/** * Check if session is valid and is not expired. If no valid session, check cookie keepSession. * * @param bool $checkKeepSessionCookie If true check cookie keepSession * @param bool $isAutomaticRequest If true don't update sessionLastTime */ protected static function restore($checkKeepSessionCookie = true, $isAutomaticRequest = false) { $session = self::getInstance(); if (session_status() != PHP_SESSION_ACTIVE) { static::startSession(); self::sessionLog("session_start():" . __LINE__); } $refClass = self::getReflectionClass(); foreach ($refClass->getConstants() as $constname => $constvalue) { if (substr($constname, 0, 8) !== 'SESSION_') { continue; } $session->{$constvalue} = isset($_SESSION[__CLASS__][$constvalue]) ? $_SESSION[__CLASS__][$constvalue] : null; } $newhash = self::createHash($session->userId, $session->sault); if (!($newhash == $session->hash && !empty($session->hash))) { // reset session (invalid) self::sessionLog("invalid hash:" . __LINE__); $session->userId = 0; $session->hash = ''; if ($checkKeepSessionCookie && self::isCookieKeepSession()) { self::restore(false, $isAutomaticRequest); if ($session->userId) { // we've recovered session, update last login $u = new User(); Scalr::getDb()->Execute("UPDATE {$u->table()} SET {$u->columnLastLogin} = NOW() WHERE {$u->columnId} = ?", [$session->userId]); } } } else { if (strtotime(Scalr::config('scalr.security.user.session.timeout'), $session->lastTime) < time()) { self::sessionLog("session timeout was expired:" . __LINE__); if ($checkKeepSessionCookie) { $_SESSION[__CLASS__][self::SESSION_USER_ID] = 0; $_SESSION[__CLASS__][self::SESSION_HASH] = ''; self::restore($checkKeepSessionCookie, $isAutomaticRequest); } else { $session->userId = 0; $session->hash = ''; } return; } if (!$isAutomaticRequest) { $_SESSION[__CLASS__][self::SESSION_LAST_TIME] = $session->lastTime = time(); } if (strtotime(Scalr::config('scalr.security.user.session.lifetime'), $session->initTime) < time()) { self::sessionLog("session lifetime was expired:" . __LINE__); if ($checkKeepSessionCookie) { $_SESSION[__CLASS__][self::SESSION_USER_ID] = 0; $_SESSION[__CLASS__][self::SESSION_HASH] = ''; self::restore($checkKeepSessionCookie, $isAutomaticRequest); } else { $session->userId = 0; $session->hash = ''; } return; } } session_write_close(); self::sessionLog("session_write_close():" . __LINE__); }