/**
* @param Container $pimple A container instance
*/
public function register(Container $pimple)
{
$pimple[SystemContainer::REQUEST] = function () {
return Request::createFromGlobals();
};
$pimple[SystemContainer::SESSION] = function () {
if ($this->mockSession) {
$session = new Session(new MockArraySessionStorage());
} else {
$session = new Session();
}
$session->setName(sprintf('SID%s', mt_rand(1000, 9999)));
$session->start();
return $session;
};
$pimple[SystemContainer::TIME_PROVIDER] = function () {
return new SystemTimeProvider();
};
$pimple[SystemContainer::EVENT_DISPATCHER] = function () {
return new EventDispatcher();
};
$pimple[SystemContainer::LOGGER] = function () {
return new NullLogger();
};
}
public static function start()
{
$app = Core::make('app');
if ($app->isRunThroughCommandLineInterface()) {
$storage = new MockArraySessionStorage();
} else {
if (Config::get('concrete.session.handler') == 'database') {
$db = \Database::get();
$storage = new NativeSessionStorage(array(), new PdoSessionHandler($db->getWrappedConnection(), array('db_table' => 'Sessions', 'db_id_col' => 'sessionID', 'db_data_col' => 'sessionValue', 'db_time_col' => 'sessionTime')));
} else {
//$storage = new NativeSessionStorage(array(), new NativeFileSessionHandler());
$storage = new NativeSessionStorage(array());
}
$options = Config::get('concrete.session.cookie');
if ($options['cookie_path'] === false) {
$options['cookie_path'] = $app['app_relative_path'] . '/';
}
$options['gc_max_lifetime'] = Config::get('concrete.session.max_lifetime');
$storage->setOptions($options);
}
$session = new SymfonySession($storage);
$session->setName(Config::get('concrete.session.name'));
static::testSessionFixation($session);
return $session;
}
/**
* Initialize the session.
*
* This is something you might want to override in your controller so you can
* redirect to a page with a message about being logged out after detecting the session has expired.
*
* @var int $session_expiration Session Expiration in seconds
*/
protected function initializeSession($session_expiration = null)
{
/**
* Setup the session with cookie expiration of one week. This will
* allow the session to persist even if the browser window is closed.
* The session expiration will still be respected (default 1 hour).
*/
$this->session = new Session(new \Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage(['cookie_lifetime' => 604800]));
$this->config->load('config');
// Should session cookie be http only? Default true to reduce XSS attack vector.
$session_cookie_httponly = (bool) $this->config->get('session_cookie_httponly', true);
ini_set('session.cookie_httponly', $session_cookie_httponly);
// We need a unique session name for this app. Let's use last 10 characters the file path's sha1 hash.
try {
$this->session->setName('TSAPP' . substr(sha1(__FILE__), -10));
$this->session->start();
// Default session expiration 1 hour.
// Can be overridden in method param or by setting session_expiration in config.php
$session_expiration = !empty($session_expiration) ? $session_expiration : $this->config->get('session_expiration', 3600);
// Is this session too old?
if (time() - $this->session->getMetadataBag()->getLastUsed() > $session_expiration) {
$this->session->invalidate();
}
} catch (\LogicException $e) {
// Session already active, can't change it now!
}
}
private function startSession()
{
$session = new Session();
$session->setName('flarum_session');
$session->start();
if (!$session->has('csrf_token')) {
$session->set('csrf_token', Str::random(40));
}
return $session;
}
/**
* Create a new symfony session object
* This method MUST NOT start the session
*
* @return \Symfony\Component\HttpFoundation\Session\Session
*/
public function createSession()
{
$config = $this->app['config'];
$storage = $this->getSessionStorage($config);
$session = new SymfonySession($storage);
$session->setName($config->get('concrete.session.name'));
/**
* @todo Move this to somewhere else
*/
$this->request->setSession($session);
return $session;
}
/**
* Make the session object.
*
* @return \Symfony\Component\HttpFoundation\Session\Session
*/
public function makeSession()
{
$session = new Session($this->dic->resolve('Symfony\\Component\\HttpFoundation\\Session\\Storage\\SessionStorageInterface'), $this->dic->resolve('Symfony\\Component\\HttpFoundation\\Session\\Attribute\\AttributeBagInterface'), $this->dic->resolve('Symfony\\Component\\HttpFoundation\\Session\\Flash\\FlashBagInterface'));
$session->setName($this->config->get('session.cookie.name', 'autarky_session'));
return $session;
}
/**
* \brief This is where the magic for
* Authentication happens.
