chamilo_session.class.php 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236
  1. <?php
  2. /**
  3. * Chamilo session (i.e. the session that maintains the connection open after usr login)
  4. *
  5. * Usage:
  6. *
  7. *
  8. * use ChamiloSession as Session;
  9. *
  10. * Session::read('name');
  11. *
  12. * Or
  13. *
  14. * Chamilo::session()->...
  15. * session()->...
  16. *
  17. * @license see /license.txt
  18. * @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
  19. */
  20. /**
  21. * ChamiloSession class definition
  22. */
  23. class ChamiloSession extends System\Session
  24. {
  25. const NAME = 'ch_sid';
  26. /**
  27. * Generate new session instance
  28. * @return ChamiloSession
  29. */
  30. static function instance()
  31. {
  32. static $result = null;
  33. if (empty($result)) {
  34. $result = new ChamiloSession();
  35. }
  36. return $result;
  37. }
  38. /**
  39. * Returns the session lifetime
  40. * @return int The session lifetime as defined in the config file, in seconds
  41. */
  42. static function session_lifetime()
  43. {
  44. global $_configuration;
  45. return $_configuration['session_lifetime'];
  46. }
  47. /**
  48. * Returns whether the sessions are stored in the database (or not)
  49. * @return bool True if session data are stored in the database, false if they're stored on disk
  50. * @assert (null) === false
  51. */
  52. static function session_stored_in_db()
  53. {
  54. return self::read('session_stored_in_db', false);
  55. }
  56. /**
  57. * Starts the Chamilo session.
  58. *
  59. * The default lifetime for session is set here. It is not possible to have it
  60. * as a database setting as it is used before the database connection has been made.
  61. * It is taken from the configuration file, and if it doesn't exist there, it is set
  62. * to 360000 seconds
  63. *
  64. * @author Olivier Brouckaert
  65. * @param string variable - the variable name to save into the session
  66. * @return void
  67. */
  68. static function start($already_installed = true)
  69. {
  70. global $_configuration;
  71. /* Causes too many problems and is not configurable dynamically.
  72. if ($already_installed) {
  73. $session_lifetime = 360000;
  74. if (isset($_configuration['session_lifetime'])) {
  75. $session_lifetime = $_configuration['session_lifetime'];
  76. }
  77. //session_set_cookie_params($session_lifetime,api_get_path(REL_PATH));
  78. }
  79. */
  80. if (isset($_configuration['session_stored_in_db']) &&
  81. $_configuration['session_stored_in_db'] &&
  82. function_exists('session_set_save_handler')
  83. ) {
  84. $handler = new SessionHandlerDatabase();
  85. @session_set_save_handler(
  86. array($handler, 'open'),
  87. array($handler, 'close'),
  88. array($handler, 'read'),
  89. array($handler, 'write'),
  90. array($handler, 'destroy'),
  91. array($handler, 'garbage')
  92. );
  93. }
  94. // An alternative session handler, storing the session in memcache,
  95. // and in the DB as backup for memcache server failure, can be used
  96. // by defining specific configuration settings.
  97. // This requires memcache or memcached and the php5-memcache module
  98. // to be installed.
  99. // See configuration.dist.php for greater details
  100. if (isset($_configuration['session_stored_in_db_as_backup']) &&
  101. $_configuration['session_stored_in_db_as_backup'] &&
  102. function_exists('session_set_save_handler')
  103. ) {
  104. $handler = new SessionHandlerMemcache();
  105. session_set_save_handler(
  106. array(&$handler, 'open'),
  107. array(&$handler, 'close'),
  108. array(&$handler, 'read'),
  109. array(&$handler, 'write'),
  110. array(&$handler, 'destroy'),
  111. array(&$handler, 'gc')
  112. );
  113. }
  114. /*
  115. * Prevent Session fixation bug fixes
  116. * See http://support.chamilo.org/issues/3600
  117. * http://php.net/manual/en/session.configuration.php
  118. * @todo use session_set_cookie_params with some custom admin parameters
  119. */
  120. //session.cookie_lifetime
  121. //the session ID is only accepted from a cookie
  122. ini_set('session.use_only_cookies', 1);
  123. //HTTPS only if possible
  124. //ini_set('session.cookie_secure', 1);
  125. //session ID in the cookie is only readable by the server
  126. ini_set('session.cookie_httponly', 1);
  127. //Use entropy file
  128. //session.entropy_file
  129. //ini_set('session.entropy_length', 128);
  130. //Do not include the identifier in the URL, and not to read the URL for
  131. // identifiers.
  132. ini_set('session.use_trans_sid', 0);
  133. session_name(self::NAME);
  134. session_start();
  135. $session = self::instance();
  136. if ($already_installed) {
  137. if (!isset($session['checkChamiloURL'])) {
  138. $session['checkChamiloURL'] = api_get_path(WEB_PATH);
  139. } elseif ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) {
  140. self::clear();
  141. }
  142. }
  143. /*if (!$session->has('starttime') && !$session->is_expired()) {
  144. $session->write('starttime', time());
  145. }*/
  146. // If the session time has expired, refresh the starttime value,
  147. // so we're starting to count down from a later time
  148. if ( $session->has('starttime') && $session->is_expired()) {
  149. $session->destroy();
  150. } else {
  151. //error_log('Time not expired, extend session for a bit more');
  152. $session->write('starttime', time());
  153. }
  154. }
  155. /**
  156. * Session start time: that is the last time the user loaded a page (before this time)
  157. * @return int timestamp
  158. */
  159. function start_time()
  160. {
  161. return self::read('starttime');
  162. }
  163. /**
  164. * Session end time: when the session expires. This is made of the last page
  165. * load time + a number of seconds
  166. * @return int UNIX timestamp (server's timezone)
  167. */
  168. function end_time()
  169. {
  170. $start_time = $this->start_time();
  171. $lifetime = self::session_lifetime();
  172. return $start_time + $lifetime;
  173. }
  174. /**
  175. * Returns whether the session is expired
  176. * @return bool True if the session is expired, false if it is still valid
  177. */
  178. public function is_expired()
  179. {
  180. return $this->end_time() < time();
  181. }
  182. /**
  183. * The current (logged in) user.
  184. * @return CurrentUser The current user instance
  185. */
  186. public function user()
  187. {
  188. static $result = null;
  189. if (empty($result)) {
  190. $result = CurrentUser::instance();
  191. }
  192. return $result;
  193. }
  194. /**
  195. * Returns the current (active) course
  196. * @return CurrentCourse The current course instance
  197. */
  198. public function course()
  199. {
  200. static $result = null;
  201. if (empty($result)) {
  202. $result = CurrentCourse::instance();
  203. }
  204. return $result;
  205. }
  206. /**
  207. * The current group for the current (logged in) user.
  208. * @return int the current group id
  209. */
  210. public function group_id()
  211. {
  212. return Session::read('_gid');
  213. }
  214. }