|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Session API: WP_User_Meta_Session_Tokens class |
|
4
|
|
|
* |
|
5
|
|
|
* @package WordPress |
|
6
|
|
|
* @subpackage Session |
|
7
|
|
|
* @since 4.7.0 |
|
8
|
|
|
*/ |
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* Meta-based user sessions token manager. |
|
12
|
|
|
* |
|
13
|
|
|
* @since 4.0.0 |
|
14
|
|
|
*/ |
|
15
|
|
|
class WP_User_Meta_Session_Tokens extends WP_Session_Tokens { |
|
16
|
|
|
|
|
17
|
|
|
/** |
|
18
|
|
|
* Get all sessions of a user. |
|
19
|
|
|
* |
|
20
|
|
|
* @since 4.0.0 |
|
21
|
|
|
* @access protected |
|
22
|
|
|
* |
|
23
|
|
|
* @return array Sessions of a user. |
|
24
|
|
|
*/ |
|
25
|
|
|
protected function get_sessions() { |
|
26
|
|
|
$sessions = get_user_meta( $this->user_id, 'session_tokens', true ); |
|
27
|
|
|
|
|
28
|
|
|
if ( ! is_array( $sessions ) ) { |
|
29
|
|
|
return array(); |
|
30
|
|
|
} |
|
31
|
|
|
|
|
32
|
|
|
$sessions = array_map( array( $this, 'prepare_session' ), $sessions ); |
|
33
|
|
|
return array_filter( $sessions, array( $this, 'is_still_valid' ) ); |
|
34
|
|
|
} |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* Converts an expiration to an array of session information. |
|
38
|
|
|
* |
|
39
|
|
|
* @param mixed $session Session or expiration. |
|
40
|
|
|
* @return array Session. |
|
|
|
|
|
|
41
|
|
|
*/ |
|
42
|
|
|
protected function prepare_session( $session ) { |
|
43
|
|
|
if ( is_int( $session ) ) { |
|
44
|
|
|
return array( 'expiration' => $session ); |
|
45
|
|
|
} |
|
46
|
|
|
|
|
47
|
|
|
return $session; |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
/** |
|
51
|
|
|
* Retrieve a session by its verifier (token hash). |
|
52
|
|
|
* |
|
53
|
|
|
* @since 4.0.0 |
|
54
|
|
|
* @access protected |
|
55
|
|
|
* |
|
56
|
|
|
* @param string $verifier Verifier of the session to retrieve. |
|
57
|
|
|
* @return array|null The session, or null if it does not exist |
|
58
|
|
|
*/ |
|
59
|
|
|
protected function get_session( $verifier ) { |
|
60
|
|
|
$sessions = $this->get_sessions(); |
|
61
|
|
|
|
|
62
|
|
|
if ( isset( $sessions[ $verifier ] ) ) { |
|
63
|
|
|
return $sessions[ $verifier ]; |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
return null; |
|
67
|
|
|
} |
|
68
|
|
|
|
|
69
|
|
|
/** |
|
70
|
|
|
* Update a session by its verifier. |
|
71
|
|
|
* |
|
72
|
|
|
* @since 4.0.0 |
|
73
|
|
|
* @access protected |
|
74
|
|
|
* |
|
75
|
|
|
* @param string $verifier Verifier of the session to update. |
|
76
|
|
|
* @param array $session Optional. Session. Omitting this argument destroys the session. |
|
|
|
|
|
|
77
|
|
|
*/ |
|
78
|
|
|
protected function update_session( $verifier, $session = null ) { |
|
79
|
|
|
$sessions = $this->get_sessions(); |
|
80
|
|
|
|
|
81
|
|
|
if ( $session ) { |
|
82
|
|
|
$sessions[ $verifier ] = $session; |
|
83
|
|
|
} else { |
|
84
|
|
|
unset( $sessions[ $verifier ] ); |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
$this->update_sessions( $sessions ); |
|
88
|
|
|
} |
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* Update a user's sessions in the usermeta table. |
|
92
|
|
|
* |
|
93
|
|
|
* @since 4.0.0 |
|
94
|
|
|
* @access protected |
|
95
|
|
|
* |
|
96
|
|
|
* @param array $sessions Sessions. |
|
97
|
|
|
*/ |
|
98
|
|
|
protected function update_sessions( $sessions ) { |
|
99
|
|
|
if ( $sessions ) { |
|
|
|
|
|
|
100
|
|
|
update_user_meta( $this->user_id, 'session_tokens', $sessions ); |
|
101
|
|
|
} else { |
|
102
|
|
|
delete_user_meta( $this->user_id, 'session_tokens' ); |
|
103
|
|
|
} |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
/** |
|
107
|
|
|
* Destroy all session tokens for a user, except a single session passed. |
|
108
|
|
|
* |
|
109
|
|
|
* @since 4.0.0 |
|
110
|
|
|
* @access protected |
|
111
|
|
|
* |
|
112
|
|
|
* @param string $verifier Verifier of the session to keep. |
|
113
|
|
|
*/ |
|
114
|
|
|
protected function destroy_other_sessions( $verifier ) { |
|
115
|
|
|
$session = $this->get_session( $verifier ); |
|
116
|
|
|
$this->update_sessions( array( $verifier => $session ) ); |
|
117
|
|
|
} |
|
118
|
|
|
|
|
119
|
|
|
/** |
|
120
|
|
|
* Destroy all session tokens for a user. |
|
121
|
|
|
* |
|
122
|
|
|
* @since 4.0.0 |
|
123
|
|
|
* @access protected |
|
124
|
|
|
*/ |
|
125
|
|
|
protected function destroy_all_sessions() { |
|
126
|
|
|
$this->update_sessions( array() ); |
|
127
|
|
|
} |
|
128
|
|
|
|
|
129
|
|
|
/** |
|
130
|
|
|
* Destroy all session tokens for all users. |
|
131
|
|
|
* |
|
132
|
|
|
* @since 4.0.0 |
|
133
|
|
|
* @access public |
|
134
|
|
|
* @static |
|
135
|
|
|
*/ |
|
136
|
|
|
public static function drop_sessions() { |
|
137
|
|
|
delete_metadata( 'user', 0, 'session_tokens', false, true ); |
|
138
|
|
|
} |
|
139
|
|
|
} |
|
140
|
|
|
|
ntwb /
wordpress
Loading history...
This check compares the return type specified in the
@returnannotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch.If the return type contains the type array, this check recommends the use of a more specific type like
String[]orarray<String>.