Server : LiteSpeed System : Linux premium84.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64 User : claqxcrl ( 523) PHP Version : 8.1.32 Disable Function : NONE Directory : /home/claqxcrl/anfangola.com/wp-content/plugins/matomo/app/core/Session/ |
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
*/
namespace Piwik\Session;
use Piwik\Config;
use Piwik\Date;
/**
* Manages session information that is used to identify who the session
* is for.
*
* Once a session is authenticated using either a user name & password or
* token auth, some information about the user is stored in the session.
* This info includes the user name and the user agent
* string of the user's client, and a random session secret.
*
* In subsequent requests that use this session, we use the above information
* to verify that the session is allowed to be used by the person sending the
* request.
*
* This is accomplished by checking the request's user agent
* against what is stored in the session. If it doesn't then this is a
* session hijacking attempt.
*
* We also check that a hash in the matomo_auth cookie matches the hash
* of the time the user last changed their password + the session secret.
* If they don't match, the password has been changed since this session
* started, and is no longer valid.
*/
class SessionFingerprint
{
// used in case the global.ini.php becomes corrupt or doesn't update properly
const DEFAULT_IDLE_TIMEOUT = 3600;
const USER_NAME_SESSION_VAR_NAME = 'user.name';
const SESSION_INFO_SESSION_VAR_NAME = 'session.info';
const SESSION_INFO_TWO_FACTOR_AUTH_VERIFIED = 'twofactorauth.verified';
const SESSION_INFO_TEMP_TOKEN_AUTH = 'user.token_auth_temp';
public function getUser()
{
if (isset($_SESSION[self::USER_NAME_SESSION_VAR_NAME])) {
return $_SESSION[self::USER_NAME_SESSION_VAR_NAME];
}
return null;
}
public function getUserInfo()
{
if (isset($_SESSION[self::SESSION_INFO_SESSION_VAR_NAME])) {
return $_SESSION[self::SESSION_INFO_SESSION_VAR_NAME];
}
return null;
}
public function getSessionTokenAuth()
{
if (!empty($_SESSION[self::SESSION_INFO_TEMP_TOKEN_AUTH])) {
return $_SESSION[self::SESSION_INFO_TEMP_TOKEN_AUTH];
}
return null;
}
public function hasVerifiedTwoFactor()
{
if (isset($_SESSION[self::SESSION_INFO_TWO_FACTOR_AUTH_VERIFIED])) {
return !empty($_SESSION[self::SESSION_INFO_TWO_FACTOR_AUTH_VERIFIED]);
}
return null;
}
public function setTwoFactorAuthenticationVerified()
{
$_SESSION[self::SESSION_INFO_TWO_FACTOR_AUTH_VERIFIED] = 1;
}
public function initialize($userName, $tokenAuth, $isRemembered = false, $time = null)
{
$time = $time ?: Date::now()->getTimestampUTC();
$_SESSION[self::USER_NAME_SESSION_VAR_NAME] = $userName;
$_SESSION[self::SESSION_INFO_TWO_FACTOR_AUTH_VERIFIED] = 0;
$_SESSION[self::SESSION_INFO_TEMP_TOKEN_AUTH] = $tokenAuth;
$_SESSION[self::SESSION_INFO_SESSION_VAR_NAME] = ['ts' => $time, 'remembered' => $isRemembered, 'expiration' => $this->getExpirationTimeFromNow($time)];
}
public function clear()
{
if (isset($_SESSION[self::USER_NAME_SESSION_VAR_NAME])) {
// may not be available during tests
unset($_SESSION[self::USER_NAME_SESSION_VAR_NAME]);
}
if (isset($_SESSION[self::SESSION_INFO_SESSION_VAR_NAME])) {
// may not be available during tests
unset($_SESSION[self::SESSION_INFO_SESSION_VAR_NAME]);
}
if (isset($_SESSION[self::SESSION_INFO_TWO_FACTOR_AUTH_VERIFIED])) {
// may not be available during tests
unset($_SESSION[self::SESSION_INFO_TWO_FACTOR_AUTH_VERIFIED]);
}
if (isset($_SESSION[self::SESSION_INFO_TEMP_TOKEN_AUTH])) {
// may not be available during tests
unset($_SESSION[self::SESSION_INFO_TEMP_TOKEN_AUTH]);
}
}
public function getSessionStartTime()
{
$userInfo = $this->getUserInfo();
if (empty($userInfo) || empty($userInfo['ts'])) {
return null;
}
return $userInfo['ts'];
}
public function getExpirationTime()
{
$userInfo = $this->getUserInfo();
if (empty($userInfo) || empty($userInfo['expiration'])) {
return null;
}
return $userInfo['expiration'];
}
public function isRemembered()
{
$userInfo = $this->getUserInfo();
return !empty($userInfo['remembered']);
}
public function updateSessionExpirationTime()
{
$_SESSION[self::SESSION_INFO_SESSION_VAR_NAME]['expiration'] = $this->getExpirationTimeFromNow();
}
private function getExpirationTimeFromNow($time = null)
{
$time = $time ?: Date::now()->getTimestampUTC();
$general = Config::getInstance()->General;
if (!isset($general['login_session_not_remembered_idle_timeout']) || (int) $general['login_session_not_remembered_idle_timeout'] <= 0) {
$nonRememberedSessionExpireTime = self::DEFAULT_IDLE_TIMEOUT;
} else {
$nonRememberedSessionExpireTime = (int) $general['login_session_not_remembered_idle_timeout'];
}
$sessionCookieLifetime = $general['login_cookie_expire'];
if ($this->isRemembered()) {
$expireDuration = $sessionCookieLifetime;
} else {
$expireDuration = $nonRememberedSessionExpireTime;
}
return $time + $expireDuration;
}
}