Merge branch '44711-27' of git://github.com/samhemelryk/moodle into MOODLE_27_STABLE
[moodle.git] / lib / sessionlib.php
blob49b542da7bb4e7ca2cf9381a4b794b918729d80c
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17 /**
18 * @package core
19 * @subpackage session
20 * @copyright 1999 onwards Martin Dougiamas {@link http://moodle.com}
21 * @copyright 2008, 2009 Petr Skoda {@link http://skodak.org}
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25 defined('MOODLE_INTERNAL') || die();
28 /**
29 * Makes sure that $USER->sesskey exists, if $USER itself exists. It sets a new sesskey
30 * if one does not already exist, but does not overwrite existing sesskeys. Returns the
31 * sesskey string if $USER exists, or boolean false if not.
33 * @uses $USER
34 * @return string
36 function sesskey() {
37 // note: do not use $USER because it may not be initialised yet
38 if (empty($_SESSION['USER']->sesskey)) {
39 if (!isset($_SESSION['USER'])) {
40 $_SESSION['USER'] = new stdClass;
42 $_SESSION['USER']->sesskey = random_string(10);
45 return $_SESSION['USER']->sesskey;
49 /**
50 * Check the sesskey and return true of false for whether it is valid.
51 * (You might like to imagine this function is called sesskey_is_valid().)
53 * Every script that lets the user perform a significant action (that is,
54 * changes data in the database) should check the sesskey before doing the action.
55 * Depending on your code flow, you may want to use the {@link require_sesskey()}
56 * helper function.
58 * @param string $sesskey The sesskey value to check (optional). Normally leave this blank
59 * and this function will do required_param('sesskey', ...).
60 * @return bool whether the sesskey sent in the request matches the one stored in the session.
62 function confirm_sesskey($sesskey=NULL) {
63 global $USER;
65 if (!empty($USER->ignoresesskey)) {
66 return true;
69 if (empty($sesskey)) {
70 $sesskey = required_param('sesskey', PARAM_RAW); // Check script parameters
73 return (sesskey() === $sesskey);
76 /**
77 * Check the session key using {@link confirm_sesskey()},
78 * and cause a fatal error if it does not match.
80 function require_sesskey() {
81 if (!confirm_sesskey()) {
82 print_error('invalidsesskey');
86 /**
87 * Sets a moodle cookie with a weakly encrypted username
89 * @param string $username to encrypt and place in a cookie, '' means delete current cookie
90 * @return void
92 function set_moodle_cookie($username) {
93 global $CFG;
95 if (NO_MOODLE_COOKIES) {
96 return;
99 if (empty($CFG->rememberusername)) {
100 // erase current and do not store permanent cookies
101 $username = '';
104 if ($username === 'guest') {
105 // keep previous cookie in case of guest account login
106 return;
109 $cookiename = 'MOODLEID1_'.$CFG->sessioncookie;
111 // delete old cookie
112 setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
114 if ($username !== '') {
115 // set username cookie for 60 days
116 setcookie($cookiename, rc4encrypt($username), time()+(DAYSECS*60), $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
121 * Gets a moodle cookie with a weakly encrypted username
123 * @return string username
125 function get_moodle_cookie() {
126 global $CFG;
128 if (NO_MOODLE_COOKIES) {
129 return '';
132 if (empty($CFG->rememberusername)) {
133 return '';
136 $cookiename = 'MOODLEID1_'.$CFG->sessioncookie;
138 if (empty($_COOKIE[$cookiename])) {
139 return '';
140 } else {
141 $username = rc4decrypt($_COOKIE[$cookiename]);
142 if ($username === 'guest' or $username === 'nobody') {
143 // backwards compatibility - we do not set these cookies any more
144 $username = '';
146 return $username;
151 * Sets up current user and course environment (lang, etc.) in cron.
152 * Do not use outside of cron script!
154 * @param stdClass $user full user object, null means default cron user (admin)
155 * @param $course full course record, null means $SITE
156 * @return void
158 function cron_setup_user($user = NULL, $course = NULL) {
159 global $CFG, $SITE, $PAGE;
161 static $cronuser = NULL;
162 static $cronsession = NULL;
164 if (empty($cronuser)) {
165 /// ignore admins timezone, language and locale - use site default instead!
166 $cronuser = get_admin();
167 $cronuser->timezone = $CFG->timezone;
168 $cronuser->lang = '';
169 $cronuser->theme = '';
170 unset($cronuser->description);
172 $cronsession = new stdClass();
175 if (!$user) {
176 // cached default cron user (==modified admin for now)
177 \core\session\manager::set_user($cronuser);
178 $_SESSION['SESSION'] = $cronsession;
180 } else {
181 // emulate real user session - needed for caps in cron
182 if ($_SESSION['USER']->id != $user->id) {
183 \core\session\manager::set_user($user);
184 $_SESSION['SESSION'] = new stdClass();
188 // TODO MDL-19774 relying on global $PAGE in cron is a bad idea.
189 // Temporary hack so that cron does not give fatal errors.
190 $PAGE = new moodle_page();
191 if ($course) {
192 $PAGE->set_course($course);
193 } else {
194 $PAGE->set_course($SITE);
197 // TODO: it should be possible to improve perf by caching some limited number of users here ;-)