*/
function PostInitialize()
{
global $SysConf;
/* if Site Minder enabled core-auth will be disabled*/
if (siteminder_check() != -1) {
return 0;
}
if (!$this->session->isStarted()) {
$this->session->setName('Login');
$this->session->start();
}
if (array_key_exists('selectMemberGroup', $_POST)) {
$selectedGroupId = intval($_POST['selectMemberGroup']);
$this->userDao->setDefaultGroupMembership(intval($_SESSION[Auth::USER_ID]), $selectedGroupId);
$_SESSION[Auth::GROUP_ID] = $selectedGroupId;
$this->session->set(Auth::GROUP_ID, $selectedGroupId);
$SysConf['auth'][Auth::GROUP_ID] = $selectedGroupId;
}
if (array_key_exists(Auth::USER_ID, $_SESSION)) {
$SysConf['auth'][Auth::USER_ID] = $_SESSION[Auth::USER_ID];
}
if (array_key_exists(Auth::GROUP_ID, $_SESSION)) {
$SysConf['auth'][Auth::GROUP_ID] = $_SESSION[Auth::GROUP_ID];
}
$Now = time();
if (!empty($_SESSION['time'])) {
/* Logins older than 60 secs/min * 480 min = 8 hr are auto-logout */
if (@$_SESSION['time'] + 60 * 480 < $Now) {
$this->updateSession("");
}
}
$_SESSION['time'] = $Now;
if (empty($_SESSION['ip'])) {
$_SESSION['ip'] = $this->getIP();
} else {
if (@$_SESSION['checkip'] == 1 && @$_SESSION['ip'] != $this->getIP()) {
/* Sessions are not transferable. */
$this->updateSession("");
$_SESSION['ip'] = $this->getIP();
}
}
if (@$_SESSION[Auth::USER_NAME]) {
/* Recheck the user in case he is suddenly blocked or changed. */
if (empty($_SESSION['time_check'])) {
$_SESSION['time_check'] = time() + 480 * 60;
}
if (time() >= @$_SESSION['time_check']) {
$row = $this->userDao->getUserAndDefaultGroupByUserName(@$_SESSION[Auth::USER_NAME]);
/* Check for instant logouts */
if (empty($row['user_pass'])) {
$row = "";
}
$this->updateSession($row);
}
} else {
$this->updateSession("");
}
/* Disable all plugins with >= level access */
plugin_disable($_SESSION[Auth::USER_LEVEL]);
$this->State = PLUGIN_STATE_READY;
}
<?php
/*
* This is just a dummy page pretending to log a user in.
* The idea is to test sessions on the server
*/
require __DIR__ . '/../vendor/autoload.php';
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\Storage\Handler\MemcachedSessionHandler;
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
try {
$memcached = new Memcached();
$memcached->addServer('localhost', 11211);
$handler = new MemcachedSessionHandler($memcached);
$storage = new NativeSessionStorage(array(), $handler);
$session = new Session($storage);
$session->setName('CUSTOM_NAME');
$session->start();
if ($session->has('username')) {
echo "Already logged in";
} else {
$session->set('username', 'Mister hoba loba loba');
echo "Logged in!";
}
} catch (Exception $e) {
echo $e->getMessage();
}
}
return $validator;
}, 'xvsys\\validator\\Validator');
// Template Engine
$viewEngine = new \phastl\ViewEngine('app' . DIRECTORY_SEPARATOR . 'view');
$viewEngine->assign('_baseurl', $request->getUriForPath('/'));
$viewEngine->assign('_isXHR', $request->isXmlHttpRequest());
$diContainer->addSharedInstance($viewEngine, '\\phastl\\ViewEngineInterface');
if (($requestMethodBypass = $request->request->get('http-method')) !== null) {
$request->setMethod($requestMethodBypass);
}
// Session
$sessionHandler = new NativeFileSessionHandler();
$sessionStorage = new NativeSessionStorage([], $sessionHandler);
$session = new Session($sessionStorage);
$session->setName('application_name');
$session->start();
$request->setSession($session);
if ($request->isXmlHttpRequest() === false) {
$viewEngine->setDynamicLayout('layout' . DIRECTORY_SEPARATOR . 'main');
} else {
$viewEngine->setDynamicLayout('layout' . DIRECTORY_SEPARATOR . 'xhr');
}
$eventDispatcher = new EventDispatcher();
// controller resolver implementation (alternatives ReflectionCacheControllerResolver, ConfigControllerResolver)
$conrollerResolver = new ReflectionControllerResolver($diContainer);
// Exceptions handler
$logger = new \Monolog\Logger("syslog");
$logHandler = new Monolog\Handler\NullHandler();
$logHandler->setFormatter(new \Monolog\Formatter\HtmlFormatter());
$logger->pushHandler($logHandler);
// global parameter
$injector->defineParam('config', $config);
// route dispatcher
$injector->prepare('Dispatcher', function ($obj, $injector) {
$obj->injector = $injector;
});
// request
$request = Request::createFromGlobals();
$injector->share($request);
// router
$injector->define('AltoRouter', [':routes' => $route, ':basePath' => rtrim($baseDir, '/')]);
// template engine
$injector->alias('Template\\Renderer', 'Template\\PlatesRenderer');
$injector->define('League\\Plates\\Engine', [':directory' => __DIR__ . '/views/' . $config['theme']]);
$injector->alias('League\\Plates\\Extension\\ExtensionInterface', 'Template\\MyPlatesExtension');
$injector->define('Template\\MyPlatesExtension', [':baseDir' => $baseDir]);
// session and flash
$sessionFactory = function () {
$session = new Session(null, null, new Lib\MyFlash());
$session->setName('RakitanFramework');
$session->start();
return $session;
};
$injector->delegate('Symfony\\Component\\HttpFoundation\\Session\\Session', $sessionFactory);
$injector->share('Symfony\\Component\\HttpFoundation\\Session\\Session');
// authentication class
//$injector->share('Lib\MyAuth');
// middleware
$injector->alias('Debugbar\\DebugBar', 'DebugBar\\StandardDebugBar');
$injector->define('DebugBar\\JavascriptRenderer', [':baseUrl' => $baseDir . 'debugbar']);
return $injector;
