/wp-includes/class-wp-user-meta-session-tokens.php

  1. <?php 
  2. /** 
  3. * Session API: WP_User_Meta_Session_Tokens class 
  4. * 
  5. * @package WordPress 
  6. * @subpackage Session 
  7. * @since 4.7.0 
  8. */ 
  9.  
  10. /** 
  11. * Meta-based user sessions token manager. 
  12. * 
  13. * @since 4.0.0 
  14. */ 
  15. class WP_User_Meta_Session_Tokens extends WP_Session_Tokens { 
  16.  
  17. /** 
  18. * Get all sessions of a user. 
  19. * 
  20. * @since 4.0.0 
  21. * @access protected 
  22. * 
  23. * @return array Sessions of a user. 
  24. */ 
  25. protected function get_sessions() { 
  26. $sessions = get_user_meta( $this->user_id, 'session_tokens', true ); 
  27.  
  28. if ( ! is_array( $sessions ) ) { 
  29. return array(); 
  30.  
  31. $sessions = array_map( array( $this, 'prepare_session' ), $sessions ); 
  32. return array_filter( $sessions, array( $this, 'is_still_valid' ) ); 
  33.  
  34. /** 
  35. * Converts an expiration to an array of session information. 
  36. * 
  37. * @param mixed $session Session or expiration. 
  38. * @return array Session. 
  39. */ 
  40. protected function prepare_session( $session ) { 
  41. if ( is_int( $session ) ) { 
  42. return array( 'expiration' => $session ); 
  43.  
  44. return $session; 
  45.  
  46. /** 
  47. * Retrieve a session by its verifier (token hash). 
  48. * 
  49. * @since 4.0.0 
  50. * @access protected 
  51. * 
  52. * @param string $verifier Verifier of the session to retrieve. 
  53. * @return array|null The session, or null if it does not exist 
  54. */ 
  55. protected function get_session( $verifier ) { 
  56. $sessions = $this->get_sessions(); 
  57.  
  58. if ( isset( $sessions[ $verifier ] ) ) { 
  59. return $sessions[ $verifier ]; 
  60.  
  61. return null; 
  62.  
  63. /** 
  64. * Update a session by its verifier. 
  65. * 
  66. * @since 4.0.0 
  67. * @access protected 
  68. * 
  69. * @param string $verifier Verifier of the session to update. 
  70. * @param array $session Optional. Session. Omitting this argument destroys the session. 
  71. */ 
  72. protected function update_session( $verifier, $session = null ) { 
  73. $sessions = $this->get_sessions(); 
  74.  
  75. if ( $session ) { 
  76. $sessions[ $verifier ] = $session; 
  77. } else { 
  78. unset( $sessions[ $verifier ] ); 
  79.  
  80. $this->update_sessions( $sessions ); 
  81.  
  82. /** 
  83. * Update a user's sessions in the usermeta table. 
  84. * 
  85. * @since 4.0.0 
  86. * @access protected 
  87. * 
  88. * @param array $sessions Sessions. 
  89. */ 
  90. protected function update_sessions( $sessions ) { 
  91. if ( $sessions ) { 
  92. update_user_meta( $this->user_id, 'session_tokens', $sessions ); 
  93. } else { 
  94. delete_user_meta( $this->user_id, 'session_tokens' ); 
  95.  
  96. /** 
  97. * Destroy all session tokens for a user, except a single session passed. 
  98. * 
  99. * @since 4.0.0 
  100. * @access protected 
  101. * 
  102. * @param string $verifier Verifier of the session to keep. 
  103. */ 
  104. protected function destroy_other_sessions( $verifier ) { 
  105. $session = $this->get_session( $verifier ); 
  106. $this->update_sessions( array( $verifier => $session ) ); 
  107.  
  108. /** 
  109. * Destroy all session tokens for a user. 
  110. * 
  111. * @since 4.0.0 
  112. * @access protected 
  113. */ 
  114. protected function destroy_all_sessions() { 
  115. $this->update_sessions( array() ); 
  116.  
  117. /** 
  118. * Destroy all session tokens for all users. 
  119. * 
  120. * @since 4.0.0 
  121. * @access public 
  122. * @static 
  123. */ 
  124. public static function drop_sessions() { 
  125. delete_metadata( 'user', 0, 'session_tokens', false, true ); 
.