1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Core
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: 
 28: /**
 29:  * Core Session Abstract model
 30:  *
 31:  * @category   Mage
 32:  * @package    Mage_Core
 33:  * @author     Magento Core Team <core@magentocommerce.com>
 34:  */
 35: class Mage_Core_Model_Session_Abstract extends Mage_Core_Model_Session_Abstract_Varien
 36: {
 37:     const XML_PATH_COOKIE_DOMAIN        = 'web/cookie/cookie_domain';
 38:     const XML_PATH_COOKIE_PATH          = 'web/cookie/cookie_path';
 39:     const XML_PATH_COOKIE_LIFETIME      = 'web/cookie/cookie_lifetime';
 40:     const XML_NODE_SESSION_SAVE         = 'global/session_save';
 41:     const XML_NODE_SESSION_SAVE_PATH    = 'global/session_save_path';
 42: 
 43:     const XML_PATH_USE_REMOTE_ADDR      = 'web/session/use_remote_addr';
 44:     const XML_PATH_USE_HTTP_VIA         = 'web/session/use_http_via';
 45:     const XML_PATH_USE_X_FORWARDED      = 'web/session/use_http_x_forwarded_for';
 46:     const XML_PATH_USE_USER_AGENT       = 'web/session/use_http_user_agent';
 47:     const XML_PATH_USE_FRONTEND_SID     = 'web/session/use_frontend_sid';
 48: 
 49:     const XML_NODE_USET_AGENT_SKIP      = 'global/session/validation/http_user_agent_skip';
 50:     const XML_PATH_LOG_EXCEPTION_FILE   = 'dev/log/exception_file';
 51: 
 52:     const SESSION_ID_QUERY_PARAM        = 'SID';
 53: 
 54:     /**
 55:      * URL host cache
 56:      *
 57:      * @var array
 58:      */
 59:     protected static $_urlHostCache = array();
 60: 
 61:     /**
 62:      * Encrypted session id cache
 63:      *
 64:      * @var string
 65:      */
 66:     protected static $_encryptedSessionId;
 67: 
 68:     /**
 69:      * Skip session id flag
 70:      *
 71:      * @var bool
 72:      */
 73:     protected $_skipSessionIdFlag   = false;
 74: 
 75:     /**
 76:      * Init session
 77:      *
 78:      * @param string $namespace
 79:      * @param string $sessionName
 80:      * @return Mage_Core_Model_Session_Abstract
 81:      */
 82:     public function init($namespace, $sessionName=null)
 83:     {
 84:         parent::init($namespace, $sessionName);
 85:         $this->addHost(true);
 86:         return $this;
 87:     }
 88: 
 89:     /**
 90:      * Retrieve Cookie domain
 91:      *
 92:      * @return string
 93:      */
 94:     public function getCookieDomain()
 95:     {
 96:         return $this->getCookie()->getDomain();
 97:     }
 98: 
 99:     /**
100:      * Retrieve cookie path
101:      *
102:      * @return string
103:      */
104:     public function getCookiePath()
105:     {
106:         return $this->getCookie()->getPath();
107:     }
108: 
109:     /**
110:      * Retrieve cookie lifetime
111:      *
112:      * @return int
113:      */
114:     public function getCookieLifetime()
115:     {
116:         return $this->getCookie()->getLifetime();
117:     }
118: 
119:     /**
120:      * Use REMOTE_ADDR in validator key
121:      *
122:      * @return bool
123:      */
124:     public function useValidateRemoteAddr()
125:     {
126:         $use = Mage::getStoreConfig(self::XML_PATH_USE_REMOTE_ADDR);
127:         if (is_null($use)) {
128:             return parent::useValidateRemoteAddr();
129:         }
130:         return (bool)$use;
131:     }
132: 
133:     /**
134:      * Use HTTP_VIA in validator key
135:      *
136:      * @return bool
137:      */
138:     public function useValidateHttpVia()
139:     {
140:         $use = Mage::getStoreConfig(self::XML_PATH_USE_HTTP_VIA);
141:         if (is_null($use)) {
142:             return parent::useValidateHttpVia();
143:         }
144:         return (bool)$use;
145:     }
146: 
147:     /**
148:      * Use HTTP_X_FORWARDED_FOR in validator key
149:      *
150:      * @return bool
151:      */
152:     public function useValidateHttpXForwardedFor()
153:     {
154:         $use = Mage::getStoreConfig(self::XML_PATH_USE_X_FORWARDED);
155:         if (is_null($use)) {
156:             return parent::useValidateHttpXForwardedFor();
157:         }
158:         return (bool)$use;
159:     }
160: 
161:     /**
162:      * Use HTTP_USER_AGENT in validator key
163:      *
164:      * @return bool
165:      */
166:     public function useValidateHttpUserAgent()
167:     {
168:         $use = Mage::getStoreConfig(self::XML_PATH_USE_USER_AGENT);
169:         if (is_null($use)) {
170:             return parent::useValidateHttpUserAgent();
171:         }
172:         return (bool)$use;
173:     }
174: 
175:     /**
176:      * Check whether SID can be used for session initialization
177:      * Admin area will always have this feature enabled
178:      *
179:      * @return bool
180:      */
181:     public function useSid()
182:     {
