PageRenderTime 79ms CodeModel.GetById 40ms RepoModel.GetById 1ms app.codeStats 0ms

/app/code/core/Mage/Core/Model/Session/Abstract.php

https://bitbucket.org/MXWest/magento-ce-1.5.1.0
PHP | 517 lines | 246 code | 49 blank | 222 comment | 29 complexity | 204b432f7c0f50478f9a58b9bc738139 MD5 | raw file
Possible License(s): CC-BY-SA-3.0, LGPL-2.1, GPL-2.0, WTFPL
  1. <?php
  2. /**
  3. * Magento
  4. *
  5. * NOTICE OF LICENSE
  6. *
  7. * This source file is subject to the Open Software License (OSL 3.0)
  8. * that is bundled with this package in the file LICENSE.txt.
  9. * It is also available through the world-wide-web at this URL:
  10. * http://opensource.org/licenses/osl-3.0.php
  11. * If you did not receive a copy of the license and are unable to
  12. * obtain it through the world-wide-web, please send an email
  13. * to license@magentocommerce.com so we can send you a copy immediately.
  14. *
  15. * DISCLAIMER
  16. *
  17. * Do not edit or add to this file if you wish to upgrade Magento to newer
  18. * versions in the future. If you wish to customize Magento for your
  19. * needs please refer to http://www.magentocommerce.com for more information.
  20. *
  21. * @category Mage
  22. * @package Mage_Core
  23. * @copyright Copyright (c) 2010 Magento Inc. (http://www.magentocommerce.com)
  24. * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
  25. */
  26. /**
  27. * Core Session Abstract model
  28. *
  29. * @category Mage
  30. * @package Mage_Core
  31. * @author Magento Core Team <core@magentocommerce.com>
  32. */
  33. class Mage_Core_Model_Session_Abstract extends Mage_Core_Model_Session_Abstract_Varien
  34. {
  35. const XML_PATH_COOKIE_DOMAIN = 'web/cookie/cookie_domain';
  36. const XML_PATH_COOKIE_PATH = 'web/cookie/cookie_path';
  37. const XML_PATH_COOKIE_LIFETIME = 'web/cookie/cookie_lifetime';
  38. const XML_NODE_SESSION_SAVE = 'global/session_save';
  39. const XML_NODE_SESSION_SAVE_PATH = 'global/session_save_path';
  40. const XML_PATH_USE_REMOTE_ADDR = 'web/session/use_remote_addr';
  41. const XML_PATH_USE_HTTP_VIA = 'web/session/use_http_via';
  42. const XML_PATH_USE_X_FORWARDED = 'web/session/use_http_x_forwarded_for';
  43. const XML_PATH_USE_USER_AGENT = 'web/session/use_http_user_agent';
  44. const XML_PATH_USE_FRONTEND_SID = 'web/session/use_frontend_sid';
  45. const XML_NODE_USET_AGENT_SKIP = 'global/session/validation/http_user_agent_skip';
  46. const XML_PATH_LOG_EXCEPTION_FILE = 'dev/log/exception_file';
  47. const SESSION_ID_QUERY_PARAM = 'SID';
  48. /**
  49. * URL host cache
  50. *
  51. * @var array
  52. */
  53. protected static $_urlHostCache = array();
  54. /**
  55. * Encrypted session id cache
  56. *
  57. * @var string
  58. */
  59. protected static $_encryptedSessionId;
  60. /**
  61. * Skip session id flag
  62. *
  63. * @var bool
  64. */
  65. protected $_skipSessionIdFlag = false;
  66. /**
  67. * Init session
  68. *
  69. * @param string $namespace
  70. * @param string $sessionName
  71. * @return Mage_Core_Model_Session_Abstract
  72. */
  73. public function init($namespace, $sessionName=null)
  74. {
  75. parent::init($namespace, $sessionName);
  76. $this->addHost(true);
  77. return $this;
  78. }
  79. /**
  80. * Retrieve Cookie domain
  81. *
  82. * @return string
  83. */
  84. public function getCookieDomain()
  85. {
  86. return $this->getCookie()->getDomain();
  87. }
  88. /**
  89. * Retrieve cookie path
  90. *
  91. * @return string
  92. */
  93. public function getCookiePath()
  94. {
  95. return $this->getCookie()->getPath();
  96. }
  97. /**
