PHP Class Elgg\PersistentLoginService

If a user selects a persistent login, a long, random token is generated and stored in the cookie called "elggperm", and a hash of the token is stored in the DB. If the user's PHP session expires, the session boot sequence will try to log the user in via the token in the cookie. Before Elgg 1.9, the token hashes were stored as "code" in the users_entity table. In Elgg 1.9, the token hashes are stored as "code" in the users_remember_me_cookies table, allowing multiple browsers to maintain persistent logins.

Afficher le fichier Open project: elgg/elgg Class Usage Examples

Méthodes publiques

Свойство	Type	Description
$_callable_elgg_set_cookie		DO NOT USE. For unit test mocking
$_callable_get_user		DO NOT USE. For unit test mocking
$_callable_sleep		DO NOT USE. For unit test mocking

Protected Properties

Свойство	Type	Description
$cookie_config	array
$cookie_token	string
$crypto	ElggCrypto
$db	Database
$session	ElggSession
$table	string
$time	integer

Méthodes publiques

Méthode	Description
__construct ( Database $db, ElggSession $session, ElggCrypto $crypto, array $cookie_config, string $cookie_token, integer $time = null )	Constructor
bootSession ( ) : ElggUser \| null	Boot the persistent login session, possibly returning the user who should be silently logged in.
getUserFromHash ( string $hash ) : ElggUser \| null	Find a user with the given hash
handlePasswordChange ( ElggUser $subject, ElggUser $modifier = null ) : void	Handle a password change
makeLoginPersistent ( ElggUser $user ) : void	Make the user's login persistent
removePersistentLogin ( ) : void	Remove the persisted login token from client and server
replaceLegacyToken ( ElggUser $logged_in_user ) : void	Replace the user's token if it's a legacy hexadecimal token

Méthodes protégées

Méthode	Description
generateToken ( ) : string	Generate a random token (base 64 URL)
handleDbException ( DatabaseException $exception, string $default = null ) : mixed	Swallow a schema not upgraded exception, otherwise rethrow it
hashToken ( string $token ) : string	Create a hash from the token
isLegacyToken ( string $token ) : boolean	Is the given token a legacy MD5 hash?
removeAllHashes ( ElggUser $user ) : void	Remove all the hashes associated with a user
removeHash ( string $hash ) : void	Remove a hash from the DB
setCookie ( string $token ) : void	Store the token in the client cookie (or remove the cookie)
setSession ( string $token ) : void	Store the token in the session (or remove it from the session)
storeHash ( ElggUser $user, string $hash ) : void	Store a hash in the DB

Method Details

__construct() public méthode

Constructor

public __construct ( Database $db, ElggSession $session, ElggCrypto $crypto, array $cookie_config, string $cookie_token, integer $time = null )
$db	Database	The DB service
$session	ElggSession	The Elgg session
$crypto	ElggCrypto	The cryptography service
$cookie_config	array	The persistent login cookie settings
$cookie_token	string	The token from the request cookie
$time	integer	The current time

bootSession() public méthode

Boot the persistent login session, possibly returning the user who should be silently logged in.

public bootSession ( ) : ElggUser \| null
Résultat	ElggUser \| null

generateToken() protected méthode

The first char is always "z" to indicate the value has more entropy than the previously generated ones.

protected generateToken ( ) : string
Résultat	string

getUserFromHash() public méthode

Find a user with the given hash

public getUserFromHash ( string $hash ) : ElggUser \| null
$hash	string	The hashed token
Résultat	ElggUser \| null

handleDbException() protected méthode

Swallow a schema not upgraded exception, otherwise rethrow it

protected handleDbException ( DatabaseException $exception, string $default = null ) : mixed
$exception	DatabaseException	The exception to handle
$default	string	The value to return if the table doesn't exist yet
Résultat	mixed

handlePasswordChange() public méthode

Handle a password change

public handlePasswordChange ( ElggUser $subject, ElggUser $modifier = null ) : void
$subject	ElggUser	The user whose password changed
$modifier	ElggUser	The user who changed the password
Résultat	void

hashToken() protected méthode

Create a hash from the token

protected hashToken ( string $token ) : string
$token	string	The token to hash
Résultat	string

isLegacyToken() protected méthode

Is the given token a legacy MD5 hash?

protected isLegacyToken ( string $token ) : boolean
$token	string	The token to analyze
Résultat	boolean

makeLoginPersistent() public méthode

Make the user's login persistent

public makeLoginPersistent ( ElggUser $user ) : void
$user	ElggUser	The user who logged in
Résultat	void

removeAllHashes() protected méthode

Remove all the hashes associated with a user

protected removeAllHashes ( ElggUser $user ) : void
$user	ElggUser	The user for whom we're removing hashes
Résultat	void

removeHash() protected méthode

Remove a hash from the DB

protected removeHash ( string $hash ) : void
$hash	string	The hashed token to remove (unused before 1.9)
Résultat	void

removePersistentLogin() public méthode

Remove the persisted login token from client and server

public removePersistentLogin ( ) : void
Résultat	void

replaceLegacyToken() public méthode

Replace the user's token if it's a legacy hexadecimal token

public replaceLegacyToken ( ElggUser $logged_in_user ) : void
$logged_in_user	ElggUser	The logged in user
Résultat	void

setCookie() protected méthode

Store the token in the client cookie (or remove the cookie)

protected setCookie ( string $token ) : void
$token	string	Empty string to remove cookie
Résultat	void

setSession() protected méthode

Store the token in the session (or remove it from the session)

protected setSession ( string $token ) : void
$token	string	The token to store in session. Empty string to remove.
Résultat	void

storeHash() protected méthode

Store a hash in the DB

protected storeHash ( ElggUser $user, string $hash ) : void
$user	ElggUser	The user for whom we're storing the hash
$hash	string	The hashed token
Résultat	void

Property Details

$_callable_elgg_set_cookie public_oe property

DO NOT USE. For unit test mocking

public $_callable_elgg_set_cookie

$_callable_get_user public_oe property

DO NOT USE. For unit test mocking

public $_callable_get_user

$_callable_sleep public_oe property

DO NOT USE. For unit test mocking

public $_callable_sleep

$cookie_config protected_oe property

protected array $cookie_config
Résultat	array

$cookie_token protected_oe property

protected string $cookie_token
Résultat	string

$crypto protected_oe property

protected ElggCrypto $crypto
Résultat	ElggCrypto

$db protected_oe property

protected Database,elgg $db
Résultat	Database

$session protected_oe property

protected ElggSession $session
Résultat	ElggSession

$table protected_oe property

protected string $table
Résultat	string

$time protected_oe property

protected int $time
Résultat	integer