master/html/Session_8inc_8php_source.html

<?php


class Session extends DataObject {


   var $user;


   function getSessionVar($key) {

      return isset($_SESSION[$key]) ? $_SESSION[$key] : null;

   }


   function setSessionVar($key, $value) {

      $_SESSION[$key] = $value;

      return $value;

   }


   function unsetSessionVar($key) {

      if (isset($_SESSION[$key])) {

         unset($_SESSION[$key]);

      }

   }


   //

   // Get/set methods

   //


   function getUserId() {

      return $this->getData('userId');

   }


   function setUserId($userId) {

      if (!isset($userId) || empty($userId)) {

         $this->user = null;

         $userId = null;


      } else if ($userId != $this->getData('userId')) {

         $userDao = DAORegistry::getDAO('UserDAO'); /* @var $userDao UserDAO */

         $this->user = $userDao->getById($userId);

         if (!isset($this->user)) {

            $userId = null;

         }

      }

      $this->setData('userId', $userId);

   }


   function getIpAddress() {

      return $this->getData('ipAddress');

   }


   function setIpAddress($ipAddress) {

      $this->setData('ipAddress', $ipAddress);

   }


   function getUserAgent() {

      return $this->getData('userAgent');

   }


   function setUserAgent($userAgent) {

      $this->setData('userAgent', $userAgent);

   }


   function getSecondsCreated() {

      return $this->getData('created');

   }


   function setSecondsCreated($created) {

      $this->setData('created', $created);

   }


   function getSecondsLastUsed() {

      return $this->getData('lastUsed');

   }


   function setSecondsLastUsed($lastUsed) {

      $this->setData('lastUsed', $lastUsed);

   }


   function getRemember() {

      return $this->getData('remember');

   }


   function setRemember($remember) {

      $this->setData('remember', $remember);

   }


   function getSessionData() {

      return $this->getData('data');

   }


   function setSessionData($data) {

      $this->setData('data', $data);

   }


   function getDomain() {

      return $this->getData('domain');

   }


   function setDomain($data) {

      $this->setData('domain', $data);

   }


   function &getUser() {

      return $this->user;

   }


   function getCSRFToken() {

      $csrf = $this->getSessionVar('csrf');

      if (!is_array($csrf) || time() > $csrf['timestamp'] + (60*60)) { // 1 hour token expiry

         // Generate random data

         if (function_exists('openssl_random_pseudo_bytes')) $data = openssl_random_pseudo_bytes(128);

         elseif (function_exists('random_bytes')) $data = random_bytes(128);

         else $data = sha1(mt_rand());


         // Hash the data

         $token = null;

         $salt = Config::getVar('security', 'salt');

         $algos = hash_algos();

         foreach (array('sha256', 'sha1', 'md5') as $algo) {

            if (in_array($algo, $algos)) {

               $token = hash_hmac($algo, $data, $salt);

            }

         }

         if (!$token) $token = md5($data . $salt);


         $csrf = $this->setSessionVar('csrf', array(

            'timestamp' => time(),

            'token' => $token,

         ));

      } else {

         // Extend timeout of CSRF token

         $csrf['timestamp'] = time();

         $this->setSessionVar('csrf', $csrf);

      }

      return $csrf['token'];

   }

}