  98. * Retrieve cookie lifetime
  99. *
  100. * @return int
  101. */
  102. public function getCookieLifetime()
  103. {
  104. return $this->getCookie()->getLifetime();
  105. }
  106. /**
  107. * Use REMOTE_ADDR in validator key
  108. *
  109. * @return bool
  110. */
  111. public function useValidateRemoteAddr()
  112. {
  113. $use = Mage::getStoreConfig(self::XML_PATH_USE_REMOTE_ADDR);
  114. if (is_null($use)) {
  115. return parent::useValidateRemoteAddr();
  116. }
  117. return (bool)$use;
  118. }
  119. /**
  120. * Use HTTP_VIA in validator key
  121. *
  122. * @return bool
  123. */
  124. public function useValidateHttpVia()
  125. {
  126. $use = Mage::getStoreConfig(self::XML_PATH_USE_HTTP_VIA);
  127. if (is_null($use)) {
  128. return parent::useValidateHttpVia();
  129. }
  130. return (bool)$use;
  131. }
  132. /**
  133. * Use HTTP_X_FORWARDED_FOR in validator key
  134. *
  135. * @return bool
  136. */
  137. public function useValidateHttpXForwardedFor()
  138. {
  139. $use = Mage::getStoreConfig(self::XML_PATH_USE_X_FORWARDED);
  140. if (is_null($use)) {
  141. return parent::useValidateHttpXForwardedFor();
  142. }
  143. return (bool)$use;
  144. }
  145. /**
  146. * Use HTTP_USER_AGENT in validator key
  147. *
  148. * @return bool
  149. */
  150. public function useValidateHttpUserAgent()
  151. {
  152. $use = Mage::getStoreConfig(self::XML_PATH_USE_USER_AGENT);
  153. if (is_null($use)) {
  154. return parent::useValidateHttpUserAgent();
  155. }
  156. return (bool)$use;
  157. }
  158. /**
  159. * Check whether SID can be used for session initialization
  160. * Admin area will always have this feature enabled
  161. *
  162. * @return bool
  163. */
  164. public function useSid()
  165. {
  166. return Mage::app()->getStore()->isAdmin() || Mage::getStoreConfig(self::XML_PATH_USE_FRONTEND_SID);
  167. }
  168. /**
  169. * Retrieve skip User Agent validation strings (Flash etc)
  170. *
  171. * @return array
  172. */
  173. public function getValidateHttpUserAgentSkip()
  174. {
  175. $userAgents = array();
  176. $skip = Mage::getConfig()->getNode(self::XML_NODE_USET_AGENT_SKIP);
  177. foreach ($skip->children() as $userAgent) {
  178. $userAgents[] = (string)$userAgent;
  179. }
  180. return $userAgents;
  181. }
  182. /**
  183. * Retrieve messages from session
  184. *
  185. * @param bool $clear
  186. * @return Mage_Core_Model_Message_Collection
  187. */
  188. public function getMessages($clear=false)
  189. {
  190. if (!$this->getData('messages')) {
  191. $this->setMessages(Mage::getModel('core/message_collection'));
  192. }
  193. if ($clear) {
  194. $messages = clone $this->getData('messages');
  195. $this->getData('messages')->clear();
  196. Mage::dispatchEvent('core_session_abstract_clear_messages');
  197. return $messages;
  198. }
  199. return $this->getData('messages');
  200. }
  201. /**
  202. * Not Mage exeption handling
  203. *
  204. * @param Exception $exception
  205. * @param string $alternativeText
  206. * @return Mage_Core_Model_Session_Abstract
  207. */
  208. public function addException(Exception $exception, $alternativeText)
  209. {
  210. // log exception to exceptions log
  211. $message = sprintf('Exception message: %s%sTrace: %s',
  212. $exception->getMessage(),
  213. "\n",
  214. $exception->getTraceAsString());
  215. $file = Mage::getStoreConfig(self::XML_PATH_LOG_EXCEPTION_FILE);
  216. Mage::log($message, Zend_Log::DEBUG, $file);
  217. $this->addMessage(Mage::getSingleton('core/message')->error($alternativeText));
  218. return $this;
  219. }
  220. /**
