first commit

lib/pkp/classes/session/SessionDAO.php

@@ -0,0 +1,215 @@
+<?php
+
+/**
+ * @file classes/session/SessionDAO.php
+ *
+ * Copyright (c) 2014-2021 Simon Fraser University
+ * Copyright (c) 2000-2021 John Willinsky
+ * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
+ *
+ * @class SessionDAO
+ *
+ * @ingroup session
+ *
+ * @see Session
+ *
+ * @brief Operations for retrieving and modifying Session objects.
+ */
+
+namespace PKP\session;
+
+use Illuminate\Support\Facades\DB;
+use PKP\db\DAO;
+
+class SessionDAO extends DAO
+{
+    /**
+     * Instantiate and return a new data object.
+     */
+    public function newDataObject()
+    {
+        return new Session();
+    }
+
+    /**
+     * Retrieve a session by ID.
+     *
+     * @param string $sessionId
+     *
+     * @return Session
+     */
+    public function getSession($sessionId)
+    {
+        $result = $this->retrieve('SELECT * FROM sessions WHERE session_id = ?', [$sessionId]);
+
+        if ($row = (array) $result->current()) {
+            $session = $this->newDataObject();
+            $session->setId($row['session_id']);
+            $session->setUserId($row['user_id']);
+            $session->setIpAddress($row['ip_address']);
+            $session->setUserAgent($row['user_agent']);
+            $session->setSecondsCreated($row['created']);
+            $session->setSecondsLastUsed($row['last_used']);
+            $session->setRemember($row['remember']);
+            $session->setSessionData($row['data']);
+            $session->setDomain($row['domain']);
+            return $session;
+        }
+
+        return null;
+    }
+
+    /**
+     * Insert a new session.
+     *
+     * @param Session $session
+     */
+    public function insertObject($session)
+    {
+        $this->update(
+            'INSERT INTO sessions
+				(session_id, ip_address, user_agent, created, last_used, remember, data, domain)
+				VALUES
+				(?, ?, ?, ?, ?, ?, ?, ?)',
+            [
+                $session->getId(),
+                $session->getIpAddress(),
+                substr($session->getUserAgent(), 0, 255),
+                (int) $session->getSecondsCreated(),
+                (int) $session->getSecondsLastUsed(),
+                $session->getRemember() ? 1 : 0,
+                $session->getSessionData(),
+                $session->getDomain()
+            ]
+        );
+    }
+
+    /**
+     * Update an existing session.
+     *
+     * @param Session $session
+     *
+     * @return int Number of affected rows
+     */
+    public function updateObject($session)
+    {
+        return $this->update(
+            'UPDATE sessions
+				SET
+					user_id = ?,
+					ip_address = ?,
+					user_agent = ?,
+					created = ?,
+					last_used = ?,
+					remember = ?,
+					data = ?,
+					domain = ?
+				WHERE session_id = ?',
+            [
+                $session->getUserId() == '' ? null : (int) $session->getUserId(),
+                $session->getIpAddress(),
+                substr($session->getUserAgent(), 0, 255),
+                (int) $session->getSecondsCreated(),
+                (int) $session->getSecondsLastUsed(),
+                $session->getRemember() ? 1 : 0,
+                $session->getSessionData(),
+                $session->getDomain(),
+                $session->getId()
+            ]
+        );
+    }
+
+    /**
+     * Delete a session.
+     *
+     * @param Session $session
+     */
+    public function deleteObject($session)
+    {
+        $this->deleteById($session->getId());
+    }
+
+    /**
+     * Delete a session by ID.
+     *
+     * @param string $sessionId
+     */
+    public function deleteById($sessionId)
+    {
+        $this->update('DELETE FROM sessions WHERE session_id = ?', [$sessionId]);
+    }
+
+    /**
+     * Delete sessions by user ID.
+     *
+     * @param string $userId
+     */
+    public function deleteByUserId($userId)
+    {
+        $this->update(
+            'DELETE FROM sessions WHERE user_id = ?',
+            [(int) $userId]
+        );
+    }
+
+    /**
+     * Delete all sessions older than the specified time.
+     *
+     * @param int $lastUsed cut-off time in seconds for not-remembered sessions
+     * @param int $lastUsedRemember optional, cut-off time in seconds for remembered sessions
+     */
+    public function deleteByLastUsed($lastUsed, $lastUsedRemember = 0)
+    {
+        if ($lastUsedRemember == 0) {
+            $this->update(
+                'DELETE FROM sessions WHERE (last_used < ? AND remember = 0)',
+                [(int) $lastUsed]
+            );
+        } else {
+            $this->update(
+                'DELETE FROM sessions WHERE (last_used < ? AND remember = 0) OR (last_used < ? AND remember = 1)',
+                [(int) $lastUsed, (int) $lastUsedRemember]
+            );
+        }
+    }
+
+    /**
+     * Delete all sessions.
+     */
+    public function deleteAllSessions()
+    {
+        $this->update('DELETE FROM sessions');
+    }
+
+    /**
+     * Check if a session exists with the specified ID.
+     *
+     * @param string $sessionId
+     *
+     * @return bool
+     */
+    public function sessionExistsById($sessionId)
+    {
+        $result = $this->retrieve('SELECT COUNT(*) AS row_count FROM sessions WHERE session_id = ?', [$sessionId]);
+        $row = $result->current();
+        return $row ? (bool) $row->row_count : false;
+    }
+
+    /**
+     * Delete given user's all sessions or except for the given session id
+     *
+     * @param int                   $userId     The target user id for whom to invalidate sessions
+     *
+     */
+    public function deleteUserSessions(int $userId, string $excludableSessionId = null)
+    {
+        DB::table('sessions')
+            ->where('user_id', $userId)
+            ->when($excludableSessionId, fn ($query) => $query->where('session_id', '<>', $excludableSessionId))
+            ->delete();
+    }
+}
+
+if (!PKP_STRICT_MODE) {
+    class_alias('\PKP\session\SessionDAO', '\SessionDAO');
+}