<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[38353] trunk/src/wp-includes: Session: move `WP_Session_Tokens` and `WP_User_Meta_Session_Tokens` into their own files via `svn cp`.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/38353">38353</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/38353","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>wonderboymusic</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2016-08-25 17:43:41 +0000 (Thu, 25 Aug 2016)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Session: move `WP_Session_Tokens` and `WP_User_Meta_Session_Tokens` into their own files via `svn cp`. If we move forard with autoloading, `session.php` is useless. We could even remove it now, and just load these new files in `wp-settings.php`. That can be decided post-mortem.
See <a href="https://core.trac.wordpress.org/ticket/37827">#37827</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpincludessessionphp">trunk/src/wp-includes/session.php</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunksrcwpincludesclasswpsessiontokensphp">trunk/src/wp-includes/class-wp-session-tokens.php</a></li>
<li><a href="#trunksrcwpincludesclasswpusermetasessiontokensphp">trunk/src/wp-includes/class-wp-user-meta-session-tokens.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpincludesclasswpsessiontokensphpfromrev38350trunksrcwpincludessessionphp"></a>
<div class="copfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Copied: trunk/src/wp-includes/class-wp-session-tokens.php (from rev 38350, trunk/src/wp-includes/session.php)</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/class-wp-session-tokens.php (rev 0)
+++ trunk/src/wp-includes/class-wp-session-tokens.php 2016-08-25 17:43:41 UTC (rev 38353)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,317 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Session API: WP_Session_Tokens class
+ *
+ * @package WordPress
+ * @subpackage Session
+ * @since 4.7.0
+ */
+
+/**
+ * Abstract class for managing user session tokens.
+ *
+ * @since 4.0.0
+ */
+abstract class WP_Session_Tokens {
+
+ /**
+ * User ID.
+ *
+ * @since 4.0.0
+ * @access protected
+ * @var int User ID.
+ */
+ protected $user_id;
+
+ /**
+ * Protected constructor.
+ *
+ * @since 4.0.0
+ *
+ * @param int $user_id User whose session to manage.
+ */
+ protected function __construct( $user_id ) {
+ $this->user_id = $user_id;
+ }
+
+ /**
+ * Get a session token manager instance for a user.
+ *
+ * This method contains a filter that allows a plugin to swap out
+ * the session manager for a subclass of WP_Session_Tokens.
+ *
+ * @since 4.0.0
+ * @access public
+ * @static
+ *
+ * @param int $user_id User whose session to manage.
+ */
+ final public static function get_instance( $user_id ) {
+ /**
+ * Filters the session token manager used.
+ *
+ * @since 4.0.0
+ *
+ * @param string $session Name of class to use as the manager.
+ * Default 'WP_User_Meta_Session_Tokens'.
+ */
+ $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' );
+ return new $manager( $user_id );
+ }
+
+ /**
+ * Hashes a session token for storage.
+ *
+ * @since 4.0.0
+ * @access private
+ *
+ * @param string $token Session token to hash.
+ * @return string A hash of the session token (a verifier).
+ */
+ final private function hash_token( $token ) {
+ // If ext/hash is not present, use sha1() instead.
+ if ( function_exists( 'hash' ) ) {
+ return hash( 'sha256', $token );
+ } else {
+ return sha1( $token );
+ }
+ }
+
+ /**
+ * Get a user's session.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $token Session token
+ * @return array User session
+ */
+ final public function get( $token ) {
+ $verifier = $this->hash_token( $token );
+ return $this->get_session( $verifier );
+ }
+
+ /**
+ * Validate a user's session token as authentic.
+ *
+ * Checks that the given token is present and hasn't expired.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $token Token to verify.
+ * @return bool Whether the token is valid for the user.
+ */
+ final public function verify( $token ) {
+ $verifier = $this->hash_token( $token );
+ return (bool) $this->get_session( $verifier );
+ }
+
+ /**
+ * Generate a session token and attach session information to it.
+ *
+ * A session token is a long, random string. It is used in a cookie
+ * link that cookie to an expiration time and to ensure the cookie
+ * becomes invalidated upon logout.
+ *
+ * This function generates a token and stores it with the associated
+ * expiration time (and potentially other session information via the
+ * {@see 'attach_session_information'} filter).
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param int $expiration Session expiration timestamp.
+ * @return string Session token.
+ */
+ final public function create( $expiration ) {
+ /**
+ * Filters the information attached to the newly created session.
+ *
+ * Could be used in the future to attach information such as
+ * IP address or user agent to a session.
+ *
+ * @since 4.0.0
+ *
+ * @param array $session Array of extra data.