  221. * Adding new message to message collection
  222. *
  223. * @param Mage_Core_Model_Message_Abstract $message
  224. * @return Mage_Core_Model_Session_Abstract
  225. */
  226. public function addMessage(Mage_Core_Model_Message_Abstract $message)
  227. {
  228. $this->getMessages()->add($message);
  229. Mage::dispatchEvent('core_session_abstract_add_message');
  230. return $this;
  231. }
  232. /**
  233. * Adding new error message
  234. *
  235. * @param string $message
  236. * @return Mage_Core_Model_Session_Abstract
  237. */
  238. public function addError($message)
  239. {
  240. $this->addMessage(Mage::getSingleton('core/message')->error($message));
  241. return $this;
  242. }
  243. /**
  244. * Adding new warning message
  245. *
  246. * @param string $message
  247. * @return Mage_Core_Model_Session_Abstract
  248. */
  249. public function addWarning($message)
  250. {
  251. $this->addMessage(Mage::getSingleton('core/message')->warning($message));
  252. return $this;
  253. }
  254. /**
  255. * Adding new nitice message
  256. *
  257. * @param string $message
  258. * @return Mage_Core_Model_Session_Abstract
  259. */
  260. public function addNotice($message)
  261. {
  262. $this->addMessage(Mage::getSingleton('core/message')->notice($message));
  263. return $this;
  264. }
  265. /**
  266. * Adding new success message
  267. *
  268. * @param string $message
  269. * @return Mage_Core_Model_Session_Abstract
  270. */
  271. public function addSuccess($message)
  272. {
  273. $this->addMessage(Mage::getSingleton('core/message')->success($message));
  274. return $this;
  275. }
  276. /**
  277. * Adding messages array to message collection
  278. *
  279. * @param array $messages
  280. * @return Mage_Core_Model_Session_Abstract
  281. */
  282. public function addMessages($messages)
  283. {
  284. if (is_array($messages)) {
  285. foreach ($messages as $message) {
  286. $this->addMessage($message);
  287. }
  288. }
  289. return $this;
  290. }
  291. /**
  292. * Specify session identifier
  293. *
  294. * @param string|null $id
  295. * @return Mage_Core_Model_Session_Abstract
  296. */
  297. public function setSessionId($id=null)
  298. {
  299. if (is_null($id) && $this->useSid()) {
  300. $_queryParam = $this->getSessionIdQueryParam();
  301. if (isset($_GET[$_queryParam]) && Mage::getSingleton('core/url')->isOwnOriginUrl()) {
  302. $id = $_GET[$_queryParam];
  303. /**
  304. * No reason use crypt key for session
  305. */
  306. // if ($tryId = Mage::helper('core')->decrypt($_GET[self::SESSION_ID_QUERY_PARAM])) {
  307. // $id = $tryId;
  308. // }
  309. }
  310. }
  311. $this->addHost(true);
  312. return parent::setSessionId($id);
  313. }
  314. /**
  315. * Get ecrypted session identifuer
  316. * No reason use crypt key for session id encryption
  317. * we can use session identifier as is
  318. *
  319. * @return string
  320. */
  321. public function getEncryptedSessionId()
  322. {
  323. if (!self::$_encryptedSessionId) {
  324. // $helper = Mage::helper('core');
  325. // if (!$helper) {
  326. // return $this;
  327. // }
  328. // self::$_encryptedSessionId = $helper->encrypt($this->getSessionId());
  329. self::$_encryptedSessionId = $this->getSessionId();
  330. }
  331. return self::$_encryptedSessionId;
  332. }
  333. public function getSessionIdQueryParam()
  334. {
  335. $_sessionName = $this->getSessionName();
  336. if ($_sessionName && $queryParam = (string)Mage::getConfig()->getNode($_sessionName . '/session/query_param')) {
  337. return $queryParam;
  338. }
  339. return self::SESSION_ID_QUERY_PARAM;
