[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * Joomla! Content Management System 5 * 6 * @copyright (C) 2005 Open Source Matters, Inc. <https://www.joomla.org> 7 * @license GNU General Public License version 2 or later; see LICENSE.txt 8 */ 9 10 namespace Joomla\CMS\Session; 11 12 use Joomla\CMS\Application\ApplicationHelper; 13 use Joomla\CMS\Factory; 14 use Joomla\CMS\Language\Text; 15 use Joomla\CMS\Router\Route; 16 use Joomla\Event\DispatcherInterface; 17 use Joomla\Session\Session as BaseSession; 18 use Joomla\Session\StorageInterface; 19 20 // phpcs:disable PSR1.Files.SideEffects 21 \defined('JPATH_PLATFORM') or die; 22 // phpcs:enable PSR1.Files.SideEffects 23 24 /** 25 * Class for managing HTTP sessions 26 * 27 * @since 1.5 28 */ 29 class Session extends BaseSession 30 { 31 /** 32 * Constructor 33 * 34 * @param StorageInterface $store A StorageInterface implementation. 35 * @param DispatcherInterface $dispatcher DispatcherInterface for the session to use. 36 * @param array $options Optional parameters. Supported keys include: 37 * - name: The session name 38 * - id: The session ID 39 * - expire: The session lifetime in seconds 40 * 41 * @since 1.0 42 */ 43 public function __construct(StorageInterface $store = null, DispatcherInterface $dispatcher = null, array $options = []) 44 { 45 // Extra hash the name of the session for b/c with Joomla 3.x or the session is never found. 46 if (isset($options['name'])) { 47 $options['name'] = md5($options['name']); 48 } 49 50 parent::__construct($store, $dispatcher, $options); 51 } 52 53 /** 54 * Checks for a form token in the request. 55 * 56 * Use in conjunction with HTMLHelper::_('form.token') or JSession::getFormToken. 57 * 58 * @param string $method The request method in which to look for the token key. 59 * 60 * @return boolean True if found and valid, false otherwise. 61 * 62 * @since 2.5.4 63 */ 64 public static function checkToken($method = 'post') 65 { 66 $app = Factory::getApplication(); 67 $token = static::getFormToken(); 68 69 // Check from header first 70 if ($token === $app->input->server->get('HTTP_X_CSRF_TOKEN', '', 'alnum')) { 71 return true; 72 } 73 74 // Then fallback to HTTP query 75 if (!$app->input->$method->get($token, '', 'alnum')) { 76 if ($app->getSession()->isNew()) { 77 // Redirect to login screen. 78 $app->enqueueMessage(Text::_('JLIB_ENVIRONMENT_SESSION_EXPIRED'), 'warning'); 79 $app->redirect(Route::_('index.php')); 80 81 return true; 82 } 83 84 return false; 85 } 86 87 return true; 88 } 89 90 /** 91 * Method to determine a hash for anti-spoofing variable names 92 * 93 * @param boolean $forceNew If true, force a new token to be created 94 * 95 * @return string Hashed var name 96 * 97 * @since 1.6 98 */ 99 public static function getFormToken($forceNew = false) 100 { 101 $user = Factory::getUser(); 102 103 return ApplicationHelper::getHash($user->get('id', 0) . Factory::getApplication()->getSession()->getToken($forceNew)); 104 } 105 106 /** 107 * Get the available session handlers 108 * 109 * @return array An array of available session handlers 110 * 111 * @since 4.0.0 112 */ 113 public static function getHandlers(): array 114 { 115 $connectors = []; 116 117 // Get an iterator and loop through the handler classes. 118 $iterator = new \DirectoryIterator(JPATH_LIBRARIES . '/vendor/joomla/session/src/Handler'); 119 120 foreach ($iterator as $file) { 121 $fileName = $file->getFilename(); 122 123 // Only load for PHP files. 124 if (!$file->isFile() || $file->getExtension() !== 'php') { 125 continue; 126 } 127 128 // Derive the class name from the type. 129 $class = str_ireplace('.php', '', '\\Joomla\\Session\\Handler\\' . $fileName); 130 131 // If the class doesn't exist we have nothing left to do but look at the next type. We did our best. 132 if (!class_exists($class)) { 133 continue; 134 } 135 136 // Sweet! Our class exists, so now we just need to know if it passes its test method. 137 if ($class::isSupported()) { 138 // Connector names should not have file the handler suffix or the file extension. 139 $connectors[] = str_ireplace('Handler.php', '', $fileName); 140 } 141 } 142 143 return $connectors; 144 } 145 146 /** 147 * Returns the global session object. 148 * 149 * @return static The Session object. 150 * 151 * @since 1.5 152 * @deprecated 5.0 Load the session service from the dependency injection container or via $app->getSession() 153 */ 154 public static function getInstance() 155 { 156 @trigger_error( 157 __METHOD__ . '() is deprecated. Load the session from the dependency injection container or via Factory::getApplication()->getSession().', 158 E_USER_DEPRECATED 159 ); 160 161 return Factory::getApplication()->getSession(); 162 } 163 164 /** 165 * Get data from the session store 166 * 167 * @param string $name Name of a variable 168 * @param mixed $default Default value of a variable if not set 169 * 170 * @return mixed Value of a variable 171 * 172 * @since 1.5 173 */ 174 public function get($name, $default = null) 175 { 176 // Handle B/C by checking if a namespace was passed to the method, will be removed at 5.0 177 if (\func_num_args() > 2) { 178 $args = \func_get_args(); 179 180 if (!empty($args[2])) { 181 @trigger_error( 182 'Passing a namespace as a parameter to ' . __METHOD__ . '() is deprecated. ' 183 . 