PHP Class Elgg\PersistentLoginService

If a user selects a persistent login, a long, random token is generated and stored in the cookie called "elggperm", and a hash of the token is stored in the DB. If the user's PHP session expires, the session boot sequence will try to log the user in via the token in the cookie. Before Elgg 1.9, the token hashes were stored as "code" in the users_entity table. In Elgg 1.9, the token hashes are stored as "code" in the users_remember_me_cookies table, allowing multiple browsers to maintain persistent logins.

Show file Open project: elgg/elgg Class Usage Examples

Public Properties

Property	Type	Description
$_callable_elgg_set_cookie		DO NOT USE. For unit test mocking
$_callable_get_user		DO NOT USE. For unit test mocking
$_callable_sleep		DO NOT USE. For unit test mocking

Protected Properties

Property	Type	Description
$cookie_config	array
$cookie_token	string
$crypto	ElggCrypto
$db	Database
$session	ElggSession
$table	string
$time	integer

Public Methods

Method	Description
__construct ( Database $db, ElggSession $session, ElggCrypto $crypto, array $cookie_config, string $cookie_token, integer $time = null )	Constructor
bootSession ( ) : ElggUser \| null	Boot the persistent login session, possibly returning the user who should be silently logged in.
getUserFromHash ( string $hash ) : ElggUser \| null	Find a user with the given hash
handlePasswordChange ( ElggUser $subject, ElggUser $modifier = null ) : void	Handle a password change
makeLoginPersistent ( ElggUser $user ) : void	Make the user's login persistent
removePersistentLogin ( ) : void	Remove the persisted login token from client and server
replaceLegacyToken ( ElggUser $logged_in_user ) : void	Replace the user's token if it's a legacy hexadecimal token

Protected Methods

Method	Description
generateToken ( ) : string	Generate a random token (base 64 URL)
handleDbException ( DatabaseException $exception, string $default = null ) : mixed	Swallow a schema not upgraded exception, otherwise rethrow it
hashToken ( string $token ) : string	Create a hash from the token
isLegacyToken ( string $token ) : boolean	Is the given token a legacy MD5 hash?
removeAllHashes ( ElggUser $user ) : void	Remove all the hashes associated with a user
removeHash ( string $hash ) : void	Remove a hash from the DB
setCookie ( string $token ) : void	Store the token in the client cookie (or remove the cookie)
setSession ( string $token ) : void	Store the token in the session (or remove it from the session)
storeHash ( ElggUser $user, string $hash ) : void	Store a hash in the DB

Method Details

__construct() public method

Constructor

public __construct ( Database $db, ElggSession $session, ElggCrypto $crypto, array $cookie_config, string $cookie_token, integer $time = null )
$db	Database	The DB service
$session	ElggSession	The Elgg session
$crypto	ElggCrypto	The cryptography service
$cookie_config	array	The persistent login cookie settings
$cookie_token	string	The token from the request cookie
$time	integer	The current time

bootSession() public method

Boot the persistent login session, possibly returning the user who should be silently logged in.

public bootSession ( ) : ElggUser \| null
return	ElggUser \| null

generateToken() protected method

The first char is always "z" to indicate the value has more entropy than the previously generated ones.

protected generateToken ( ) : string
return	string

getUserFromHash() public method

Find a user with the given hash

public getUserFromHash ( string $hash ) : ElggUser \| null
$hash	string	The hashed token
return	ElggUser \| null

handleDbException() protected method

Swallow a schema not upgraded exception, otherwise rethrow it

protected handleDbException ( DatabaseException $exception, string $default = null ) : mixed
$exception	DatabaseException	The exception to handle
$default	string	The value to return if the table doesn't exist yet
return	mixed

handlePasswordChange() public method

Handle a password change

public handlePasswordChange ( ElggUser $subject, ElggUser $modifier = null ) : void
$subject	ElggUser	The user whose password changed
$modifier	ElggUser	The user who changed the password
return	void

hashToken() protected method

Create a hash from the token

protected hashToken ( string $token ) : string
$token	string	The token to hash
return	string

isLegacyToken() protected method

Is the given token a legacy MD5 hash?

protected isLegacyToken ( string $token ) : boolean
$token	string	The token to analyze
return	boolean

makeLoginPersistent() public method

Make the user's login persistent

public makeLoginPersistent ( ElggUser $user ) : void
$user	ElggUser	The user who logged in
return	void

removeAllHashes() protected method

Remove all the hashes associated with a user

protected removeAllHashes ( ElggUser $user ) : void
$user	ElggUser	The user for whom we're removing hashes
return	void

removeHash() protected method

Remove a hash from the DB

protected removeHash ( string $hash ) : void
$hash	string	The hashed token to remove (unused before 1.9)
return	void

removePersistentLogin() public method

Remove the persisted login token from client and server

public removePersistentLogin ( ) : void
return	void

replaceLegacyToken() public method

Replace the user's token if it's a legacy hexadecimal token

public replaceLegacyToken ( ElggUser $logged_in_user ) : void
$logged_in_user	ElggUser	The logged in user
return	void

setCookie() protected method

Store the token in the client cookie (or remove the cookie)

protected setCookie ( string $token ) : void
$token	string	Empty string to remove cookie
return	void

setSession() protected method

Store the token in the session (or remove it from the session)

protected setSession ( string $token ) : void
$token	string	The token to store in session. Empty string to remove.
return	void

storeHash() protected method

Store a hash in the DB

protected storeHash ( ElggUser $user, string $hash ) : void
$user	ElggUser	The user for whom we're storing the hash
$hash	string	The hashed token
return	void

Property Details

$_callable_elgg_set_cookie public property

DO NOT USE. For unit test mocking

public $_callable_elgg_set_cookie

$_callable_get_user public property

DO NOT USE. For unit test mocking

public $_callable_get_user

$_callable_sleep public property

DO NOT USE. For unit test mocking

public $_callable_sleep

$cookie_config protected property

protected array $cookie_config
return	array

$cookie_token protected property

protected string $cookie_token
return	string

$crypto protected property

protected ElggCrypto $crypto
return	ElggCrypto

$db protected property

protected Database,elgg $db
return	Database

$session protected property

protected ElggSession $session
return	ElggSession

$table protected property

protected string $table
return	string

$time protected property

protected int $time
return	integer