... * session()->... * * @license see /license.txt * @author Laurent Opprecht for the Univesity of Geneva */ /** * ChamiloSession class definition */ class ChamiloSession extends System\Session { const NAME = 'ch_sid'; /** * Generate new session instance * @return ChamiloSession */ static function instance() { static $result = null; if (empty($result)) { $result = new ChamiloSession(); } return $result; } /** * Returns the session lifetime * @return int The session lifetime as defined in the config file, in seconds */ static function session_lifetime() { global $_configuration; return $_configuration['session_lifetime']; } /** * Returns whether the sessions are stored in the database (or not) * @return bool True if session data are stored in the database, false if they're stored on disk * @assert (null) === false */ static function session_stored_in_db() { return self::read('session_stored_in_db', false); } /** * Starts the Chamilo session. * * The default lifetime for session is set here. It is not possible to have it * as a database setting as it is used before the database connection has been made. * It is taken from the configuration file, and if it doesn't exist there, it is set * to 360000 seconds * * @author Olivier Brouckaert * @param string variable - the variable name to save into the session * @return void */ static function start($already_installed = true) { global $_configuration; /* Causes too many problems and is not configurable dynamically. if ($already_installed) { $session_lifetime = 360000; if (isset($_configuration['session_lifetime'])) { $session_lifetime = $_configuration['session_lifetime']; } //session_set_cookie_params($session_lifetime,api_get_path(REL_PATH)); } */ if (self::session_stored_in_db() && function_exists('session_set_save_handler')) { $handler = new SessionHandler(); @session_set_save_handler(array(& $handler, 'open'), array(& $handler, 'close'), array(& $handler, 'read'), array(& $handler, 'write'), array(& $handler, 'destroy'), array(& $handler, 'garbage')); } /* * Prevent Session fixation bug fixes * See http://support.chamilo.org/issues/3600 * http://php.net/manual/en/session.configuration.php * @todo use session_set_cookie_params with some custom admin parameters */ //session.cookie_lifetime //the session ID is only accepted from a cookie ini_set('session.use_only_cookies', 1); //HTTPS only if possible //ini_set('session.cookie_secure', 1); //session ID in the cookie is only readable by the server ini_set('session.cookie_httponly', 1); //Use entropy file //session.entropy_file //ini_set('session.entropy_length', 128); //Do not include the identifier in the URL, and not to read the URL for // identifiers. ini_set('session.use_trans_sid', 0); session_name(self::NAME); session_start(); $session = self::instance(); if ($already_installed) { if (!isset($session['checkChamiloURL'])) { $session['checkChamiloURL'] = api_get_path(WEB_PATH); } else if ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) { self::clear(); } } /*if (!$session->has('starttime') || $session->is_valid()) { $session->write('starttime', time()); }*/ // if the session time has expired, refresh the starttime value, so we're starting to count down from a later time if ( $session->has('starttime') && $session->is_valid()) { //error_log('Time expired, cancel session'); $session->destroy(); } else { //error_log('Time not expired, extend session for a bit more'); $session->write('starttime', time()); } } /** * Session start time: that is the last time the user loaded a page (before this time) * @return int timestamp */ function start_time() { return self::read('starttime'); } /** * Session end time: when the session expires. This is made of the last page * load time + a number of seconds * @return int UNIX timestamp (server's timezone) */ function end_time() { $start_time = $this->start_time(); $lifetime = self::session_lifetime(); return $start_time + $lifetime; } /** * Returns true if the session is stalled. I.e. if session end time is * greater than now. Returns false otherwise. * @return bool True if the session is expired. False otherwise */ function is_stalled() { return $this->end_time() >= time(); } /** * Returns whether the session is not stalled * @return bool True if the session is still valid, false otherwise */ public function is_valid() { return !$this->is_stalled(); } /** * The current (logged in) user. * @return CurrentUser The current user instance */ public function user() { static $result = null; if (empty($result)) { $result = CurrentUser::instance(); } return $result; } /** * Returns the current (active) course * @return CurrentCourse The current course instance */ public function course() { static $result = null; if (empty($result)) { $result = CurrentCourse::instance(); } return $result; } /** * The current group for the current (logged in) user. * @return int the current group id */ public function group_id() { return Session::read('_gid'); } }