chamilo-lms/main/inc/lib/chamilo_session.class.php

<?php
/**
 * Chamilo session (i.e. the session that maintains the connection open after usr login)
 * 
 * Usage:
 * 
 * 
 *      use ChamiloSession as Session;
 * 
 *      Session::read('name');
 * 
 * Or
 * 
 *      Chamilo::session()->...
 *      session()->...
 *
 * @license see /license.txt
 * @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
 */
/**
 * ChamiloSession class definition
 */
class ChamiloSession extends System\Session
{

    const NAME = 'ch_sid';

    /**
     * Generate new session instance
     * @return ChamiloSession 
     */
    static function instance()
    {
        static $result = null;
        if (empty($result)) {
            $result = new ChamiloSession();
        }
        return $result;
    }

    /**
     * Returns the session lifetime
     * @return int The session lifetime as defined in the config file, in seconds
     */
    static function session_lifetime()
    {
        global $_configuration;
        return $_configuration['session_lifetime'];
    }

    /**
     * Returns whether the sessions are stored in the database (or not)
     * @return bool True if session data are stored in the database, false if they're stored on disk
     * @assert (null) === false
     */
    static function session_stored_in_db()
    {
        return self::read('session_stored_in_db', false);
    }

    /**
     * Starts the Chamilo session.
     *
     * The default lifetime for session is set here. It is not possible to have it
     * as a database setting as it is used before the database connection has been made.
     * It is taken from the configuration file, and if it doesn't exist there, it is set
     * to 360000 seconds
     *
     * @author Olivier Brouckaert
     * @param  string variable - the variable name to save into the session
     * @return void
     */
    static function start($already_installed = true)
    {
        global $_configuration;

        /* Causes too many problems and is not configurable dynamically.
          if ($already_installed) {
          $session_lifetime = 360000;
          if (isset($_configuration['session_lifetime'])) {
          $session_lifetime = $_configuration['session_lifetime'];
          }
          //session_set_cookie_params($session_lifetime,api_get_path(REL_PATH));
          }
         */

        if (self::session_stored_in_db() && function_exists('session_set_save_handler')) {
            $handler = new SessionHandler();
            @session_set_save_handler(array(& $handler, 'open'), array(& $handler, 'close'), array(& $handler, 'read'), array(& $handler, 'write'), array(& $handler, 'destroy'), array(& $handler, 'garbage'));
        }

        /*
         * Prevent Session fixation bug fixes  
         * See http://support.chamilo.org/issues/3600
         * http://php.net/manual/en/session.configuration.php
         * @todo use session_set_cookie_params with some custom admin parameters
         */

        //session.cookie_lifetime
        //the session ID is only accepted from a cookie
        ini_set('session.use_only_cookies', 1);

        //HTTPS only if possible 
        //ini_set('session.cookie_secure', 1);
        //session ID in the cookie is only readable by the server 
        ini_set('session.cookie_httponly', 1);

        //Use entropy file    
        //session.entropy_file
        //ini_set('session.entropy_length', 128);
        //Do not include the identifier in the URL, and not to read the URL for
        // identifiers.
        ini_set('session.use_trans_sid', 0);

        session_name(self::NAME);
        session_start();

        $session = self::instance();

        if ($already_installed) {
            if (!isset($session['checkChamiloURL'])) {
                $session['checkChamiloURL'] = api_get_path(WEB_PATH);
            } else if ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) {
                self::clear();
            }
        }

        /*if (!$session->has('starttime') || $session->is_valid()) {
            $session->write('starttime', time());
        }*/
        // if the session time has expired, refresh the starttime value, so we're starting to count down from a later time
        if ( $session->has('starttime') && $session->is_valid()) {
            //error_log('Time expired, cancel session');
            $session->destroy();
        } else {
            //error_log('Time not expired, extend session for a bit more');
            $session->write('starttime', time());
        }
    }

    /**
     * Session start time: that is the last time the user loaded a page (before this time)
     * @return int timestamp
     */
    function start_time()
    {
        return self::read('starttime');
    }

    /**
     * Session end time: when the session expires. This is made of the last page
     * load time + a number of seconds
     * @return int UNIX timestamp (server's timezone)
     */
    function end_time()
    {
        $start_time = $this->start_time();
        $lifetime = self::session_lifetime();
        return $start_time + $lifetime;
    }

    /**
     * Returns true if the session is stalled. I.e. if session end time is
     * greater than now. Returns false otherwise.
     * @return bool True if the session is expired. False otherwise
     */
    function is_stalled()
    {
        return $this->end_time() >= time();
    }