183:         return Mage::app()->getStore()->isAdmin() || Mage::getStoreConfig(self::XML_PATH_USE_FRONTEND_SID);
184:     }
185: 
186:     /**
187:      * Retrieve skip User Agent validation strings (Flash etc)
188:      *
189:      * @return array
190:      */
191:     public function getValidateHttpUserAgentSkip()
192:     {
193:         $userAgents = array();
194:         $skip = Mage::getConfig()->getNode(self::XML_NODE_USET_AGENT_SKIP);
195:         foreach ($skip->children() as $userAgent) {
196:             $userAgents[] = (string)$userAgent;
197:         }
198:         return $userAgents;
199:     }
200: 
201:     /**
202:      * Retrieve messages from session
203:      *
204:      * @param   bool $clear
205:      * @return  Mage_Core_Model_Message_Collection
206:      */
207:     public function getMessages($clear=false)
208:     {
209:         if (!$this->getData('messages')) {
210:             $this->setMessages(Mage::getModel('core/message_collection'));
211:         }
212: 
213:         if ($clear) {
214:             $messages = clone $this->getData('messages');
215:             $this->getData('messages')->clear();
216:             Mage::dispatchEvent('core_session_abstract_clear_messages');
217:             return $messages;
218:         }
219:         return $this->getData('messages');
220:     }
221: 
222:     /**
223:      * Not Mage exception handling
224:      *
225:      * @param   Exception $exception
226:      * @param   string $alternativeText
227:      * @return  Mage_Core_Model_Session_Abstract
228:      */
229:     public function addException(Exception $exception, $alternativeText)
230:     {
231:         // log exception to exceptions log
232:         $message = sprintf('Exception message: %s%sTrace: %s',
233:             $exception->getMessage(),
234:             "\n",
235:             $exception->getTraceAsString());
236:         $file    = Mage::getStoreConfig(self::XML_PATH_LOG_EXCEPTION_FILE);
237:         Mage::log($message, Zend_Log::DEBUG, $file);
238: 
239:         $this->addMessage(Mage::getSingleton('core/message')->error($alternativeText));
240:         return $this;
241:     }
242: 
243:     /**
244:      * Adding new message to message collection
245:      *
246:      * @param   Mage_Core_Model_Message_Abstract $message
247:      * @return  Mage_Core_Model_Session_Abstract
248:      */
249:     public function addMessage(Mage_Core_Model_Message_Abstract $message)
250:     {
251:         $this->getMessages()->add($message);
252:         Mage::dispatchEvent('core_session_abstract_add_message');
253:         return $this;
254:     }
255: 
256:     /**
257:      * Adding new error message
258:      *
259:      * @param   string $message
260:      * @return  Mage_Core_Model_Session_Abstract
261:      */
262:     public function addError($message)
263:     {
264:         $this->addMessage(Mage::getSingleton('core/message')->error($message));
265:         return $this;
266:     }
267: 
268:     /**
269:      * Adding new warning message
270:      *
271:      * @param   string $message
272:      * @return  Mage_Core_Model_Session_Abstract
273:      */
274:     public function addWarning($message)
275:     {
276:         $this->addMessage(Mage::getSingleton('core/message')->warning($message));
277:         return $this;
278:     }
279: 
280:     /**
281:      * Adding new notice message
282:      *
283:      * @param   string $message
284:      * @return  Mage_Core_Model_Session_Abstract
285:      */
286:     public function addNotice($message)
287:     {
288:         $this->addMessage(Mage::getSingleton('core/message')->notice($message));
289:         return $this;
290:     }
291: 
292:     /**
293:      * Adding new success message
294:      *
295:      * @param   string $message
296:      * @return  Mage_Core_Model_Session_Abstract
297:      */
298:     public function addSuccess($message)
299:     {
300:         $this->addMessage(Mage::getSingleton('core/message')->success($message));
301:         return $this;
302:     }
303: 
304:     /**
305:      * Adding messages array to message collection
306:      *
307:      * @param   array $messages
308:      * @return  Mage_Core_Model_Session_Abstract
309:      */
310:     public function addMessages($messages)
311:     {
312:         if (is_array($messages)) {
313:             foreach ($messages as $message) {
314:                 $this->addMessage($message);
315:             }
316:         }
317:         return $this;
318:     }
319: 
320:     /**
321:      * Adds messages array to message collection, but doesn't add duplicates to it
322:      *
323:      * @param   array|string|Mage_Core_Model_Message_Abstract $messages
324:      * @return  Mage_Core_Model_Session_Abstract
325:      */
326:     public function addUniqueMessages($messages)
327:     {
328:         if (!is_array($messages)) {
