public function run()
{
$sessionHandler = new DBSessionHandler();
$config = DI::get()->getConfig();
$sessionHandler->clean($config->session->lifetime);
TmpSessionDAO::create()->dropAll();
}
<?php
// This script generates session id that will be verified in daemon
use SocioChat\DAO\TmpSessionDAO;
use SocioChat\DI;
use SocioChat\DIBuilder;
if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
die('only internal requests allowed');
}
require_once '../config.php';
$container = DI::get()->container();
DIBuilder::setupNormal($container);
$config = $container->get('config');
$token = null;
if (isset($_COOKIE['token'])) {
$token = $_COOKIE['token'];
}
if (!$token || $token == 'null' || isset($_GET['regenerate'])) {
$token = bin2hex(openssl_random_pseudo_bytes(16));
}
$sessionHandler = DI::get()->getSession();
if (!$sessionHandler->read($token)) {
$tmpSession = TmpSessionDAO::create();
if (!$tmpSession->getBySessionId($token)->getId()) {
$tmpSession->setSessionId($token)->save();
}
}
http_response_code(200);
echo json_encode(['token' => $token, 'ttl' => time() + $config->session->lifetime, 'isSecure' => $config->domain->protocol == 'https://']);
public function handleRequest(ChainContainer $chain)
{
$newUserWrapper = $chain->getFrom();
$container = DI::get()->container();
$logger = $container->get('logger');
/* @var $logger Logger */
$clients = DI::get()->getUsers();
$socketRequest = $newUserWrapper->getWSRequest();
/* @var $socketRequest Request */
$langCode = $socketRequest->getCookie('lang') ?: 'ru';
$lang = $container->get('lang')->setLangByCode($langCode);
/* @var $lang Lang */
$newUserWrapper->setIp($socketRequest->getHeader('X-Real-IP'))->setLastMsgId((int) $socketRequest->getCookie('lastMsgId'))->setLanguage($lang);
$imprint = $socketRequest->getCookie('token2');
$sessionHandler = DI::get()->getSession();
$logger->info("New connection:\n IP = {$newUserWrapper->getIp()},\n token = {$socketRequest->getCookie('token')},\n token2 = {$imprint},\n lastMsgId = {$newUserWrapper->getLastMsgId()}", [__CLASS__]);
try {
if (!($token = $socketRequest->getCookie('token'))) {
throw new InvalidSessionException('No token');
}
/** @var SessionDAO $session */
$session = $sessionHandler->read($token);
if (!$session) {
$tmpSession = TmpSessionDAO::create()->getBySessionId($token);
if (!$tmpSession->getId()) {
throw new InvalidSessionException('Wrong token ' . $token);
}
$tmpSession->dropById($tmpSession->getId());
$session = SessionDAO::create()->setSessionId($token);
}
} catch (InvalidSessionException $e) {
$logger->error("Unauthorized session {$newUserWrapper->getIp()}; " . $e->getMessage(), [__CLASS__]);
$newUserWrapper->send(['msg' => $lang->getPhrase('UnAuthSession'), 'refreshToken' => 1]);
$newUserWrapper->close();
return false;
}
if ($session->getUserId() != 0) {
$user = $this->handleKnownUser($session, $clients, $logger, $newUserWrapper);
$logger->info('Handled known user_id = ' . $user->getId());
} else {
$user = $this->createNewUser($lang, $logger, $newUserWrapper, $socketRequest);
}
//update access time
$sessionHandler->store($token, $user->getId());
if ($imprint) {
$logger->info('Searching similar imprint ' . $imprint . ' for user ' . $user->getId());
$user->setImprint($imprint);
$similarUser = UserDAO::create()->getByImprint($imprint);
if (count($similarUser)) {
/** @var UserDAO $similarUser */
$similarUser = $similarUser[0];
if ($similarUser->getId() && $similarUser->getId() != $user->getId()) {
$logger->info('Found banned user ' . $similarUser->getId() . ', banning also ' . $user->getId());
$user->setBanned(true);
}
}
$user->save(false);
}
if ($user->isBanned()) {
$logger->info('Dropping banned user ' . $user->getId());
$newUserWrapper->send(['msg' => 'Banned!', 'disconnect' => 1]);
return false;
}
$newUserWrapper->setUserDAO($user)->setToken($token)->setLoginTime(time());
$clients->attach($newUserWrapper);
}