  340. }
  341. /**
  342. * Set skip flag if need skip generating of _GET session_id_key param
  343. *
  344. * @param bool $flag
  345. * @return Mage_Core_Model_Session_Abstract
  346. */
  347. public function setSkipSessionIdFlag($flag)
  348. {
  349. $this->_skipSessionIdFlag = $flag;
  350. return $this;
  351. }
  352. /**
  353. * Retrieve session id skip flag
  354. *
  355. * @return bool
  356. */
  357. public function getSkipSessionIdFlag()
  358. {
  359. return $this->_skipSessionIdFlag;
  360. }
  361. /**
  362. * If the host was switched but session cookie won't recognize it - add session id to query
  363. *
  364. * @param string $urlHost can be host or url
  365. * @return string {session_id_key}={session_id_encrypted}
  366. */
  367. public function getSessionIdForHost($urlHost)
  368. {
  369. if ($this->getSkipSessionIdFlag() === true) {
  370. return '';
  371. }
  372. if (!$httpHost = Mage::app()->getFrontController()->getRequest()->getHttpHost()) {
  373. return '';
  374. }
  375. $urlHostArr = explode('/', $urlHost, 4);
  376. if (!empty($urlHostArr[2])) {
  377. $urlHost = $urlHostArr[2];
  378. }
  379. if (!isset(self::$_urlHostCache[$urlHost])) {
  380. $urlHostArr = explode(':', $urlHost);
  381. $urlHost = $urlHostArr[0];
  382. if ($httpHost !== $urlHost && !$this->isValidForHost($urlHost)) {
  383. $sessionId = $this->getEncryptedSessionId();
  384. } else {
  385. $sessionId = '';
  386. }
  387. self::$_urlHostCache[$urlHost] = $sessionId;
  388. }
  389. return self::$_urlHostCache[$urlHost];
  390. }
  391. /**
  392. * Check is valid session for hostname
  393. *
  394. * @param string $host
  395. * @return bool
  396. */
  397. public function isValidForHost($host)
  398. {
  399. $hostArr = explode(':', $host);
  400. $hosts = $this->getSessionHosts();
  401. return (!empty($hosts[$hostArr[0]]));
  402. }
  403. /**
  404. * Add hostname to session
  405. *
  406. * @param string $host
  407. * @return Mage_Core_Model_Session_Abstract
  408. */
  409. public function addHost($host)
  410. {
  411. if ($host === true) {
  412. if (!$host = Mage::app()->getFrontController()->getRequest()->getHttpHost()) {
  413. return $this;
  414. }
  415. }
  416. if (!$host) {
  417. return $this;
  418. }
  419. $hosts = $this->getSessionHosts();
  420. $hosts[$host] = true;
  421. $this->setSessionHosts($hosts);
  422. return $this;
  423. }
  424. /**
  425. * Retrieve session hostnames
  426. *
  427. * @return array
  428. */
  429. public function getSessionHosts()
  430. {
  431. return $this->getData('session_hosts');
  432. }
  433. /**
  434. * Retrieve session save method
  435. *
  436. * @return string
  437. */
  438. public function getSessionSaveMethod()
  439. {
  440. if (Mage::isInstalled() && $sessionSave = Mage::getConfig()->getNode(self::XML_NODE_SESSION_SAVE)) {
  441. return $sessionSave;
  442. }
  443. return parent::getSessionSaveMethod();
  444. }
  445. /**
  446. * Get sesssion save path
  447. *
  448. * @return string
  449. */
  450. public function getSessionSavePath()
  451. {
  452. if (Mage::isInstalled() && $sessionSavePath = Mage::getConfig()->getNode(self::XML_NODE_SESSION_SAVE_PATH)) {
  453. return $sessionSavePath;
  454. }
  455. return parent::getSessionSavePath();
  456. }
  457. /**
  458. * Renew session id and update session cookie
  459. *
  460. * @return Mage_Core_Model_Session_Abstract
  461. */
  462. public function renewSession()
  463. {
  464. $this->getCookie()->delete($this->getSessionName());
  465. $this->regenerateSessionId();
  466. return $this;
  467. }
  468. }