+ * @param int $user_id User ID.
+ */
+ $session = apply_filters( 'attach_session_information', array(), $this->user_id );
+ $session['expiration'] = $expiration;
+
+ // IP address.
+ if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
+ $session['ip'] = $_SERVER['REMOTE_ADDR'];
+ }
+
+ // User-agent.
+ if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
+ $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
+ }
+
+ // Timestamp
+ $session['login'] = time();
+
+ $token = wp_generate_password( 43, false, false );
+
+ $this->update( $token, $session );
+
+ return $token;
+ }
+
+ /**
+ * Update a session token.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $token Session token to update.
+ * @param array $session Session information.
+ */
+ final public function update( $token, $session ) {
+ $verifier = $this->hash_token( $token );
+ $this->update_session( $verifier, $session );
+ }
+
+ /**
+ * Destroy a session token.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $token Session token to destroy.
+ */
+ final public function destroy( $token ) {
+ $verifier = $this->hash_token( $token );
+ $this->update_session( $verifier, null );
+ }
+
+ /**
+ * Destroy all session tokens for this user,
+ * except a single token, presumably the one in use.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $token_to_keep Session token to keep.
+ */
+ final public function destroy_others( $token_to_keep ) {
+ $verifier = $this->hash_token( $token_to_keep );
+ $session = $this->get_session( $verifier );
+ if ( $session ) {
+ $this->destroy_other_sessions( $verifier );
+ } else {
+ $this->destroy_all_sessions();
+ }
+ }
+
+ /**
+ * Determine whether a session token is still valid,
+ * based on expiration.
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @param array $session Session to check.
+ * @return bool Whether session is valid.
+ */
+ final protected function is_still_valid( $session ) {
+ return $session['expiration'] >= time();
+ }
+
+ /**
+ * Destroy all session tokens for a user.
+ *
+ * @since 4.0.0
+ * @access public
+ */
+ final public function destroy_all() {
+ $this->destroy_all_sessions();
+ }
+
+ /**
+ * Destroy all session tokens for all users.
+ *
+ * @since 4.0.0
+ * @access public
+ * @static
+ */
+ final public static function destroy_all_for_all_users() {
+ $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' );
+ call_user_func( array( $manager, 'drop_sessions' ) );
+ }
+
+ /**
+ * Retrieve all sessions of a user.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @return array Sessions of a user.
+ */
+ final public function get_all() {
+ return array_values( $this->get_sessions() );
+ }
+
+ /**
+ * This method should retrieve all sessions of a user, keyed by verifier.
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @return array Sessions of a user, keyed by verifier.
+ */
+ abstract protected function get_sessions();
+
+ /**
+ * This method should look up a session by its verifier (token hash).
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @param string $verifier Verifier of the session to retrieve.
+ * @return array|null The session, or null if it does not exist.
+ */
+ abstract protected function get_session( $verifier );
+
+ /**
+ * This method should update a session by its verifier.
+ *
+ * Omitting the second argument should destroy the session.
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @param string $verifier Verifier of the session to update.
+ * @param array $session Optional. Session. Omitting this argument destroys the session.
+ */
+ abstract protected function update_session( $verifier, $session = null );
+
+ /**
+ * This method should destroy all session tokens for this user,
+ * except a single session passed.
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @param string $verifier Verifier of the session to keep.
+ */
+ abstract protected function destroy_other_sessions( $verifier );
+
+ /**
+ * This method should destroy all sessions for a user.
+ *
+ * @since 4.0.0
+ * @access protected
+ */
+ abstract protected function destroy_all_sessions();
+
+ /**
+ * This static method should destroy all session tokens for all users.
+ *
+ * @since 4.0.0
+ * @access public
+ * @static
+ */
+ public static function drop_sessions() {}
+}
</ins></span></pre></div>
<a id="trunksrcwpincludesclasswpusermetasessiontokensphpfromrev38350trunksrcwpincludessessionphp"></a>
<div class="copfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Copied: trunk/src/wp-includes/class-wp-user-meta-session-tokens.php (from rev 38350, trunk/src/wp-includes/session.php)</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/class-wp-user-meta-session-tokens.php (rev 0)
+++ trunk/src/wp-includes/class-wp-user-meta-session-tokens.php 2016-08-25 17:43:41 UTC (rev 38353)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,139 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+/**
+ * Session API: WP_User_Meta_Session_Tokens class
+ *
+ * @package WordPress
+ * @subpackage Session
+ * @since 4.7.0
+ */
+
+/**
+ * Meta-based user sessions token manager.
+ *
+ * @since 4.0.0
+ */
+class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
+
+ /**
+ * Get all sessions of a user.