    /**
     * Returns whether the session is not stalled
     * @return bool True if the session is still valid, false otherwise
     */
    public function is_valid()
    {
        return !$this->is_stalled();
    }

    /**
     * The current (logged in) user.
     * @return CurrentUser The current user instance
     */
    public function user()
    {
        static $result = null;
        if (empty($result)) {
            $result = CurrentUser::instance();
        }
        return $result;
    }

    /**
     * Returns the current (active) course
     * @return CurrentCourse The current course instance
     */
    public function course()
    {
        static $result = null;
        if (empty($result)) {
            $result = CurrentCourse::instance();
        }
        return $result;
    }

    /**
     * The current group for the current (logged in) user.
     * @return int the current group id
     */
    public function group_id()
    {
        return Session::read('_gid');
    }
}
#4784 api_session_register 13 years ago			`<?php`
			`/**`
Updated phpdoc for ChamiloSession class 12 years ago			`* Chamilo session (i.e. the session that maintains the connection open after usr login)`
#4784 api_session_register 13 years ago			`*`
			`* Usage:`
			`*`
minor remove warnings 13 years ago			`*`
			`* use ChamiloSession as Session;`
			`*`
			`* Session::read('name');`
			`*`
			`* Or`
			`*`
			`* Chamilo::session()->...`
			`* session()->...`
#4784 api_session_register 13 years ago			`*`
			`* @license see /license.txt`
			`* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva`
			`*/`
Updated phpdoc for ChamiloSession class 12 years ago			`/**`
			`* ChamiloSession class definition`
			`*/`
#4784 session register 13 years ago			`class ChamiloSession extends System\Session`
#4784 api_session_register 13 years ago			`{`

			`const NAME = 'ch_sid';`

			`/**`
Updated phpdoc for ChamiloSession class 12 years ago			`* Generate new session instance`
#4784 api_session_register 13 years ago			`* @return ChamiloSession`
			`*/`
			`static function instance()`
			`{`
			`static $result = null;`
			`if (empty($result)) {`
			`$result = new ChamiloSession();`
			`}`
			`return $result;`
			`}`

Updated phpdoc for ChamiloSession class 12 years ago			`/**`
			`* Returns the session lifetime`
			`* @return int The session lifetime as defined in the config file, in seconds`
			`*/`
#4784 api_session_register 13 years ago			`static function session_lifetime()`
			`{`
			`global $_configuration;`
			`return $_configuration['session_lifetime'];`
			`}`

Updated phpdoc for ChamiloSession class 12 years ago			`/**`
			`* Returns whether the sessions are stored in the database (or not)`
			`* @return bool True if session data are stored in the database, false if they're stored on disk`
			`* @assert (null) === false`
			`*/`
#4784 api_session_register 13 years ago			`static function session_stored_in_db()`
			`{`
			`return self::read('session_stored_in_db', false);`
			`}`

			`/**`
			`* Starts the Chamilo session.`
			`*`
			`* The default lifetime for session is set here. It is not possible to have it`
			`* as a database setting as it is used before the database connection has been made.`
			`* It is taken from the configuration file, and if it doesn't exist there, it is set`
			`* to 360000 seconds`
			`*`
			`* @author Olivier Brouckaert`
			`* @param string variable - the variable name to save into the session`
Updated phpdoc for ChamiloSession class 12 years ago			`* @return void`
#4784 api_session_register 13 years ago			`*/`
			`static function start($already_installed = true)`
			`{`
			`global $_configuration;`

			`/* Causes too many problems and is not configurable dynamically.`
			`if ($already_installed) {`
			`$session_lifetime = 360000;`
			`if (isset($_configuration['session_lifetime'])) {`
			`$session_lifetime = $_configuration['session_lifetime'];`
			`}`
			`//session_set_cookie_params($session_lifetime,api_get_path(REL_PATH));`
			`}`
			`*/`

			`if (self::session_stored_in_db() && function_exists('session_set_save_handler')) {`
			`$handler = new SessionHandler();`
			`@session_set_save_handler(array(& $handler, 'open'), array(& $handler, 'close'), array(& $handler, 'read'), array(& $handler, 'write'), array(& $handler, 'destroy'), array(& $handler, 'garbage'));`
			`}`

			`/*`
			`* Prevent Session fixation bug fixes`
			`* See http://support.chamilo.org/issues/3600`
			`* http://php.net/manual/en/session.configuration.php`
			`* @todo use session_set_cookie_params with some custom admin parameters`
			`*/`

			`//session.cookie_lifetime`
			`//the session ID is only accepted from a cookie`
			`ini_set('session.use_only_cookies', 1);`

			`//HTTPS only if possible`
			`//ini_set('session.cookie_secure', 1);`
			`//session ID in the cookie is only readable by the server`
			`ini_set('session.cookie_httponly', 1);`

			`//Use entropy file`
			`//session.entropy_file`
			`//ini_set('session.entropy_length', 128);`
Updated phpdoc for ChamiloSession class 12 years ago			`//Do not include the identifier in the URL, and not to read the URL for`
			`// identifiers.`
#4784 api_session_register 13 years ago			`ini_set('session.use_trans_sid', 0);`

			`session_name(self::NAME);`
			`session_start();`

			`$session = self::instance();`

			`if ($already_installed) {`
			`if (!isset($session['checkChamiloURL'])) {`
			`$session['checkChamiloURL'] = api_get_path(WEB_PATH);`
			`} else if ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) {`
#4784 session register 13 years ago			`self::clear();`
#4784 api_session_register 13 years ago			`}`
			`}`

Corrects Session expired wrong message refs #4797 12 years ago			`/*if (!$session->has('starttime') \|\| $session->is_valid()) {`
			`$session->write('starttime', time());`
			`}*/`
			`// if the session time has expired, refresh the starttime value, so we're starting to count down from a later time`
			`if ( $session->has('starttime') && $session->is_valid()) {`
			`//error_log('Time expired, cancel session');`
			`$session->destroy();`
			`} else {`
			`//error_log('Time not expired, extend session for a bit more');`
#4784 api_session_register 13 years ago			`$session->write('starttime', time());`
			`}`
			`}`

			`/**`
Updated phpdoc for ChamiloSession class 12 years ago			`* Session start time: that is the last time the user loaded a page (before this time)`
#4784 api_session_register 13 years ago			`* @return int timestamp`
			`*/`
			`function start_time()`
			`{`
			`return self::read('starttime');`
			`}`

			`/**`
Updated phpdoc for ChamiloSession class 12 years ago			`* Session end time: when the session expires. This is made of the last page`
			`* load time + a number of seconds`
			`* @return int UNIX timestamp (server's timezone)`
#4784 api_session_register 13 years ago			`*/`
			`function end_time()`
			`{`
			`$start_time = $this->start_time();`
			`$lifetime = self::session_lifetime();`
			`return $start_time + $lifetime;`
			`}`

			`/**`
			`* Returns true if the session is stalled. I.e. if session end time is`
			`* greater than now. Returns false otherwise.`
Updated phpdoc for ChamiloSession class 12 years ago			`* @return bool True if the session is expired. False otherwise`
#4784 api_session_register 13 years ago			`*/`
			`function is_stalled()`
			`{`
			`return $this->end_time() >= time();`
			`}`

			`/**`
Updated phpdoc for ChamiloSession class 12 years ago			`* Returns whether the session is not stalled`
			`* @return bool True if the session is still valid, false otherwise`
#4784 api_session_register 13 years ago			`*/`
			`public function is_valid()`
			`{`
			`return !$this->is_stalled();`
			`}`

			`/**`
			`* The current (logged in) user.`
Updated phpdoc for ChamiloSession class 12 years ago			`* @return CurrentUser The current user instance`
#4784 api_session_register 13 years ago			`*/`
			`public function user()`
			`{`
			`static $result = null;`
			`if (empty($result)) {`
			`$result = CurrentUser::instance();`
			`}`
			`return $result;`
			`}`
Updated phpdoc for ChamiloSession class 12 years ago
#4784 session register 13 years ago			`/**`
Updated phpdoc for ChamiloSession class 12 years ago			`* Returns the current (active) course`
			`* @return CurrentCourse The current course instance`
#4784 session register 13 years ago			`*/`
#4784 api_session_register 13 years ago			`public function course()`
			`{`
			`static $result = null;`
			`if (empty($result)) {`
			`$result = CurrentCourse::instance();`
			`}`
			`return $result;`
			`}`

			`/**`
			`* The current group for the current (logged in) user.`
Updated phpdoc for ChamiloSession class 12 years ago			`* @return int the current group id`
#4784 api_session_register 13 years ago			`*/`
			`public function group_id()`
			`{`
			`return Session::read('_gid');`
			`}`
			`}`