Make WordPress Core


Ignore:
Timestamp:
08/25/2016 05:43:41 PM (8 years ago)
Author:
wonderboymusic
Message:

Session: move WP_Session_Tokens and WP_User_Meta_Session_Tokens into their own files via svn cp. If we move forard with autoloading, session.php is useless. We could even remove it now, and just load these new files in wp-settings.php. That can be decided post-mortem.

See #37827.

File:
1 copied

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-session-tokens.php

    r38350 r38353  
    11<?php
     2/**
     3 * Session API: WP_Session_Tokens class
     4 *
     5 * @package WordPress
     6 * @subpackage Session
     7 * @since 4.7.0
     8 */
     9
    210/**
    311 * Abstract class for managing user session tokens.
     
    308316    public static function drop_sessions() {}
    309317}
    310 
    311 /**
    312  * Meta-based user sessions token manager.
    313  *
    314  * @since 4.0.0
    315  */
    316 class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
    317 
    318     /**
    319      * Get all sessions of a user.
    320      *
    321      * @since 4.0.0
    322      * @access protected
    323      *
    324      * @return array Sessions of a user.
    325      */
    326     protected function get_sessions() {
    327         $sessions = get_user_meta( $this->user_id, 'session_tokens', true );
    328 
    329         if ( ! is_array( $sessions ) ) {
    330             return array();
    331         }
    332 
    333         $sessions = array_map( array( $this, 'prepare_session' ), $sessions );
    334         return array_filter( $sessions, array( $this, 'is_still_valid' ) );
    335     }
    336 
    337     /**
    338      * Converts an expiration to an array of session information.
    339      *
    340      * @param mixed $session Session or expiration.
    341      * @return array Session.
    342      */
    343     protected function prepare_session( $session ) {
    344         if ( is_int( $session ) ) {
    345             return array( 'expiration' => $session );
    346         }
    347 
    348         return $session;
    349     }
    350 
    351     /**
    352      * Retrieve a session by its verifier (token hash).
    353      *
    354      * @since 4.0.0
    355      * @access protected
    356      *
    357      * @param string $verifier Verifier of the session to retrieve.
    358      * @return array|null The session, or null if it does not exist
    359      */
    360     protected function get_session( $verifier ) {
    361         $sessions = $this->get_sessions();
    362 
    363         if ( isset( $sessions[ $verifier ] ) ) {
    364             return $sessions[ $verifier ];
    365         }
    366 
    367         return null;
    368     }
    369 
    370     /**
    371      * Update a session by its verifier.
    372      *
    373      * @since 4.0.0
    374      * @access protected
    375      *
    376      * @param string $verifier Verifier of the session to update.
    377      * @param array  $session  Optional. Session. Omitting this argument destroys the session.
    378      */
    379     protected function update_session( $verifier, $session = null ) {
    380         $sessions = $this->get_sessions();
    381 
    382         if ( $session ) {
    383             $sessions[ $verifier ] = $session;
    384         } else {
    385             unset( $sessions[ $verifier ] );
    386         }
    387 
    388         $this->update_sessions( $sessions );
    389     }
    390 
    391     /**
    392      * Update a user's sessions in the usermeta table.
    393      *
    394      * @since 4.0.0
    395      * @access protected
    396      *
    397      * @param array $sessions Sessions.
    398      */
    399     protected function update_sessions( $sessions ) {
    400         if ( $sessions ) {
    401             update_user_meta( $this->user_id, 'session_tokens', $sessions );
    402         } else {
    403             delete_user_meta( $this->user_id, 'session_tokens' );
    404         }
    405     }
    406 
    407     /**
    408      * Destroy all session tokens for a user, except a single session passed.
    409      *
    410      * @since 4.0.0
    411      * @access protected
    412      *
    413      * @param string $verifier Verifier of the session to keep.
    414      */
    415     protected function destroy_other_sessions( $verifier ) {
    416         $session = $this->get_session( $verifier );
    417         $this->update_sessions( array( $verifier => $session ) );
    418     }
    419 
    420     /**
    421      * Destroy all session tokens for a user.
    422      *
    423      * @since 4.0.0
    424      * @access protected
    425      */
    426     protected function destroy_all_sessions() {
    427         $this->update_sessions( array() );
    428     }
    429 
    430     /**
    431      * Destroy all session tokens for all users.
    432      *
    433      * @since 4.0.0
    434      * @access public
    435      * @static
    436      */
    437     public static function drop_sessions() {
    438         delete_metadata( 'user', 0, 'session_tokens', false, true );
    439     }
    440 }
Note: See TracChangeset for help on using the changeset viewer.