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @return array Sessions of a user.
+ */
+ protected function get_sessions() {
+ $sessions = get_user_meta( $this->user_id, 'session_tokens', true );
+
+ if ( ! is_array( $sessions ) ) {
+ return array();
+ }
+
+ $sessions = array_map( array( $this, 'prepare_session' ), $sessions );
+ return array_filter( $sessions, array( $this, 'is_still_valid' ) );
+ }
+
+ /**
+ * Converts an expiration to an array of session information.
+ *
+ * @param mixed $session Session or expiration.
+ * @return array Session.
+ */
+ protected function prepare_session( $session ) {
+ if ( is_int( $session ) ) {
+ return array( 'expiration' => $session );
+ }
+
+ return $session;
+ }
+
+ /**
+ * Retrieve a session by its verifier (token hash).
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @param string $verifier Verifier of the session to retrieve.
+ * @return array|null The session, or null if it does not exist
+ */
+ protected function get_session( $verifier ) {
+ $sessions = $this->get_sessions();
+
+ if ( isset( $sessions[ $verifier ] ) ) {
+ return $sessions[ $verifier ];
+ }
+
+ return null;
+ }
+
+ /**
+ * Update a session by its verifier.
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @param string $verifier Verifier of the session to update.
+ * @param array $session Optional. Session. Omitting this argument destroys the session.
+ */
+ protected function update_session( $verifier, $session = null ) {
+ $sessions = $this->get_sessions();
+
+ if ( $session ) {
+ $sessions[ $verifier ] = $session;
+ } else {
+ unset( $sessions[ $verifier ] );
+ }
+
+ $this->update_sessions( $sessions );
+ }
+
+ /**
+ * Update a user's sessions in the usermeta table.
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @param array $sessions Sessions.
+ */
+ protected function update_sessions( $sessions ) {
+ if ( $sessions ) {
+ update_user_meta( $this->user_id, 'session_tokens', $sessions );
+ } else {
+ delete_user_meta( $this->user_id, 'session_tokens' );
+ }
+ }
+
+ /**
+ * Destroy all session tokens for a user, except a single session passed.
+ *
+ * @since 4.0.0
+ * @access protected
+ *
+ * @param string $verifier Verifier of the session to keep.
+ */
+ protected function destroy_other_sessions( $verifier ) {
+ $session = $this->get_session( $verifier );
+ $this->update_sessions( array( $verifier => $session ) );
+ }
+
+ /**
+ * Destroy all session tokens for a user.
+ *
+ * @since 4.0.0
+ * @access protected
+ */
+ protected function destroy_all_sessions() {
+ $this->update_sessions( array() );
+ }
+
+ /**
+ * Destroy all session tokens for all users.
+ *
+ * @since 4.0.0
+ * @access public
+ * @static
+ */
+ public static function drop_sessions() {
+ delete_metadata( 'user', 0, 'session_tokens', false, true );
+ }
+}
</ins></span></pre></div>
<a id="trunksrcwpincludessessionphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/session.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/session.php 2016-08-25 17:36:22 UTC (rev 38352)
+++ trunk/src/wp-includes/session.php 2016-08-25 17:43:41 UTC (rev 38353)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,440 +1,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Abstract class for managing user session tokens.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Session API
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-abstract class WP_Session_Tokens {
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /**
- * User ID.
- *
- * @since 4.0.0
- * @access protected
- * @var int User ID.
- */
- protected $user_id;
-
- /**
- * Protected constructor.
- *
- * @since 4.0.0
- *
- * @param int $user_id User whose session to manage.
- */
- protected function __construct( $user_id ) {
- $this->user_id = $user_id;
- }
-
- /**
- * Get a session token manager instance for a user.
- *
- * This method contains a filter that allows a plugin to swap out
- * the session manager for a subclass of WP_Session_Tokens.
- *
- * @since 4.0.0
- * @access public
- * @static
- *
- * @param int $user_id User whose session to manage.
- */
- final public static function get_instance( $user_id ) {
- /**
- * Filters the session token manager used.
- *
- * @since 4.0.0
- *
- * @param string $session Name of class to use as the manager.
- * Default 'WP_User_Meta_Session_Tokens'.
- */
- $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' );
- return new $manager( $user_id );
- }
-
- /**
- * Hashes a session token for storage.
- *
- * @since 4.0.0
- * @access private
- *
- * @param string $token Session token to hash.
- * @return string A hash of the session token (a verifier).
- */
- final private function hash_token( $token ) {
- // If ext/hash is not present, use sha1() instead.
