public function run()
 {
     $sessionHandler = new DBSessionHandler();
     $config = DI::get()->getConfig();
     $sessionHandler->clean($config->session->lifetime);
     TmpSessionDAO::create()->dropAll();
 }
Exemple #2
0
<?php

// This script generates session id that will be verified in daemon
use SocioChat\DAO\TmpSessionDAO;
use SocioChat\DI;
use SocioChat\DIBuilder;
if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
    die('only internal requests allowed');
}
require_once '../config.php';
$container = DI::get()->container();
DIBuilder::setupNormal($container);
$config = $container->get('config');
$token = null;
if (isset($_COOKIE['token'])) {
    $token = $_COOKIE['token'];
}
if (!$token || $token == 'null' || isset($_GET['regenerate'])) {
    $token = bin2hex(openssl_random_pseudo_bytes(16));
}
$sessionHandler = DI::get()->getSession();
if (!$sessionHandler->read($token)) {
    $tmpSession = TmpSessionDAO::create();
    if (!$tmpSession->getBySessionId($token)->getId()) {
        $tmpSession->setSessionId($token)->save();
    }
}
http_response_code(200);
echo json_encode(['token' => $token, 'ttl' => time() + $config->session->lifetime, 'isSecure' => $config->domain->protocol == 'https://']);
 public function handleRequest(ChainContainer $chain)
 {
     $newUserWrapper = $chain->getFrom();
     $container = DI::get()->container();
     $logger = $container->get('logger');
     /* @var $logger Logger */
     $clients = DI::get()->getUsers();
     $socketRequest = $newUserWrapper->getWSRequest();
     /* @var $socketRequest Request */
     $langCode = $socketRequest->getCookie('lang') ?: 'ru';
     $lang = $container->get('lang')->setLangByCode($langCode);
     /* @var $lang Lang */
     $newUserWrapper->setIp($socketRequest->getHeader('X-Real-IP'))->setLastMsgId((int) $socketRequest->getCookie('lastMsgId'))->setLanguage($lang);
     $imprint = $socketRequest->getCookie('token2');
     $sessionHandler = DI::get()->getSession();
     $logger->info("New connection:\n            IP = {$newUserWrapper->getIp()},\n            token = {$socketRequest->getCookie('token')},\n            token2 = {$imprint},\n            lastMsgId = {$newUserWrapper->getLastMsgId()}", [__CLASS__]);
     try {
         if (!($token = $socketRequest->getCookie('token'))) {
             throw new InvalidSessionException('No token');
         }
         /** @var SessionDAO $session */
         $session = $sessionHandler->read($token);
         if (!$session) {
             $tmpSession = TmpSessionDAO::create()->getBySessionId($token);
             if (!$tmpSession->getId()) {
                 throw new InvalidSessionException('Wrong token ' . $token);
             }
             $tmpSession->dropById($tmpSession->getId());
             $session = SessionDAO::create()->setSessionId($token);
         }
     } catch (InvalidSessionException $e) {
         $logger->error("Unauthorized session {$newUserWrapper->getIp()}; " . $e->getMessage(), [__CLASS__]);
         $newUserWrapper->send(['msg' => $lang->getPhrase('UnAuthSession'), 'refreshToken' => 1]);
         $newUserWrapper->close();
         return false;
     }
     if ($session->getUserId() != 0) {
         $user = $this->handleKnownUser($session, $clients, $logger, $newUserWrapper);
         $logger->info('Handled known user_id = ' . $user->getId());
     } else {
         $user = $this->createNewUser($lang, $logger, $newUserWrapper, $socketRequest);
     }
     //update access time
     $sessionHandler->store($token, $user->getId());
     if ($imprint) {
         $logger->info('Searching similar imprint ' . $imprint . ' for user ' . $user->getId());
         $user->setImprint($imprint);
         $similarUser = UserDAO::create()->getByImprint($imprint);
         if (count($similarUser)) {
             /** @var UserDAO $similarUser */
             $similarUser = $similarUser[0];
             if ($similarUser->getId() && $similarUser->getId() != $user->getId()) {
                 $logger->info('Found banned user ' . $similarUser->getId() . ', banning also ' . $user->getId());
                 $user->setBanned(true);
             }
         }
         $user->save(false);
     }
     if ($user->isBanned()) {
         $logger->info('Dropping banned user ' . $user->getId());
         $newUserWrapper->send(['msg' => 'Banned!', 'disconnect' => 1]);
         return false;
     }
     $newUserWrapper->setUserDAO($user)->setToken($token)->setLoginTime(time());
     $clients->attach($newUserWrapper);
 }