions = db_prepare(sprintf('
        SELECT
            `session_id`, `session_country`, `session_user_agent`, `session_created`, `session_expires`, `session_active`,
            INET6_NTOA(`session_ip`) as `session_ip`
        FROM `msz_sessions`
        WHERE %s
        ORDER BY `session_id` DESC
        LIMIT :offset, :take
    ', $userId < 1 ? '1' : '`user_id` = :user_id'));

    if ($userId > 0) {
        $getSessions->bindValue('user_id', $userId);
    }

    $getSessions->bindValue('offset', $offset);
    $getSessions->bindValue('take', $take);
    $sessions = $getSessions->execute() ? $getSessions->fetchAll(PDO::FETCH_ASSOC) : false;

    return $sessions ? $sessions : [];
}

function user_session_bump_active(int $sessionId): void
{
    if ($sessionId < 1) {
        return;
    }

    $bump = db_prepare('
        UPDATE `msz_sessions`
        SET `session_active` = NOW()
        WHERE `session_id` = :session_id
    ');
    $bump->bindValue('session_id', $sessionId);
    $bump->execute();
}

// the functions below this line are imperative

function user_session_start(int $userId, string $sessionKey): bool
{
    $session = user_session_find($sessionKey, true);

    if (!$session
        || $session['user_id'] !== $userId) {
        return false;
    }

    if (time() >= strtotime($session['session_expires'])) {
        user_session_delete($session['session_id']);
        return false;
    }

    $GLOBALS[MSZ_SESSION_DATA_STORE] = $session;
    return true;
}

function user_session_stop(bool $delete = false): void
{
    if (empty($GLOBALS[MSZ_SESSION_DATA_STORE])) {
        return;
    }

    if ($delete) {
        user_session_delete($GLOBALS[MSZ_SESSION_DATA_STORE]['session_id']);
    }

    $GLOBALS[MSZ_SESSION_DATA_STORE] = [];
}

function user_session_current(?string $variable = null, $default = null)
{
    if (empty($variable)) {
        return $GLOBALS[MSZ_SESSION_DATA_STORE] ?? [];
    }

    return $GLOBALS[MSZ_SESSION_DATA_STORE][$variable] ?? $default;
}

function user_session_active(): bool
{
    return !empty($GLOBALS[MSZ_SESSION_DATA_STORE])
        && time() < strtotime($GLOBALS[MSZ_SESSION_DATA_STORE]['session_expires']);
}
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			`<?php`
Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`define('MSZ_SESSION_DATA_STORE', '_msz_user_session_data');`
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			`define('MSZ_SESSION_KEY_SIZE', 64);`

			`function user_session_create(`
			`int $userId,`
			`string $ipAddress,`
			`string $userAgent`
			`): string {`
			`$sessionKey = user_session_generate_key();`

Database stuff is now also procedural, would ya look at that. 2018-10-07 01:30:48 +02:00			`$createSession = db_prepare('`
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			INSERT INTO `msz_sessions`
			`(`
			`user_id`, `session_ip`, `session_country`,
Updated everything to use new table names. 2018-10-29 22:18:53 +01:00			`session_user_agent`, `session_key`, `session_created`, `session_expires`
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			`)`
			`VALUES`
			`(`
			`:user_id, INET6_ATON(:session_ip), :session_country,`
Updated everything to use new table names. 2018-10-29 22:18:53 +01:00			`:session_user_agent, :session_key, NOW(), NOW() + INTERVAL 1 MONTH`
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			`)`
			`');`
			`$createSession->bindValue('user_id', $userId);`
			`$createSession->bindValue('session_ip', $ipAddress);`
Ridding of IPAddress and IPAddressRange, the latter was broken and the former was obsoleted by INET funcs. 2018-09-27 10:32:43 +02:00			`$createSession->bindValue('session_country', ip_country_code($ipAddress));`
Updated everything to use new table names. 2018-10-29 22:18:53 +01:00			`$createSession->bindValue('session_user_agent', $userAgent);`
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			`$createSession->bindValue('session_key', $sessionKey);`

			`return $createSession->execute() ? $sessionKey : '';`
			`}`

Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`function user_session_find($sessionId, bool $byKey = false): array`
Move more settings.php into functions. 2018-09-28 00:03:43 +02:00			`{`
Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`if (!$byKey && $sessionId < 1) {`
Move more settings.php into functions. 2018-09-28 00:03:43 +02:00			`return [];`
			`}`

Database stuff is now also procedural, would ya look at that. 2018-10-07 01:30:48 +02:00			`$findSession = db_prepare(sprintf('`
Move more settings.php into functions. 2018-09-28 00:03:43 +02:00			`SELECT`
			`session_id`, `user_id`, INET6_NTOA(`session_ip`) as `session_ip`,
Updated everything to use new table names. 2018-10-29 22:18:53 +01:00			`session_country`, `session_user_agent`, `session_key`, `session_created`, `session_expires`, `session_active`
Move more settings.php into functions. 2018-09-28 00:03:43 +02:00			FROM `msz_sessions`
Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			WHERE `%s` = :session_id
			`', $byKey ? 'session_key' : 'session_id'));`
Move more settings.php into functions. 2018-09-28 00:03:43 +02:00			`$findSession->bindValue('session_id', $sessionId);`
			`$session = $findSession->execute() ? $findSession->fetch(PDO::FETCH_ASSOC) : false;`
			`return $session ? $session : [];`
			`}`

Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`function user_session_delete(int $sessionId): void`
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			`{`
Database stuff is now also procedural, would ya look at that. 2018-10-07 01:30:48 +02:00			`$deleteSession = db_prepare('`
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			DELETE FROM `msz_sessions`
			WHERE `session_id` = :session_id
			`');`
			`$deleteSession->bindValue('session_id', $sessionId);`
Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`$deleteSession->execute();`
A bunch of housekeeping. 2018-05-27 02:20:35 +02:00			`}`

			`function user_session_generate_key(): string`
			`{`
			`return bin2hex(random_bytes(MSZ_SESSION_KEY_SIZE / 2));`
			`}`
Move more settings.php into functions. 2018-09-28 00:03:43 +02:00
			`function user_session_purge_all(int $userId): void`
			`{`
Database stuff is now also procedural, would ya look at that. 2018-10-07 01:30:48 +02:00			`db_prepare('`
Move more settings.php into functions. 2018-09-28 00:03:43 +02:00			DELETE FROM `msz_sessions`
			WHERE `user_id` = :user_id
			`')->execute([`
			`'user_id' => $userId,`
			`]);`
			`}`
Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00
Massively cleaned up settings.php. 2018-10-29 20:12:06 +01:00			`function user_session_count($userId = 0): int`
			`{`
			`$getCount = db_prepare(sprintf('`
			SELECT COUNT(`session_id`)
			FROM `msz_sessions`
			`WHERE %s`
			', $userId < 1 ? '1' : '`user_id` = :user_id'));

			`if ($userId >= 1) {`
			`$getCount->bindValue('user_id', $userId);`
			`}`

			`return $getCount->execute() ? (int)$getCount->fetchColumn() : 0;`
			`}`

			`function user_session_list(int $offset, int $take, int $userId = 0): array`
			`{`
			`$offset = max(0, $offset);`
			`$take = max(1, $take);`

			`$getSessions = db_prepare(sprintf('`
			`SELECT`
Updated everything to use new table names. 2018-10-29 22:18:53 +01:00			`session_id`, `session_country`, `session_user_agent`, `session_created`, `session_expires`, `session_active`,
Massively cleaned up settings.php. 2018-10-29 20:12:06 +01:00			INET6_NTOA(`session_ip`) as `session_ip`
			FROM `msz_sessions`
			`WHERE %s`
			ORDER BY `session_id` DESC
			`LIMIT :offset, :take`
			', $userId < 1 ? '1' : '`user_id` = :user_id'));

			`if ($userId > 0) {`
			`$getSessions->bindValue('user_id', $userId);`
			`}`

			`$getSessions->bindValue('offset', $offset);`
			`$getSessions->bindValue('take', $take);`
			`$sessions = $getSessions->execute() ? $getSessions->fetchAll(PDO::FETCH_ASSOC) : false;`

			`return $sessions ? $sessions : [];`
			`}`

Added per-session activity timestamp. 2018-10-29 22:23:53 +01:00			`function user_session_bump_active(int $sessionId): void`
			`{`
			`if ($sessionId < 1) {`
			`return;`
			`}`

			`$bump = db_prepare('`
			UPDATE `msz_sessions`
			SET `session_active` = NOW()
			WHERE `session_id` = :session_id
			`');`
			`$bump->bindValue('session_id', $sessionId);`
			`$bump->execute();`
			`}`

Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`// the functions below this line are imperative`

			`function user_session_start(int $userId, string $sessionKey): bool`
			`{`
			`$session = user_session_find($sessionKey, true);`

			`if (!$session`
			`\|\| $session['user_id'] !== $userId) {`
			`return false;`
			`}`

Updated everything to use new table names. 2018-10-29 22:18:53 +01:00			`if (time() >= strtotime($session['session_expires'])) {`
Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`user_session_delete($session['session_id']);`
			`return false;`
			`}`

			`$GLOBALS[MSZ_SESSION_DATA_STORE] = $session;`
			`return true;`
			`}`

			`function user_session_stop(bool $delete = false): void`
			`{`
			`if (empty($GLOBALS[MSZ_SESSION_DATA_STORE])) {`
			`return;`
			`}`

			`if ($delete) {`
			`user_session_delete($GLOBALS[MSZ_SESSION_DATA_STORE]['session_id']);`
			`}`

			`$GLOBALS[MSZ_SESSION_DATA_STORE] = [];`
			`}`

			`function user_session_current(?string $variable = null, $default = null)`
			`{`
			`if (empty($variable)) {`
			`return $GLOBALS[MSZ_SESSION_DATA_STORE] ?? [];`
			`}`

			`return $GLOBALS[MSZ_SESSION_DATA_STORE][$variable] ?? $default;`
			`}`

			`function user_session_active(): bool`
			`{`
			`return !empty($GLOBALS[MSZ_SESSION_DATA_STORE])`
Updated everything to use new table names. 2018-10-29 22:18:53 +01:00			`&& time() < strtotime($GLOBALS[MSZ_SESSION_DATA_STORE]['session_expires']);`
Made imperative bits of the session system procedural like the rest. 2018-10-03 00:34:05 +02:00			`}`