123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340 |
- <?php
- /**
- * @package Grav\Framework\Session
- *
- * @copyright Copyright (C) 2015 - 2018 Trilby Media, LLC. All rights reserved.
- * @license MIT License; see LICENSE file for details.
- */
- namespace Grav\Framework\Session;
- /**
- * Class Session
- * @package Grav\Framework\Session
- */
- class Session implements SessionInterface
- {
- /**
- * @var bool
- */
- protected $started = false;
- /**
- * @var Session
- */
- protected static $instance;
- /**
- * @inheritdoc
- */
- public static function getInstance()
- {
- if (null === self::$instance) {
- throw new \RuntimeException("Session hasn't been initialized.", 500);
- }
- return self::$instance;
- }
- /**
- * @inheritdoc
- */
- public function __construct(array $options = [])
- {
- // Session is a singleton.
- if (\PHP_SAPI === 'cli') {
- self::$instance = $this;
- return;
- }
- if (null !== self::$instance) {
- throw new \RuntimeException('Session has already been initialized.', 500);
- }
- // Destroy any existing sessions started with session.auto_start
- if ($this->isSessionStarted()) {
- session_unset();
- session_destroy();
- }
- // Set default options.
- $options += array(
- 'cache_limiter' => 'nocache',
- 'use_trans_sid' => 0,
- 'use_cookies' => 1,
- 'lazy_write' => 1,
- 'use_strict_mode' => 1
- );
- $this->setOptions($options);
- session_register_shutdown();
- self::$instance = $this;
- }
- /**
- * @inheritdoc
- */
- public function getId()
- {
- return session_id();
- }
- /**
- * @inheritdoc
- */
- public function setId($id)
- {
- session_id($id);
- return $this;
- }
- /**
- * @inheritdoc
- */
- public function getName()
- {
- return session_name();
- }
- /**
- * @inheritdoc
- */
- public function setName($name)
- {
- session_name($name);
- return $this;
- }
- /**
- * @inheritdoc
- */
- public function setOptions(array $options)
- {
- if (headers_sent() || \PHP_SESSION_ACTIVE === session_status()) {
- return;
- }
- $allowedOptions = [
- 'save_path' => true,
- 'name' => true,
- 'save_handler' => true,
- 'gc_probability' => true,
- 'gc_divisor' => true,
- 'gc_maxlifetime' => true,
- 'serialize_handler' => true,
- 'cookie_lifetime' => true,
- 'cookie_path' => true,
- 'cookie_domain' => true,
- 'cookie_secure' => true,
- 'cookie_httponly' => true,
- 'use_strict_mode' => true,
- 'use_cookies' => true,
- 'use_only_cookies' => true,
- 'referer_check' => true,
- 'cache_limiter' => true,
- 'cache_expire' => true,
- 'use_trans_sid' => true,
- 'trans_sid_tags' => true, // PHP 7.1
- 'trans_sid_hosts' => true, // PHP 7.1
- 'sid_length' => true, // PHP 7.1
- 'sid_bits_per_character' => true, // PHP 7.1
- 'upload_progress.enabled' => true,
- 'upload_progress.cleanup' => true,
- 'upload_progress.prefix' => true,
- 'upload_progress.name' => true,
- 'upload_progress.freq' => true,
- 'upload_progress.min-freq' => true,
- 'lazy_write' => true,
- 'url_rewriter.tags' => true, // Not used in PHP 7.1
- 'hash_function' => true, // Not used in PHP 7.1
- 'hash_bits_per_character' => true, // Not used in PHP 7.1
- 'entropy_file' => true, // Not used in PHP 7.1
- 'entropy_length' => true, // Not used in PHP 7.1
- ];
- foreach ($options as $key => $value) {
- if (is_array($value)) {
- // Allow nested options.
- foreach ($value as $key2 => $value2) {
- $ckey = "{$key}.{$key2}";
- if (isset($value2, $allowedOptions[$ckey])) {
- $this->ini_set("session.{$ckey}", $value2);
- }
- }
- } elseif (isset($value, $allowedOptions[$key])) {
- $this->ini_set("session.{$key}", $value);
- }
- }
- }
- /**
- * @inheritdoc
- */
- public function start($readonly = false)
- {
- // Protection against invalid session cookie names throwing exception: http://php.net/manual/en/function.session-id.php#116836
- if (isset($_COOKIE[session_name()]) && !preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $_COOKIE[session_name()])) {
- unset($_COOKIE[session_name()]);
- }
- $options = $readonly ? ['read_and_close' => '1'] : [];
- $success = @session_start($options);
- if (!$success) {
- $last = error_get_last();
- $error = $last ? $last['message'] : 'Unknown error';
- throw new \RuntimeException('Failed to start session: ' . $error, 500);
- }
- $params = session_get_cookie_params();
- setcookie(
- session_name(),
- session_id(),
- time() + $params['lifetime'],
- $params['path'],
- $params['domain'],
- $params['secure'],
- $params['httponly']
- );
- $this->started = true;
- return $this;
- }
- /**
- * @inheritdoc
- */
- public function invalidate()
- {
- $params = session_get_cookie_params();
- setcookie(
- session_name(),
- '',
- time() - 42000,
- $params['path'],
- $params['domain'],
- $params['secure'],
- $params['httponly']
- );
- session_unset();
- session_destroy();
- $this->started = false;
- return $this;
- }
- /**
- * @inheritdoc
- */
- public function close()
- {
- if ($this->started) {
- session_write_close();
- }
- $this->started = false;
- return $this;
- }
- /**
- * @inheritdoc
- */
- public function clear()
- {
- session_unset();
- return $this;
- }
- /**
- * @inheritdoc
- */
- public function getAll()
- {
- return $_SESSION;
- }
- /**
- * @inheritdoc
- */
- public function getIterator()
- {
- return new \ArrayIterator($_SESSION);
- }
- /**
- * @inheritdoc
- */
- public function isStarted()
- {
- return $this->started;
- }
- /**
- * @inheritdoc
- */
- public function __isset($name)
- {
- return isset($_SESSION[$name]);
- }
- /**
- * @inheritdoc
- */
- public function __get($name)
- {
- return isset($_SESSION[$name]) ? $_SESSION[$name] : null;
- }
- /**
- * @inheritdoc
- */
- public function __set($name, $value)
- {
- $_SESSION[$name] = $value;
- }
- /**
- * @inheritdoc
- */
- public function __unset($name)
- {
- unset($_SESSION[$name]);
- }
- /**
- * http://php.net/manual/en/function.session-status.php#113468
- * Check if session is started nicely.
- * @return bool
- */
- protected function isSessionStarted()
- {
- return \PHP_SAPI !== 'cli' ? \PHP_SESSION_ACTIVE === session_status() : false;
- }
- /**
- * @param string $key
- * @param mixed $value
- */
- protected function ini_set($key, $value)
- {
- if (!is_string($value)) {
- if (is_bool($value)) {
- $value = $value ? '1' : '0';
- }
- $value = (string)$value;
- }
- ini_set($key, $value);
- }
- }
|