src/Core/Session.php

   1 <?php
   2
   3 /**
   4  * @file src/Core/Session.php
   5  */
   6 namespace Friendica\Core;
   7
   8 use Friendica\App;
   9 use Friendica\BaseObject;
  10 use Friendica\Core\Cache\ICache;
  11 use Friendica\Core\Session\CacheSessionHandler;
  12 use Friendica\Core\Session\DatabaseSessionHandler;
  13 use Friendica\Database\Database;
  14 use Friendica\Database\DBA;
  15 use Friendica\Model\Contact;
  16 use Friendica\Model\User;
  17 use Friendica\Util\Strings;
  18 use Psr\Log\LoggerInterface;
  19
  20 /**
  21  * High-level Session service class
  22  *
  23  * @author Hypolite Petovan <hypolite@mrpetovan.com>
  24  */
  25 class Session
  26 {
  27         public static $exists = false;
  28         public static $expire = 180000;
  29
  30         public static function init()
  31         {
  32                 ini_set('session.gc_probability', 50);
  33                 ini_set('session.use_only_cookies', 1);
  34                 ini_set('session.cookie_httponly', 1);
  35
  36                 if (Config::get('system', 'ssl_policy') == App\BaseURL::SSL_POLICY_FULL) {
  37                         ini_set('session.cookie_secure', 1);
  38                 }
  39
  40                 $session_handler = Config::get('system', 'session_handler', 'database');
  41                 if ($session_handler != 'native') {
  42                         if ($session_handler == 'cache' && Config::get('system', 'cache_driver', 'database') != 'database') {
  43                                 $SessionHandler = new CacheSessionHandler(
  44                                         BaseObject::getClass(ICache::class),
  45                                         BaseObject::getClass(LoggerInterface::class),
  46                                         $_SERVER
  47                                 );
  48                         } else {
  49                                 $SessionHandler = new DatabaseSessionHandler(
  50                                         BaseObject::getClass(Database::class),
  51                                         BaseObject::getClass(LoggerInterface::class),
  52                                         $_SERVER
  53                                 );
  54                         }
  55
  56                         session_set_save_handler($SessionHandler);
  57                 }
  58         }
  59
  60         public static function exists($name)
  61         {
  62                 return isset($_SESSION[$name]);
  63         }
  64
  65         /**
  66          * Retrieves a key from the session super global or the defaults if the key is missing or the value is falsy.
  67          *
  68          * Handle the case where session_start() hasn't been called and the super global isn't available.
  69          *
  70          * @param string $name
  71          * @param mixed $defaults
  72          * @return mixed
  73          */
  74         public static function get($name, $defaults = null)
  75         {
  76                 return $_SESSION[$name] ?? $defaults;
  77         }
  78
  79         /**
  80          * Sets a single session variable.
  81          * Overrides value of existing key.
  82          *
  83          * @param string $name
  84          * @param mixed $value
  85          */
  86         public static function set($name, $value)
  87         {
  88                 $_SESSION[$name] = $value;
  89         }
  90
  91         /**
  92          * Sets multiple session variables.
  93          * Overrides values for existing keys.
  94          *
  95          * @param array $values
  96          */
  97         public static function setMultiple(array $values)
  98         {
  99                 $_SESSION = $values + $_SESSION;
 100         }
 101
 102         /**
 103          * Removes a session variable.
 104          * Ignores missing keys.
 105          *
 106          * @param $name
 107          */
 108         public static function remove($name)
 109         {
 110                 unset($_SESSION[$name]);
 111         }
 112
 113         /**
 114          * Clears the current session array
 115          */
 116         public static function clear()
 117         {
 118                 session_unset();
 119                 session_start();
 120                 $_SESSION = [];
 121         }
 122
 123         /**
 124          * Returns contact ID for given user ID
 125          *
 126          * @param integer $uid User ID
 127          * @return integer Contact ID of visitor for given user ID
 128          */
 129         public static function getRemoteContactID($uid)
 130         {
 131                 if (empty($_SESSION['remote'][$uid])) {
 132                         return false;
 133                 }
 134
 135                 return $_SESSION['remote'][$uid];
 136         }
 137
 138         /**
 139          * Returns User ID for given contact ID of the visitor
 140          *
 141          * @param integer $cid Contact ID
 142          * @return integer User ID for given contact ID of the visitor
 143          */
 144         public static function getUserIDForVisitorContactID($cid)
 145         {
 146                 if (empty($_SESSION['remote'])) {
 147                         return false;
 148                 }
 149
 150                 return array_search($cid, $_SESSION['remote']);
 151         }
 152
 153         /**
 154          * Set the session variable that contains the contact IDs for the visitor's contact URL
 155          *
 156          * @param string $url Contact URL
 157          */
 158         public static function setVisitorsContacts()
 159         {
 160                 $_SESSION['remote'] = [];
 161
 162                 $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
 163                 while ($contact = DBA::fetch($remote_contacts)) {
 164                         if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) {
 165                                 continue;
 166                         }
 167
 168                         $_SESSION['remote'][$contact['uid']] = $contact['id'];
 169                 }
 170                 DBA::close($remote_contacts);
 171         }
 172
 173         /**
 174          * Returns if the current visitor is authenticated
 175          *
 176          * @return boolean "true" when visitor is either a local or remote user
 177          */
 178         public static function isAuthenticated()
 179         {
 180                 if (empty($_SESSION['authenticated'])) {
 181                         return false;
 182                 }
 183
 184                 return $_SESSION['authenticated'];
 185         }
 186
 187         /**
 188          * @brief Kills the "Friendica" cookie and all session data
 189          */
 190         public static function delete()
 191         {
 192                 /** @var User\Cookie $cookie */
 193                 $cookie = BaseObject::getClass(User\Cookie::class);
 194                 $cookie->clear();
 195                 $_SESSION = [];
 196                 session_unset();
 197                 session_destroy();
 198         }
 199 }