48 final class Session implements \Countable, \Iterator, \ArrayAccess {
70 $this->backend->deregisterSession( $this->index );
78 return $this->backend->getId();
87 return $this->backend->getSessionId();
95 return $this->backend->resetId();
103 return $this->backend->getProvider();
114 return $this->backend->isPersistent();
124 $this->backend->persist();
131 $this->backend->unpersist();
140 return $this->backend->shouldRememberUser();
149 $this->backend->setRememberUser( $remember );
157 return $this->backend->getRequest( $this->index );
165 return $this->backend->getUser();
173 return $this->backend->getAllowedUserRights();
181 return $this->backend->canSetUser();
192 $this->backend->setUser(
$user );
200 return $this->backend->suggestLoginUsername( $this->index );
208 return $this->backend->shouldForceHTTPS();
216 $this->backend->setForceHTTPS( $force );
224 return $this->backend->getLoggedOutTimestamp();
232 $this->backend->setLoggedOutTimestamp( $ts );
241 return $this->backend->getProviderMetadata();
248 $data = &$this->backend->getData();
251 $this->backend->dirty();
253 if ( $this->backend->canSetUser() ) {
254 $this->backend->setUser(
new User );
256 $this->backend->save();
266 $this->backend->renew();
279 $request->
setSessionId( $this->backend->getSessionId() );
280 return $this->backend->getSession( $request );
289 public function get(
$key, $default = null ) {
290 $data = &$this->backend->getData();
291 return array_key_exists(
$key, $data ) ? $data[
$key] : $default;
301 $data = &$this->backend->getData();
302 return array_key_exists(
$key, $data );
311 $data = &$this->backend->getData();
312 if ( !array_key_exists(
$key, $data ) || $data[
$key] !==
$value ) {
314 $this->backend->dirty();
322 public function remove(
$key ) {
323 $data = &$this->backend->getData();
324 if ( array_key_exists(
$key, $data ) ) {
325 unset( $data[
$key] );
326 $this->backend->dirty();
342 $secrets = $this->
get(
'wsTokenSecrets' );
343 if ( !is_array( $secrets ) ) {
346 if ( isset( $secrets[
$key] ) && is_string( $secrets[$key] ) ) {
347 $secret = $secrets[
$key];
350 $secrets[
$key] = $secret;
351 $this->
set(
'wsTokenSecrets', $secrets );
354 if ( is_array( $salt ) ) {
355 $salt = implode(
'|', $salt );
357 return new Token( $secret, (
string)$salt, $new );
368 $secrets = $this->
get(
'wsTokenSecrets' );
369 if ( is_array( $secrets ) && isset( $secrets[
$key] ) ) {
370 unset( $secrets[$key] );
371 $this->
set(
'wsTokenSecrets', $secrets );
379 $this->
remove(
'wsTokenSecrets' );
387 global $wgSessionSecret, $wgSecretKey;
389 $wikiSecret = $wgSessionSecret ?: $wgSecretKey;
390 $userSecret = $this->
get(
'wsSessionSecret', null );
391 if ( $userSecret === null ) {
393 $this->
set(
'wsSessionSecret', $userSecret );
396 $keymats = hash_pbkdf2(
'sha256', $wikiSecret, $userSecret, 10001, 64,
true );
398 substr( $keymats, 0, 32 ),
399 substr( $keymats, 32, 32 ),
412 global $wgSessionInsecureSecrets;
423 if ( function_exists(
'openssl_encrypt' ) ) {
424 $ciphertext = openssl_encrypt(
$serialized,
'aes-256-ctr', $encKey, OPENSSL_RAW_DATA, $iv );
425 if ( $ciphertext ===
false ) {
428 } elseif ( function_exists(
'mcrypt_encrypt' ) ) {
429 $ciphertext = mcrypt_encrypt(
'rijndael-128', $encKey,
$serialized,
'ctr', $iv );
430 if ( $ciphertext ===
false ) {
433 } elseif ( $wgSessionInsecureSecrets ) {
434 $ex = new \Exception(
'No encryption is available, storing data as plain text' );
435 $this->logger->warning( $ex->getMessage(), [
'exception' => $ex ] );
438 throw new \BadMethodCallException(
439 'Encryption is not available. You really should install the PHP OpenSSL extension, ' .
440 'or failing that the mcrypt extension. But if you really can\'t and you\'re willing ' .
441 'to accept insecure storage of sensitive session data, set ' .
442 '$wgSessionInsecureSecrets = true in LocalSettings.php to make this exception go away.'
447 $sealed = base64_encode( $iv ) .
'.' . base64_encode( $ciphertext );
448 $hmac = hash_hmac(
'sha256', $sealed, $hmacKey,
true );
449 $encrypted = base64_encode( $hmac ) .
'.' . $sealed;
452 $this->
set(
$key, $encrypted );
462 global $wgSessionInsecureSecrets;
465 $encrypted = $this->
get(
$key, null );
466 if ( $encrypted === null ) {
475 $pieces = explode(
'.', $encrypted );
476 if (
count( $pieces ) !== 3 ) {
477 $ex = new \Exception(
'Invalid sealed-secret format' );
478 $this->logger->warning( $ex->getMessage(), [
'exception' => $ex ] );
481 list( $hmac, $iv, $ciphertext ) = $pieces;
483 $integCalc = hash_hmac(
'sha256', $iv .
'.' . $ciphertext, $hmacKey,
true );
484 if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) {
485 $ex = new \Exception(
'Sealed secret has been tampered with, aborting.' );
486 $this->logger->warning( $ex->getMessage(), [
'exception' => $ex ] );
492 if ( function_exists(
'openssl_decrypt' ) ) {
494 base64_decode( $ciphertext ),
'aes-256-ctr', $encKey, OPENSSL_RAW_DATA, base64_decode( $iv )
497 $ex = new \Exception(
'Decyption failed: ' . openssl_error_string() );
498 $this->logger->debug( $ex->getMessage(), [
'exception' => $ex ] );
501 } elseif ( function_exists(
'mcrypt_decrypt' ) ) {
503 'rijndael-128', $encKey, base64_decode( $ciphertext ),
'ctr', base64_decode( $iv )
506 $ex = new \Exception(
'Decyption failed' );
507 $this->logger->debug( $ex->getMessage(), [
'exception' => $ex ] );
510 } elseif ( $wgSessionInsecureSecrets ) {
511 $ex = new \Exception(
512 'No encryption is available, retrieving data that was stored as plain text'
514 $this->logger->warning( $ex->getMessage(), [
'exception' => $ex ] );
517 throw new \BadMethodCallException(
518 'Encryption is not available. You really should install the PHP OpenSSL extension, ' .
519 'or failing that the mcrypt extension. But if you really can\'t and you\'re willing ' .
520 'to accept insecure storage of sensitive session data, set ' .
521 '$wgSessionInsecureSecrets = true in LocalSettings.php to make this exception go away.'
540 return $this->backend->delaySave();
547 $this->backend->save();
556 $data = &$this->backend->getData();
557 return count( $data );
561 $data = &$this->backend->getData();
566 $data = &$this->backend->getData();
571 $data = &$this->backend->getData();
576 $data = &$this->backend->getData();
581 $data = &$this->backend->getData();
582 return key( $data ) !== null;
590 $data = &$this->backend->getData();
591 return isset( $data[$offset] );
602 $data = &$this->backend->getData();
603 if ( !array_key_exists( $offset, $data ) ) {
604 $ex = new \Exception(
"Undefined index (auto-adds to session with a null value): $offset" );
605 $this->logger->debug( $ex->getMessage(), [
'exception' => $ex ] );
607 return $data[$offset];
615 $this->
remove( $offset );
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
magic word the default is to use $key to get the and $key value or $key value text $key value html to format the value $key
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
when a variable name is used in a it is silently declared as a new local masking the global
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a local account $user
setSessionId(SessionId $sessionId)
Set the session for this request.
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
error also a ContextSource you ll probably need to make sure the header is varied on $request
static generateHex($chars, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in hexadecimal string format...
static generate($bytes, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in raw binary form...
foreach($res as $row) $serialized