- if ( function_exists( 'hash' ) ) {
- return hash( 'sha256', $token );
- } else {
- return sha1( $token );
- }
- }
-
- /**
- * Get a user's session.
- *
- * @since 4.0.0
- * @access public
- *
- * @param string $token Session token
- * @return array User session
- */
- final public function get( $token ) {
- $verifier = $this->hash_token( $token );
- return $this->get_session( $verifier );
- }
-
- /**
- * Validate a user's session token as authentic.
- *
- * Checks that the given token is present and hasn't expired.
- *
- * @since 4.0.0
- * @access public
- *
- * @param string $token Token to verify.
- * @return bool Whether the token is valid for the user.
- */
- final public function verify( $token ) {
- $verifier = $this->hash_token( $token );
- return (bool) $this->get_session( $verifier );
- }
-
- /**
- * Generate a session token and attach session information to it.
- *
- * A session token is a long, random string. It is used in a cookie
- * link that cookie to an expiration time and to ensure the cookie
- * becomes invalidated upon logout.
- *
- * This function generates a token and stores it with the associated
- * expiration time (and potentially other session information via the
- * {@see 'attach_session_information'} filter).
- *
- * @since 4.0.0
- * @access public
- *
- * @param int $expiration Session expiration timestamp.
- * @return string Session token.
- */
- final public function create( $expiration ) {
- /**
- * Filters the information attached to the newly created session.
- *
- * Could be used in the future to attach information such as
- * IP address or user agent to a session.
- *
- * @since 4.0.0
- *
- * @param array $session Array of extra data.
- * @param int $user_id User ID.
- */
- $session = apply_filters( 'attach_session_information', array(), $this->user_id );
- $session['expiration'] = $expiration;
-
- // IP address.
- if ( !empty( $_SERVER['REMOTE_ADDR'] ) ) {
- $session['ip'] = $_SERVER['REMOTE_ADDR'];
- }
-
- // User-agent.
- if ( ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
- $session['ua'] = wp_unslash( $_SERVER['HTTP_USER_AGENT'] );
- }
-
- // Timestamp
- $session['login'] = time();
-
- $token = wp_generate_password( 43, false, false );
-
- $this->update( $token, $session );
-
- return $token;
- }
-
- /**
- * Update a session token.
- *
- * @since 4.0.0
- * @access public
- *
- * @param string $token Session token to update.
- * @param array $session Session information.
- */
- final public function update( $token, $session ) {
- $verifier = $this->hash_token( $token );
- $this->update_session( $verifier, $session );
- }
-
- /**
- * Destroy a session token.
- *
- * @since 4.0.0
- * @access public
- *
- * @param string $token Session token to destroy.
- */
- final public function destroy( $token ) {
- $verifier = $this->hash_token( $token );
- $this->update_session( $verifier, null );
- }
-
- /**
- * Destroy all session tokens for this user,
- * except a single token, presumably the one in use.
- *
- * @since 4.0.0
- * @access public
- *
- * @param string $token_to_keep Session token to keep.
- */
- final public function destroy_others( $token_to_keep ) {
- $verifier = $this->hash_token( $token_to_keep );
- $session = $this->get_session( $verifier );
- if ( $session ) {
- $this->destroy_other_sessions( $verifier );
- } else {
- $this->destroy_all_sessions();
- }
- }
-
- /**
- * Determine whether a session token is still valid,
- * based on expiration.
- *
- * @since 4.0.0
- * @access protected
- *
- * @param array $session Session to check.
- * @return bool Whether session is valid.
- */
- final protected function is_still_valid( $session ) {
- return $session['expiration'] >= time();
- }
-
- /**
- * Destroy all session tokens for a user.
- *
- * @since 4.0.0
- * @access public
- */
- final public function destroy_all() {
- $this->destroy_all_sessions();
- }
-
- /**
- * Destroy all session tokens for all users.
- *
- * @since 4.0.0
- * @access public
- * @static
- */
- final public static function destroy_all_for_all_users() {
- $manager = apply_filters( 'session_token_manager', 'WP_User_Meta_Session_Tokens' );
- call_user_func( array( $manager, 'drop_sessions' ) );
- }
-
- /**
- * Retrieve all sessions of a user.
- *
- * @since 4.0.0
- * @access public
- *
- * @return array Sessions of a user.
- */
- final public function get_all() {
- return array_values( $this->get_sessions() );
- }
-
- /**
- * This method should retrieve all sessions of a user, keyed by verifier.
- *
- * @since 4.0.0
- * @access protected
- *
- * @return array Sessions of a user, keyed by verifier.
