* @link http://getkirby.com * @copyright Bastian Allgeier * @license http://www.opensource.org/licenses/mit-license.php MIT License */ class S { public static $started = false; public static $name = 'kirby_session'; public static $timeout = 30; public static $cookie = array(); /** * Starts a new session * * * * s::start(); * // do whatever you want with the session now * * * */ public static function start() { if(session_status() === PHP_SESSION_ACTIVE) return true; // store the session name static::$cookie += array( 'lifetime' => 0, 'path' => ini_get('session.cookie_path'), 'domain' => ini_get('session.cookie_domain'), 'secure' => r::secure(), 'httponly' => true ); // set the custom session name session_name(static::$name); // make sure to use cookies only ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); // try to start the session if(!session_start()) return false; if(!setcookie( static::$name, session_id(), cookie::lifetime(static::$cookie['lifetime']), static::$cookie['path'], static::$cookie['domain'], static::$cookie['secure'], static::$cookie['httponly'] )) { return false; } // mark it as started static::$started = true; // check if the session is still valid if(!static::check()) { return static::destroy(); } return true; } /** * Checks if the session is still valid * and not expired * * @return boolean */ public static function check() { // check for the last activity and compare it with the session timeout if(isset($_SESSION['kirby_session_activity']) && time() - $_SESSION['kirby_session_activity'] > static::$timeout * 60) { return false; } // check for an existing fingerprint and compare it if(isset($_SESSION['kirby_session_fingerprint']) and $_SESSION['kirby_session_fingerprint'] !== static::fingerprint()) { return false; } // store a new fingerprint and the last activity $_SESSION['kirby_session_fingerprint'] = static::fingerprint(); $_SESSION['kirby_session_activity'] = time(); return true; } /** * Generates a fingerprint from the user agent string * * @return string */ public static function fingerprint() { if(!r::cli()) { return sha1(Visitor::ua() . (ip2long($_SERVER['REMOTE_ADDR']) & ip2long('255.255.0.0'))); } else { return ''; } } /** * Returns the current session id * * @return string */ public static function id() { static::start(); return session_id(); } /** * Sets a session value by key * * * * s::set('username', 'bastian'); * // saves the username in the session * * s::set(array( * 'key1' => 'val1', * 'key2' => 'val2', * 'key3' => 'val3' * )); * // setting multiple variables at once * * * * @param mixed $key The key to define * @param mixed $value The value for the passed key */ public static function set($key, $value = false) { static::start(); if(!isset($_SESSION)) return false; if(is_array($key)) { $_SESSION = array_merge($_SESSION, $key); } else { $_SESSION[$key] = $value; } } /** * Gets a session value by key * * * * s::get('username', 'bastian'); * // saves the username in the session * * echo s::get('username'); * // output: 'bastian' * * * * @param mixed $key The key to look for. Pass false or null to return the entire session array. * @param mixed $default Optional default value, which should be returned if no element has been found * @return mixed */ public static function get($key = false, $default = null) { static::start(static::$name, static::$timeout, static::$cookie); if(!isset($_SESSION)) return false; if(empty($key)) return $_SESSION; return isset($_SESSION[$key]) ? $_SESSION[$key] : $default; } /** * Retrieves an item and removes it afterwards * * @param string $key * @param mixed $default * @return mixed */ public static function pull($key, $default = null) { $value = s::get($key, $default); s::remove($key); return $value; } /** * Removes a value from the session by key * * * * $_SESSION = array( * 'username' => 'bastian', * 'id' => 1, * ); * * s::remove('username'); * // $_SESSION = array( * // 'id' => 1 * // ) * * * * @param mixed $key The key to remove by * @return array The session array without the value */ public static function remove($key) { static::start(); unset($_SESSION[$key]); return $_SESSION; } /** * Checks if the session has already been started * * @return boolean */ public static function started() { return static::$started; } /** * Destroys a session * * * * s::start(); * // do whatever you want with the session now * * s::destroy(); * // everything stored in the session will be deleted * * * */ public static function destroy() { if(!static::$started) return false; $_SESSION = array(); cookie::remove(static::$name); static::$started = false; return session_destroy(); } /** * Alternative for s::destroy() */ public static function stop() { s::destroy(); } /** * Destroys a session first and then starts it again */ public static function restart() { static::destroy(); static::start(); } /** * Create a new session Id */ public static function regenerateId() { static::start(static::$name, static::$timeout, static::$cookie); session_regenerate_id(true); } }