Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
chamilo-lms/main/inc/lib/chamilo_session.class.php

212 lines
6.0 KiB

<?php
/**
* Chamilo session (i.e. the session that maintains the connection open after usr login)
*
* Usage:
*
*
* use ChamiloSession as Session;
*
* Session::read('name');
*
* Or
*
* Chamilo::session()->...
* session()->...
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
*/
/**
* ChamiloSession class definition
*/
class ChamiloSession extends System\Session
{
const NAME = 'ch_sid';
/**
* Generate new session instance
* @return ChamiloSession
*/
static function instance()
{
static $result = null;
if (empty($result)) {
$result = new ChamiloSession();
}
return $result;
}
/**
* Returns the session lifetime
* @return int The session lifetime as defined in the config file, in seconds
*/
static function session_lifetime()
{
global $_configuration;
return $_configuration['session_lifetime'];
}
/**
* Returns whether the sessions are stored in the database (or not)
* @return bool True if session data are stored in the database, false if they're stored on disk
* @assert (null) === false
*/
static function session_stored_in_db()
{
return self::read('session_stored_in_db', false);
}
/**
* Starts the Chamilo session.
*
* The default lifetime for session is set here. It is not possible to have it
* as a database setting as it is used before the database connection has been made.
* It is taken from the configuration file, and if it doesn't exist there, it is set
* to 360000 seconds
*
* @author Olivier Brouckaert
* @param string variable - the variable name to save into the session
* @return void
*/
static function start($already_installed = true)
{
global $_configuration;
/* Causes too many problems and is not configurable dynamically.
if ($already_installed) {
$session_lifetime = 360000;
if (isset($_configuration['session_lifetime'])) {
$session_lifetime = $_configuration['session_lifetime'];
}
//session_set_cookie_params($session_lifetime,api_get_path(REL_PATH));
}
*/
if (self::session_stored_in_db() && function_exists('session_set_save_handler')) {
$handler = new SessionHandler();
@session_set_save_handler(
array(& $handler, 'open'),
array(& $handler, 'close'),
array(& $handler, 'read'),
array(& $handler, 'write'),
array(& $handler, 'destroy'),
array(& $handler, 'garbage')
);
}
/*
* Prevent Session fixation bug fixes
* See http://support.chamilo.org/issues/3600
* http://php.net/manual/en/session.configuration.php
* @todo use session_set_cookie_params with some custom admin parameters
*/
//session.cookie_lifetime
//the session ID is only accepted from a cookie
ini_set('session.use_only_cookies', 1);
//HTTPS only if possible
//ini_set('session.cookie_secure', 1);
//session ID in the cookie is only readable by the server
ini_set('session.cookie_httponly', 1);
//Use entropy file
//session.entropy_file
//ini_set('session.entropy_length', 128);
//Do not include the identifier in the URL, and not to read the URL for
// identifiers.
ini_set('session.use_trans_sid', 0);
session_name(self::NAME);
session_start();
$session = self::instance();
if ($already_installed) {
if (!isset($session['checkChamiloURL'])) {
$session['checkChamiloURL'] = api_get_path(WEB_PATH);
} elseif ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) {
self::clear();
}
}
/*if (!$session->has('starttime') && !$session->is_expired()) {
$session->write('starttime', time());
}*/
// If the session time has expired, refresh the starttime value,
// so we're starting to count down from a later time
if ( $session->has('starttime') && $session->is_expired()) {
$session->destroy();
} else {
//error_log('Time not expired, extend session for a bit more');
$session->write('starttime', time());
}
}
/**
* Session start time: that is the last time the user loaded a page (before this time)
* @return int timestamp
*/
function start_time()
{
return self::read('starttime');
}
/**
* Session end time: when the session expires. This is made of the last page
* load time + a number of seconds
* @return int UNIX timestamp (server's timezone)
*/
function end_time()
{
$start_time = $this->start_time();
$lifetime = self::session_lifetime();
return $start_time + $lifetime;
}
/**
* Returns whether the session is expired
* @return bool True if the session is expired, false if it is still valid
*/
public function is_expired()
{
return $this->end_time() < time();
}
/**
* The current (logged in) user.
* @return CurrentUser The current user instance
*/
public function user()
{
static $result = null;
if (empty($result)) {
$result = CurrentUser::instance();
}
return $result;
}
/**
* Returns the current (active) course
* @return CurrentCourse The current course instance
*/
public function course()
{
static $result = null;
if (empty($result)) {
$result = CurrentCourse::instance();
}
return $result;
}
/**
* The current group for the current (logged in) user.
* @return int the current group id
*/
public function group_id()
{
return Session::read('_gid');
}
}