|
1 <?php |
|
2 /** |
|
3 * Session API: WP_User_Meta_Session_Tokens class |
|
4 * |
|
5 * @package WordPress |
|
6 * @subpackage Session |
|
7 * @since 4.7.0 |
|
8 */ |
|
9 |
|
10 /** |
|
11 * Meta-based user sessions token manager. |
|
12 * |
|
13 * @since 4.0.0 |
|
14 */ |
|
15 class WP_User_Meta_Session_Tokens extends WP_Session_Tokens { |
|
16 |
|
17 /** |
|
18 * Get all sessions of a user. |
|
19 * |
|
20 * @since 4.0.0 |
|
21 * |
|
22 * @return array Sessions of a user. |
|
23 */ |
|
24 protected function get_sessions() { |
|
25 $sessions = get_user_meta( $this->user_id, 'session_tokens', true ); |
|
26 |
|
27 if ( ! is_array( $sessions ) ) { |
|
28 return array(); |
|
29 } |
|
30 |
|
31 $sessions = array_map( array( $this, 'prepare_session' ), $sessions ); |
|
32 return array_filter( $sessions, array( $this, 'is_still_valid' ) ); |
|
33 } |
|
34 |
|
35 /** |
|
36 * Converts an expiration to an array of session information. |
|
37 * |
|
38 * @param mixed $session Session or expiration. |
|
39 * @return array Session. |
|
40 */ |
|
41 protected function prepare_session( $session ) { |
|
42 if ( is_int( $session ) ) { |
|
43 return array( 'expiration' => $session ); |
|
44 } |
|
45 |
|
46 return $session; |
|
47 } |
|
48 |
|
49 /** |
|
50 * Retrieve a session by its verifier (token hash). |
|
51 * |
|
52 * @since 4.0.0 |
|
53 * |
|
54 * @param string $verifier Verifier of the session to retrieve. |
|
55 * @return array|null The session, or null if it does not exist |
|
56 */ |
|
57 protected function get_session( $verifier ) { |
|
58 $sessions = $this->get_sessions(); |
|
59 |
|
60 if ( isset( $sessions[ $verifier ] ) ) { |
|
61 return $sessions[ $verifier ]; |
|
62 } |
|
63 |
|
64 return null; |
|
65 } |
|
66 |
|
67 /** |
|
68 * Update a session by its verifier. |
|
69 * |
|
70 * @since 4.0.0 |
|
71 * |
|
72 * @param string $verifier Verifier of the session to update. |
|
73 * @param array $session Optional. Session. Omitting this argument destroys the session. |
|
74 */ |
|
75 protected function update_session( $verifier, $session = null ) { |
|
76 $sessions = $this->get_sessions(); |
|
77 |
|
78 if ( $session ) { |
|
79 $sessions[ $verifier ] = $session; |
|
80 } else { |
|
81 unset( $sessions[ $verifier ] ); |
|
82 } |
|
83 |
|
84 $this->update_sessions( $sessions ); |
|
85 } |
|
86 |
|
87 /** |
|
88 * Update a user's sessions in the usermeta table. |
|
89 * |
|
90 * @since 4.0.0 |
|
91 * |
|
92 * @param array $sessions Sessions. |
|
93 */ |
|
94 protected function update_sessions( $sessions ) { |
|
95 if ( $sessions ) { |
|
96 update_user_meta( $this->user_id, 'session_tokens', $sessions ); |
|
97 } else { |
|
98 delete_user_meta( $this->user_id, 'session_tokens' ); |
|
99 } |
|
100 } |
|
101 |
|
102 /** |
|
103 * Destroy all session tokens for a user, except a single session passed. |
|
104 * |
|
105 * @since 4.0.0 |
|
106 * |
|
107 * @param string $verifier Verifier of the session to keep. |
|
108 */ |
|
109 protected function destroy_other_sessions( $verifier ) { |
|
110 $session = $this->get_session( $verifier ); |
|
111 $this->update_sessions( array( $verifier => $session ) ); |
|
112 } |
|
113 |
|
114 /** |
|
115 * Destroy all session tokens for a user. |
|
116 * |
|
117 * @since 4.0.0 |
|
118 */ |
|
119 protected function destroy_all_sessions() { |
|
120 $this->update_sessions( array() ); |
|
121 } |
|
122 |
|
123 /** |
|
124 * Destroy all session tokens for all users. |
|
125 * |
|
126 * @since 4.0.0 |
|
127 * @static |
|
128 */ |
|
129 public static function drop_sessions() { |
|
130 delete_metadata( 'user', 0, 'session_tokens', false, true ); |
|
131 } |
|
132 } |