'The namespace should be prepended to the name instead.', 184 E_USER_DEPRECATED 185 ); 186 187 $name = $args[2] . '.' . $name; 188 } 189 } 190 191 if (parent::has($name)) { 192 // Parent is used because of b/c, can be changed in Joomla 5 193 return parent::get($name, $default); 194 } 195 196 /* 197 * B/C for retrieving sessions that originated in Joomla 3. 198 * A namespace before Joomla 4 has a prefix of 2 underscores (__). 199 * This is no longer the case in Joomla 4 and will be converted 200 * when saving new values in `self::set()` 201 */ 202 if (strpos($name, '.') !== false && parent::has('__' . $name)) { 203 return parent::get('__' . $name, $default); 204 } 205 206 // More b/c for retrieving sessions that originated in Joomla 3. This will be removed in Joomla 5 207 // as no sessions should have this format anymore! 208 if (parent::has('__default.' . $name)) { 209 return parent::get('__default.' . $name, $default); 210 } 211 212 return $default; 213 } 214 215 /** 216 * Set data into the session store. 217 * 218 * @param string $name Name of a variable. 219 * @param mixed $value Value of a variable. 220 * 221 * @return mixed Old value of a variable. 222 * 223 * @since 1.5 224 */ 225 public function set($name, $value = null) 226 { 227 // Handle B/C by checking if a namespace was passed to the method, will be removed at 5.0 228 if (\func_num_args() > 2) { 229 $args = \func_get_args(); 230 231 if (!empty($args[2])) { 232 @trigger_error( 233 'Passing a namespace as a parameter to ' . __METHOD__ . '() is deprecated. ' 234 . 'The namespace should be prepended to the name instead.', 235 E_USER_DEPRECATED 236 ); 237 238 $name = $args[2] . '.' . $name; 239 } 240 } 241 242 return parent::set($name, $value); 243 } 244 245 /** 246 * Check whether data exists in the session store 247 * 248 * @param string $name Name of variable 249 * 250 * @return boolean True if the variable exists 251 * 252 * @since 1.5 253 */ 254 public function has($name) 255 { 256 // Handle B/C by checking if a namespace was passed to the method, will be removed at 5.0 257 if (\func_num_args() > 1) { 258 $args = \func_get_args(); 259 260 if (!empty($args[1])) { 261 @trigger_error( 262 'Passing a namespace as a parameter to ' . __METHOD__ . '() is deprecated. ' 263 . 'The namespace should be prepended to the name instead.', 264 E_USER_DEPRECATED 265 ); 266 267 $name = $args[1] . '.' . $name; 268 } 269 } 270 271 if (parent::has($name)) { 272 return true; 273 } 274 275 /* 276 * B/C for retrieving sessions that originated in Joomla 3. 277 * A namespace before Joomla 4 has a prefix of 2 underscores (__). 278 * This is no longer the case in Joomla 4 and will be converted 279 * when saving new values in `self::set()` 280 */ 281 if (strpos($name, '.') !== false && parent::has('__' . $name)) { 282 return true; 283 } 284 285 // More b/c for retrieving sessions that originated in Joomla 3. This will be removed in Joomla 5 286 // as no sessions should have this format anymore! 287 return parent::has('__default.' . $name); 288 } 289 290 /** 291 * Clears all variables from the session store 292 * 293 * @return void 294 * 295 * @since 1.5 296 */ 297 public function clear() 298 { 299 // Handle B/C by checking if parameters were passed to this method; if so proxy to the new remove() method, will be removed at 5.0 300 if (\func_num_args() >= 1) { 301 $args = \func_get_args(); 302 303 if (!empty($args[0])) { 304 @trigger_error( 305 'Using ' . __METHOD__ . '() to remove a single element from the session is deprecated. Use ' . __CLASS__ . '::remove() instead.', 306 E_USER_DEPRECATED 307 ); 308 309 $name = $args[0]; 310 311 // Also check for a namespace 312 if (\func_num_args() > 1 && !empty($args[1])) { 313 @trigger_error( 314 'Passing a namespace as a parameter to ' . __METHOD__ . '() is deprecated. ' 315 . 'The namespace should be prepended to the name instead.', 316 E_USER_DEPRECATED 317 ); 318 319 $name = $args[1] . '.' . $name; 320 } 321 322 $this->remove($name); 323 324 /* 325 * B/C for cleaning sessions that originated in Joomla 3. 326 * A namespace before Joomla 4 has a prefix of 2 underscores (__). 327 * This is no longer the case in Joomla 4 so we clean both variants. 328 */ 329 $this->remove('__' . $name); 330 331 return; 332 } 333 } 334 335 parent::clear(); 336 } 337 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |