48 final class Session implements \Countable, \Iterator, \ArrayAccess {
73 $this->backend->deregisterSession( $this->index );
81 return $this->backend->getId();
90 return $this->backend->getSessionId();
98 return $this->backend->resetId();
106 return $this->backend->getProvider();
117 return $this->backend->isPersistent();
127 $this->backend->persist();
134 $this->backend->unpersist();
143 return $this->backend->shouldRememberUser();
152 $this->backend->setRememberUser( $remember );
160 return $this->backend->getRequest( $this->index );
168 return $this->backend->getUser();
176 return $this->backend->getAllowedUserRights();
184 return $this->backend->canSetUser();
195 $this->backend->setUser(
$user );
203 return $this->backend->suggestLoginUsername( $this->index );
211 return $this->backend->shouldForceHTTPS();
219 $this->backend->setForceHTTPS( $force );
227 return $this->backend->getLoggedOutTimestamp();
235 $this->backend->setLoggedOutTimestamp( $ts );
244 return $this->backend->getProviderMetadata();
251 $data = &$this->backend->getData();
254 $this->backend->dirty();
256 if ( $this->backend->canSetUser() ) {
257 $this->backend->setUser(
new User );
259 $this->backend->save();
269 $this->backend->renew();
282 $request->
setSessionId( $this->backend->getSessionId() );
283 return $this->backend->getSession( $request );
292 public function get(
$key, $default = null ) {
293 $data = &$this->backend->getData();
294 return array_key_exists(
$key, $data ) ? $data[
$key] : $default;
304 $data = &$this->backend->getData();
305 return array_key_exists(
$key, $data );
314 $data = &$this->backend->getData();
315 if ( !array_key_exists(
$key, $data ) || $data[
$key] !==
$value ) {
317 $this->backend->dirty();
325 public function remove(
$key ) {
326 $data = &$this->backend->getData();
327 if ( array_key_exists(
$key, $data ) ) {
328 unset( $data[
$key] );
329 $this->backend->dirty();
345 $secrets = $this->
get(
'wsTokenSecrets' );
346 if ( !is_array( $secrets ) ) {
349 if ( isset( $secrets[
$key] ) && is_string( $secrets[$key] ) ) {
350 $secret = $secrets[
$key];
353 $secrets[
$key] = $secret;
354 $this->
set(
'wsTokenSecrets', $secrets );
357 if ( is_array( $salt ) ) {
358 $salt = implode(
'|', $salt );
360 return new Token( $secret, (
string)$salt, $new );
371 $secrets = $this->
get(
'wsTokenSecrets' );
372 if ( is_array( $secrets ) && isset( $secrets[
$key] ) ) {
373 unset( $secrets[$key] );
374 $this->
set(
'wsTokenSecrets', $secrets );
382 $this->
remove(
'wsTokenSecrets' );
390 global $wgSessionSecret, $wgSecretKey;
392 $wikiSecret = $wgSessionSecret ?: $wgSecretKey;
393 $userSecret = $this->
get(
'wsSessionSecret', null );
394 if ( $userSecret === null ) {
396 $this->
set(
'wsSessionSecret', $userSecret );
399 $keymats = hash_pbkdf2(
'sha256', $wikiSecret, $userSecret, 10001, 64,
true );
401 substr( $keymats, 0, 32 ),
402 substr( $keymats, 32, 32 ),
411 global $wgSessionInsecureSecrets;
413 if ( self::$encryptionAlgorithm === null ) {
414 if ( function_exists(
'openssl_encrypt' ) ) {
415 $methods = openssl_get_cipher_methods();
416 if ( in_array(
'aes-256-ctr', $methods,
true ) ) {
417 self::$encryptionAlgorithm = [
'openssl',
'aes-256-ctr' ];
418 return self::$encryptionAlgorithm;
420 if ( in_array(
'aes-256-cbc', $methods,
true ) ) {
421 self::$encryptionAlgorithm = [
'openssl',
'aes-256-cbc' ];
422 return self::$encryptionAlgorithm;
426 if ( function_exists(
'mcrypt_encrypt' )
427 && in_array(
'rijndael-128', mcrypt_list_algorithms(),
true )
429 $modes = mcrypt_list_modes();
430 if ( in_array(
'ctr', $modes,
true ) ) {
431 self::$encryptionAlgorithm = [
'mcrypt',
'rijndael-128',
'ctr' ];
432 return self::$encryptionAlgorithm;
434 if ( in_array(
'cbc', $modes,
true ) ) {
435 self::$encryptionAlgorithm = [
'mcrypt',
'rijndael-128',
'cbc' ];
436 return self::$encryptionAlgorithm;
440 if ( $wgSessionInsecureSecrets ) {
442 self::$encryptionAlgorithm = [
'insecure' ];
443 return self::$encryptionAlgorithm;
446 throw new \BadMethodCallException(
447 'Encryption is not available. You really should install the PHP OpenSSL extension, ' .
448 'or failing that the mcrypt extension. But if you really can\'t and you\'re willing ' .
449 'to accept insecure storage of sensitive session data, set ' .
450 '$wgSessionInsecureSecrets = true in LocalSettings.php to make this exception go away.'
454 return self::$encryptionAlgorithm;
475 $algorithm = self::getEncryptionAlgorithm();
476 switch ( $algorithm[0] ) {
478 $ciphertext = openssl_encrypt(
$serialized, $algorithm[1], $encKey, OPENSSL_RAW_DATA, $iv );
479 if ( $ciphertext ===
false ) {
480 throw new \UnexpectedValueException(
'Encryption failed: ' . openssl_error_string() );
485 $blocksize = mcrypt_get_block_size( $algorithm[1], $algorithm[2] );
486 $pad = $blocksize - ( strlen(
$serialized ) % $blocksize );
489 $ciphertext = mcrypt_encrypt( $algorithm[1], $encKey,
$serialized, $algorithm[2], $iv );
490 if ( $ciphertext ===
false ) {
491 throw new \UnexpectedValueException(
'Encryption failed' );
495 $ex = new \Exception(
'No encryption is available, storing data as plain text' );
496 $this->logger->warning( $ex->getMessage(), [
'exception' => $ex ] );
500 throw new \LogicException(
'invalid algorithm' );
504 $sealed = base64_encode( $iv ) .
'.' . base64_encode( $ciphertext );
505 $hmac = hash_hmac(
'sha256', $sealed, $hmacKey,
true );
506 $encrypted = base64_encode( $hmac ) .
'.' . $sealed;
509 $this->
set(
$key, $encrypted );
520 $encrypted = $this->
get(
$key, null );
521 if ( $encrypted === null ) {
530 $pieces = explode(
'.', $encrypted );
531 if (
count( $pieces ) !== 3 ) {
532 $ex = new \Exception(
'Invalid sealed-secret format' );
533 $this->logger->warning( $ex->getMessage(), [
'exception' => $ex ] );
536 list( $hmac, $iv, $ciphertext ) = $pieces;
538 $integCalc = hash_hmac(
'sha256', $iv .
'.' . $ciphertext, $hmacKey,
true );
539 if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) {
540 $ex = new \Exception(
'Sealed secret has been tampered with, aborting.' );
541 $this->logger->warning( $ex->getMessage(), [
'exception' => $ex ] );
546 $algorithm = self::getEncryptionAlgorithm();
547 switch ( $algorithm[0] ) {
549 $serialized = openssl_decrypt( base64_decode( $ciphertext ), $algorithm[1], $encKey,
550 OPENSSL_RAW_DATA, base64_decode( $iv ) );
552 $ex = new \Exception(
'Decyption failed: ' . openssl_error_string() );
553 $this->logger->debug( $ex->getMessage(), [
'exception' => $ex ] );
558 $serialized = mcrypt_decrypt( $algorithm[1], $encKey, base64_decode( $ciphertext ),
559 $algorithm[2], base64_decode( $iv ) );
561 $ex = new \Exception(
'Decyption failed' );
562 $this->logger->debug( $ex->getMessage(), [
'exception' => $ex ] );
571 $ex = new \Exception(
572 'No encryption is available, retrieving data that was stored as plain text'
574 $this->logger->warning( $ex->getMessage(), [
'exception' => $ex ] );
578 throw new \LogicException(
'invalid algorithm' );
596 return $this->backend->delaySave();
603 $this->backend->save();
612 $data = &$this->backend->getData();
613 return count( $data );
617 $data = &$this->backend->getData();
622 $data = &$this->backend->getData();
627 $data = &$this->backend->getData();
632 $data = &$this->backend->getData();
637 $data = &$this->backend->getData();
638 return key( $data ) !== null;
646 $data = &$this->backend->getData();
647 return isset( $data[$offset] );
658 $data = &$this->backend->getData();
659 if ( !array_key_exists( $offset, $data ) ) {
660 $ex = new \Exception(
"Undefined index (auto-adds to session with a null value): $offset" );
661 $this->logger->debug( $ex->getMessage(), [
'exception' => $ex ] );
663 return $data[$offset];
671 $this->
remove( $offset );
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
magic word the default is to use $key to get the and $key value or $key value text $key value html to format the value $key
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
when a variable name is used in a it is silently declared as a new local masking the global
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a local account $user
setSessionId(SessionId $sessionId)
Set the session for this request.
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
error also a ContextSource you ll probably need to make sure the header is varied on $request
static generateHex($chars, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in hexadecimal string format...
static generate($bytes, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in raw binary form...
foreach($res as $row) $serialized