/php/main/inc/lib/chamilo_session.class.php
PHP | 215 lines | 86 code | 22 blank | 107 comment | 13 complexity | 5025ab5f19bea6357e779ae3e7b77e7c MD5 | raw file
- <?php
- /**
- * Chamilo session (i.e. the session that maintains the connection open after usr login)
- *
- * Usage:
- *
- *
- * use ChamiloSession as Session;
- *
- * Session::read('name');
- *
- * Or
- *
- * Chamilo::session()->...
- * session()->...
- *
- * @license see /license.txt
- * @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
- */
- /**
- * ChamiloSession class definition
- */
- class ChamiloSession extends System\Session
- {
- const NAME = 'ch_sid';
- /**
- * Generate new session instance
- * @return ChamiloSession
- */
- static function instance()
- {
- static $result = null;
- if (empty($result)) {
- $result = new ChamiloSession();
- }
- return $result;
- }
- /**
- * Returns the session lifetime
- * @return int The session lifetime as defined in the config file, in seconds
- */
- static function session_lifetime()
- {
- global $_configuration;
- return $_configuration['session_lifetime'];
- }
- /**
- * Returns whether the sessions are stored in the database (or not)
- * @return bool True if session data are stored in the database, false if they're stored on disk
- * @assert (null) === false
- */
- static function session_stored_in_db()
- {
- return self::read('session_stored_in_db', false);
- }
- /**
- * Starts the Chamilo session.
- *
- * The default lifetime for session is set here. It is not possible to have it
- * as a database setting as it is used before the database connection has been made.
- * It is taken from the configuration file, and if it doesn't exist there, it is set
- * to 360000 seconds
- *
- * @author Olivier Brouckaert
- * @param string variable - the variable name to save into the session
- * @return void
- */
- static function start($already_installed = true)
- {
- global $_configuration;
- /* Causes too many problems and is not configurable dynamically.
- if ($already_installed) {
- $session_lifetime = 360000;
- if (isset($_configuration['session_lifetime'])) {
- $session_lifetime = $_configuration['session_lifetime'];
- }
- //session_set_cookie_params($session_lifetime,api_get_path(REL_PATH));
- }
- */
- if (self::session_stored_in_db() && function_exists('session_set_save_handler')) {
- $handler = new SessionHandler();
- @session_set_save_handler(array(& $handler, 'open'), array(& $handler, 'close'), array(& $handler, 'read'), array(& $handler, 'write'), array(& $handler, 'destroy'), array(& $handler, 'garbage'));
- }
- /*
- * Prevent Session fixation bug fixes
- * See http://support.chamilo.org/issues/3600
- * http://php.net/manual/en/session.configuration.php
- * @todo use session_set_cookie_params with some custom admin parameters
- */
- //session.cookie_lifetime
- //the session ID is only accepted from a cookie
- ini_set('session.use_only_cookies', 1);
- //HTTPS only if possible
- //ini_set('session.cookie_secure', 1);
- //session ID in the cookie is only readable by the server
- ini_set('session.cookie_httponly', 1);
- //Use entropy file
- //session.entropy_file
- //ini_set('session.entropy_length', 128);
- //Do not include the identifier in the URL, and not to read the URL for
- // identifiers.
- ini_set('session.use_trans_sid', 0);
- session_name(self::NAME);
- session_start();
- $session = self::instance();
- if ($already_installed) {
- if (!isset($session['checkChamiloURL'])) {
- $session['checkChamiloURL'] = api_get_path(WEB_PATH);
- } else if ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) {
- self::clear();
- }
- }
- /*if (!$session->has('starttime') || $session->is_valid()) {
- $session->write('starttime', time());
- }*/
- // if the session time has expired, refresh the starttime value, so we're starting to count down from a later time
- if ( $session->has('starttime') && $session->is_valid()) {
- //error_log('Time expired, cancel session');
- $session->destroy();
- } else {
- //error_log('Time not expired, extend session for a bit more');
- $session->write('starttime', time());
- }
- }
- /**
- * Session start time: that is the last time the user loaded a page (before this time)
- * @return int timestamp
- */
- function start_time()
- {
- return self::read('starttime');
- }
- /**
- * Session end time: when the session expires. This is made of the last page
- * load time + a number of seconds
- * @return int UNIX timestamp (server's timezone)
- */
- function end_time()
- {
- $start_time = $this->start_time();
- $lifetime = self::session_lifetime();
- return $start_time + $lifetime;
- }
- /**
- * Returns true if the session is stalled. I.e. if session end time is
- * greater than now. Returns false otherwise.
- * @return bool True if the session is expired. False otherwise
- */
- function is_stalled()
- {
- return $this->end_time() >= time();
- }
- /**
- * Returns whether the session is not stalled
- * @return bool True if the session is still valid, false otherwise
- */
- public function is_valid()
- {
- return !$this->is_stalled();
- }
- /**
- * The current (logged in) user.
- * @return CurrentUser The current user instance
- */
- public function user()
- {
- static $result = null;
- if (empty($result)) {
- $result = CurrentUser::instance();
- }
- return $result;
- }
- /**
- * Returns the current (active) course
- * @return CurrentCourse The current course instance
- */
- public function course()
- {
- static $result = null;
- if (empty($result)) {
- $result = CurrentCourse::instance();
- }
- return $result;
- }
- /**
- * The current group for the current (logged in) user.
- * @return int the current group id
- */
- public function group_id()
- {
- return Session::read('_gid');
- }
- }