- */
- abstract protected function get_sessions();
-
- /**
- * This method should look up a session by its verifier (token hash).
- *
- * @since 4.0.0
- * @access protected
- *
- * @param string $verifier Verifier of the session to retrieve.
- * @return array|null The session, or null if it does not exist.
- */
- abstract protected function get_session( $verifier );
-
- /**
- * This method should update a session by its verifier.
- *
- * Omitting the second argument should destroy the session.
- *
- * @since 4.0.0
- * @access protected
- *
- * @param string $verifier Verifier of the session to update.
- * @param array $session Optional. Session. Omitting this argument destroys the session.
- */
- abstract protected function update_session( $verifier, $session = null );
-
- /**
- * This method should destroy all session tokens for this user,
- * except a single session passed.
- *
- * @since 4.0.0
- * @access protected
- *
- * @param string $verifier Verifier of the session to keep.
- */
- abstract protected function destroy_other_sessions( $verifier );
-
- /**
- * This method should destroy all sessions for a user.
- *
- * @since 4.0.0
- * @access protected
- */
- abstract protected function destroy_all_sessions();
-
- /**
- * This static method should destroy all session tokens for all users.
- *
- * @since 4.0.0
- * @access public
- * @static
- */
- public static function drop_sessions() {}
-}
-
-/**
- * Meta-based user sessions token manager.
- *
- * @since 4.0.0
- */
-class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
-
- /**
- * Get all sessions of a user.
- *
- * @since 4.0.0
- * @access protected
- *
- * @return array Sessions of a user.
- */
- protected function get_sessions() {
- $sessions = get_user_meta( $this->user_id, 'session_tokens', true );
-
- if ( ! is_array( $sessions ) ) {
- return array();
- }
-
- $sessions = array_map( array( $this, 'prepare_session' ), $sessions );
- return array_filter( $sessions, array( $this, 'is_still_valid' ) );
- }
-
- /**
- * Converts an expiration to an array of session information.
- *
- * @param mixed $session Session or expiration.
- * @return array Session.
- */
- protected function prepare_session( $session ) {
- if ( is_int( $session ) ) {
- return array( 'expiration' => $session );
- }
-
- return $session;
- }
-
- /**
- * Retrieve a session by its verifier (token hash).
- *
- * @since 4.0.0
- * @access protected
- *
- * @param string $verifier Verifier of the session to retrieve.
- * @return array|null The session, or null if it does not exist
- */
- protected function get_session( $verifier ) {
- $sessions = $this->get_sessions();
-
- if ( isset( $sessions[ $verifier ] ) ) {
- return $sessions[ $verifier ];
- }
-
- return null;
- }
-
- /**
- * Update a session by its verifier.
- *
- * @since 4.0.0
- * @access protected
- *
- * @param string $verifier Verifier of the session to update.
- * @param array $session Optional. Session. Omitting this argument destroys the session.
- */
- protected function update_session( $verifier, $session = null ) {
- $sessions = $this->get_sessions();
-
- if ( $session ) {
- $sessions[ $verifier ] = $session;
- } else {
- unset( $sessions[ $verifier ] );
- }
-
- $this->update_sessions( $sessions );
- }
-
- /**
- * Update a user's sessions in the usermeta table.
- *
- * @since 4.0.0
- * @access protected
- *
- * @param array $sessions Sessions.
- */
- protected function update_sessions( $sessions ) {
- if ( $sessions ) {
- update_user_meta( $this->user_id, 'session_tokens', $sessions );
- } else {
- delete_user_meta( $this->user_id, 'session_tokens' );
- }
- }
-
- /**
- * Destroy all session tokens for a user, except a single session passed.
- *
- * @since 4.0.0
- * @access protected
- *
- * @param string $verifier Verifier of the session to keep.
- */
- protected function destroy_other_sessions( $verifier ) {
- $session = $this->get_session( $verifier );
- $this->update_sessions( array( $verifier => $session ) );
- }
-
- /**
- * Destroy all session tokens for a user.
- *
- * @since 4.0.0
- * @access protected
- */
- protected function destroy_all_sessions() {
- $this->update_sessions( array() );
- }
-
- /**
- * Destroy all session tokens for all users.
- *
- * @since 4.0.0
- * @access public
- * @static
- */
- public static function drop_sessions() {
- delete_metadata( 'user', 0, 'session_tokens', false, true );
- }
-}
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+require_once( ABSPATH . WPINC . '/class-wp-session-tokens.php' );
+require_once( ABSPATH . WPINC . '/class-wp-user-meta-session-tokens.php' );
</ins><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of file
</span></span></pre>
</div>
</div>
</body>
</html>