-
Notifications
You must be signed in to change notification settings - Fork 0
/
SimpleSession.php
294 lines (251 loc) · 6.97 KB
/
SimpleSession.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
<?php
/**
* Simple WordPress session managment.
*
* @package WordPress
* @subpackage Session
* @since 3.7.0
*/
/**
* WordPress Session class for managing user session data.
*
* @package WordPress
* @since 3.7.0
*/
class SimpleSession {
/**
* Session Name.
*
* @var string
*/
protected $name;
/**
* Unique ID of the current session.
*
* @var string
*/
protected $id;
/**
* Unix timestamp when session expires.
*
* @var int
*/
protected $expires;
/**
* Unix timestamp indicating when the expiration time needs to be reset.
*
* @var int
*/
protected $exp_variant;
protected $container;
protected $opt_key;
protected $exp_key;
protected $dirty;
protected static $instances = array();
protected static $instance;
protected $cookie_path;
protected $cookie_domain;
/**
* Makes and gets a session instance.
*
* @param bool $id Session ID from which to populate data.
*
* @return bool|SimpleSession
*/
public static function factory( array $config = array() )
{
if ( array_key_exists( 'name', $config ) ) {
$name = $config['name'];
if ( ! array_key_exists( $name, self::$instances ) ) {
self::$instances[ $name ] = new self( $config );
}
return self::$instances[ $name ];
}
if ( ! self::$instance ) {
self::$instance = new self();
}
return self::$instance;
}
public function set( $key, $value )
{
$this->dirty = true;
if ( is_array( $key ) )
$this->container = array_merge( $key, $this->container);
else
$this->container[ $key ] = $value;
}
public function get( $key = NULL )
{
if ( is_null( $key ) )
return $this->container;
if ( ! array_key_exists( $key, $this->container ) )
return null;
else
return $this->container[ $key ];
}
/**
* Default constructor.
* Will rebuild the session collection from the given session ID if it exists. Otherwise, will
* create a new session with that ID.
*
* @param $id
* @uses apply_filters Calls `wp_session_expiration` to determine how long until sessions expire.
*/
protected function __construct( array $config = array() )
{
if ( array_key_exists( 'name', $config ) )
$this->name = $config['name'];
else
$this->name = 'simple';
if ( array_key_exists( 'cookie_path', $config ) )
$this->cookie_path = $config['cookie_path'];
else
$this->cookie_path = COOKIEPATH;
if ( array_key_exists( 'cookie_domain', $config ) )
$this->cookie_domain = $config['cookie_domain'];
else
$this->cookie_domain = NULL;
if ( isset( $_COOKIE[ $this->name ] ) ) {
$cookie = stripslashes( $_COOKIE[ $this->name ] );
$cookie_crumbs = explode( '||', $cookie );
$this->id = $cookie_crumbs[0];
$this->expires = $cookie_crumbs[1];
$this->exp_variant = $cookie_crumbs[2];
$this->make_opt_names();
// Update the session expiration if we're past the variant time
if ( time() > $this->exp_variant ) {
$this->set_expiration();
update_option( $this->exp_opt, $this->expires );
}
} else {
$this->id = $this->generate_id();
$this->make_opt_names();
$this->set_expiration();
}
// save your work at the end of the day
add_action( 'shutdown', array( &$this, 'write_data' ) );
$this->read_data();
$this->set_cookie();
}
/**
* Set both the expiration time and the expiration variant.
*
* If the current time is below the variant, we don't update the session's expiration time. If it's
* greater than the variant, then we update the expiration time in the database. This prevents
* writing to the database on every page load for active sessions and only updates the expiration
* time if we're nearing when the session actually expires.
*
* By default, the expiration time is set to 30 minutes.
* By default, the expiration variant is set to 24 minutes.
*
* As a result, the session expiration time - at a maximum - will only be written to the database once
* every 24 minutes. After 30 minutes, the session will have been expired. No cookie will be sent by
* the browser, and the old session will be queued for deletion by the garbage collector.
*
* @uses apply_filters Calls `wp_session_expiration_variant` to get the max update window for session data.
* @uses apply_filters Calls `wp_session_expiration` to get the standard expiration time for sessions.
*/
protected function set_expiration()
{
$this->exp_variant = time() + (int) apply_filters( 'wp_session_expiration_variant', 24 * 60 );
$this->expires = time() + (int) apply_filters( 'wp_session_expiration', 30 * 60 );
}
/**
* Set the session cookie
*/
protected function set_cookie()
{
setcookie( $this->name, $this->id . '||' . $this->expires . '||' . $this->exp_variant,
$this->expires, $this->cookie_path, $this->cookie_domain );
}
protected function delete_cookie()
{
setcookie( $this->name, '', time()-42000, $this->cookie_path, $this->cookie_domain );
}
/**
* Generate a cryptographically strong unique ID for the session token.
*
* @return string
*/
protected function generate_id()
{
if ( ! class_exists('PasswordHash') )
require_once( ABSPATH . 'wp-includes/class-phpass.php');
$hasher = new PasswordHash( 8, false );
return md5( $hasher->get_random_bytes( 32 ) );
}
/**
* Read data from a transient for the current session.
*
* Automatically resets the expiration time for the session transient to some time in the future.
*
* @return array
*/
protected function read_data()
{
$this->container = get_option( $this->opt_key, array() );
$this->dirty = false;
return $this->container;
}
/**
* Write the data from the current session to the data storage system.
*/
public function write_data()
{
// Avoid excessive database reads/writes if nothing changed.
if ( ! $this->dirty ) return;
if ( false === get_option( $this->opt_key ) ) {
add_option( $this->opt_key, $this->container, '', 'no' );
add_option( $this->exp_key, $this->expires, '', 'no' );
} else {
update_option( $this->opt_key, $this->container );
}
}
/**
* Regenerate the current session's ID.
*
* @param bool $delete_old Flag whether or not to delete the old session data from the server.
*/
public function regenerate_id( $delete_old = false )
{
if ( $delete_old ) {
delete_option( $this->opt_key);
}
$this->id = $this->generate_id();
$this->set_cookie();
}
/**
* Check if a session has been initialized.
*
* @return bool
*/
public function session_started() {
throw new Exception("Not Implemented");
}
/**
* Return the read-only cache expiration value.
*
* @return int
*/
public function cache_expiration() {
return $this->expires;
}
/**
* Flushes all session variables.
*/
public function reset() {
$this->container = array();
}
public function destroy() {
$this->reset();
$this->delete_cookie();
$this->expires = '';
$this->exp_key = '';
$this->opt_key = '';
}
private function make_opt_names()
{
$this->opt_key = 'smplsess|'.$this->name.'|'.$this->id;
$this->exp_key = 'smplsess_expires|'.$this->name.'|'.$this->id;
}
}