mirror of
https://github.com/WordPress/WordPress.git
synced 2024-11-15 15:16:29 +01:00
0860bb2771
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs. See #41452. Built from https://develop.svn.wordpress.org/trunk@41162 git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
133 lines
2.8 KiB
PHP
133 lines
2.8 KiB
PHP
<?php
|
|
/**
|
|
* Session API: WP_User_Meta_Session_Tokens class
|
|
*
|
|
* @package WordPress
|
|
* @subpackage Session
|
|
* @since 4.7.0
|
|
*/
|
|
|
|
/**
|
|
* Meta-based user sessions token manager.
|
|
*
|
|
* @since 4.0.0
|
|
*/
|
|
class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
|
|
|
|
/**
|
|
* Get all sessions of a user.
|
|
*
|
|
* @since 4.0.0
|
|
*
|
|
* @return array Sessions of a user.
|
|
*/
|
|
protected function get_sessions() {
|
|
$sessions = get_user_meta( $this->user_id, 'session_tokens', true );
|
|
|
|
if ( ! is_array( $sessions ) ) {
|
|
return array();
|
|
}
|
|
|
|
$sessions = array_map( array( $this, 'prepare_session' ), $sessions );
|
|
return array_filter( $sessions, array( $this, 'is_still_valid' ) );
|
|
}
|
|
|
|
/**
|
|
* Converts an expiration to an array of session information.
|
|
*
|
|
* @param mixed $session Session or expiration.
|
|
* @return array Session.
|
|
*/
|
|
protected function prepare_session( $session ) {
|
|
if ( is_int( $session ) ) {
|
|
return array( 'expiration' => $session );
|
|
}
|
|
|
|
return $session;
|
|
}
|
|
|
|
/**
|
|
* Retrieve a session by its verifier (token hash).
|
|
*
|
|
* @since 4.0.0
|
|
*
|
|
* @param string $verifier Verifier of the session to retrieve.
|
|
* @return array|null The session, or null if it does not exist
|
|
*/
|
|
protected function get_session( $verifier ) {
|
|
$sessions = $this->get_sessions();
|
|
|
|
if ( isset( $sessions[ $verifier ] ) ) {
|
|
return $sessions[ $verifier ];
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* Update a session by its verifier.
|
|
*
|
|
* @since 4.0.0
|
|
*
|
|
* @param string $verifier Verifier of the session to update.
|
|
* @param array $session Optional. Session. Omitting this argument destroys the session.
|
|
*/
|
|
protected function update_session( $verifier, $session = null ) {
|
|
$sessions = $this->get_sessions();
|
|
|
|
if ( $session ) {
|
|
$sessions[ $verifier ] = $session;
|
|
} else {
|
|
unset( $sessions[ $verifier ] );
|
|
}
|
|
|
|
$this->update_sessions( $sessions );
|
|
}
|
|
|
|
/**
|
|
* Update a user's sessions in the usermeta table.
|
|
*
|
|
* @since 4.0.0
|
|
*
|
|
* @param array $sessions Sessions.
|
|
*/
|
|
protected function update_sessions( $sessions ) {
|
|
if ( $sessions ) {
|
|
update_user_meta( $this->user_id, 'session_tokens', $sessions );
|
|
} else {
|
|
delete_user_meta( $this->user_id, 'session_tokens' );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Destroy all session tokens for a user, except a single session passed.
|
|
*
|
|
* @since 4.0.0
|
|
*
|
|
* @param string $verifier Verifier of the session to keep.
|
|
*/
|
|
protected function destroy_other_sessions( $verifier ) {
|
|
$session = $this->get_session( $verifier );
|
|
$this->update_sessions( array( $verifier => $session ) );
|
|
}
|
|
|
|
/**
|
|
* Destroy all session tokens for a user.
|
|
*
|
|
* @since 4.0.0
|
|
*/
|
|
protected function destroy_all_sessions() {
|
|
$this->update_sessions( array() );
|
|
}
|
|
|
|
/**
|
|
* Destroy all session tokens for all users.
|
|
*
|
|
* @since 4.0.0
|
|
* @static
|
|
*/
|
|
public static function drop_sessions() {
|
|
delete_metadata( 'user', 0, 'session_tokens', false, true );
|
|
}
|
|
}
|