329:             $messages = array($messages);
330:         }
331:         if (!$messages) {
332:             return $this;
333:         }
334: 
335:         $messagesAlready = array();
336:         $items = $this->getMessages()->getItems();
337:         foreach ($items as $item) {
338:             if ($item instanceof Mage_Core_Model_Message_Abstract) {
339:                 $text = $item->getText();
340:             } else if (is_string($item)) {
341:                 $text = $item;
342:             } else {
343:                 continue; // Some unknown object, do not put it in already existing messages
344:             }
345:             $messagesAlready[$text] = true;
346:         }
347: 
348:         foreach ($messages as $message) {
349:             if ($message instanceof Mage_Core_Model_Message_Abstract) {
350:                 $text = $message->getText();
351:             } else if (is_string($message)) {
352:                 $text = $message;
353:             } else {
354:                 $text = null; // Some unknown object, add it anyway
355:             }
356: 
357:             // Check for duplication
358:             if ($text !== null) {
359:                 if (isset($messagesAlready[$text])) {
360:                     continue;
361:                 }
362:                 $messagesAlready[$text] = true;
363:             }
364:             $this->addMessage($message);
365:         }
366: 
367:         return $this;
368:     }
369: 
370:     /**
371:      * Specify session identifier
372:      *
373:      * @param   string|null $id
374:      * @return  Mage_Core_Model_Session_Abstract
375:      */
376:     public function setSessionId($id=null)
377:     {
378:         if (is_null($id) && $this->useSid()) {
379:             $_queryParam = $this->getSessionIdQueryParam();
380:             if (isset($_GET[$_queryParam]) && Mage::getSingleton('core/url')->isOwnOriginUrl()) {
381:                 $id = $_GET[$_queryParam];
382:             }
383:         }
384: 
385:         $this->addHost(true);
386:         return parent::setSessionId($id);
387:     }
388: 
389:     /**
390:      * Get encrypted session identifier.
391:      * No reason use crypt key for session id encryption, we can use session identifier as is.
392:      *
393:      * @return string
394:      */
395:     public function getEncryptedSessionId()
396:     {
397:         if (!self::$_encryptedSessionId) {
398:             self::$_encryptedSessionId = $this->getSessionId();
399:         }
400:         return self::$_encryptedSessionId;
401:     }
402: 
403:     public function getSessionIdQueryParam()
404:     {
405:         $_sessionName = $this->getSessionName();
406:         if ($_sessionName && $queryParam = (string)Mage::getConfig()->getNode($_sessionName . '/session/query_param')) {
407:             return $queryParam;
408:         }
409:         return self::SESSION_ID_QUERY_PARAM;
410:     }
411: 
412:     /**
413:      * Set skip flag if need skip generating of _GET session_id_key param
414:      *
415:      * @param bool $flag
416:      * @return Mage_Core_Model_Session_Abstract
417:      */
418:     public function setSkipSessionIdFlag($flag)
419:     {
420:         $this->_skipSessionIdFlag = $flag;
421:         return $this;
422:     }
423: 
424:     /**
425:      * Retrieve session id skip flag
426:      *
427:      * @return bool
428:      */
429:     public function getSkipSessionIdFlag()
430:     {
431:         return $this->_skipSessionIdFlag;
432:     }
433: 
434:     /**
435:      * If session cookie is not applicable due to host or path mismatch - add session id to query
436:      *
437:      * @param string $urlHost can be host or url
438:      * @return string {session_id_key}={session_id_encrypted}
439:      */
440:     public function getSessionIdForHost($urlHost)
441:     {
442:         if ($this->getSkipSessionIdFlag() === true) {
443:             return '';
444:         }
445: 
446:         $httpHost = Mage::app()->getFrontController()->getRequest()->getHttpHost();
447:         if (!$httpHost) {
448:             return '';
449:         }
450: 
451:         $urlHostArr = explode('/', $urlHost, 4);
452:         if (!empty($urlHostArr[2])) {
453:             $urlHost = $urlHostArr[2];
454:         }
455:         $urlPath = empty($urlHostArr[3]) ? '' : $urlHostArr[3];
456: 
457:         if (!isset(self::$_urlHostCache[$urlHost])) {
458:             $urlHostArr = explode(':', $urlHost);
459:             $urlHost = $urlHostArr[0];
460:             $sessionId = $httpHost !== $urlHost && !$this->isValidForHost($urlHost)
461:                 ? $this->getEncryptedSessionId() : '';
462:             self::$_urlHostCache[$urlHost] = $sessionId;
463:         }
464: 
465:         return Mage::app()->getStore()->isAdmin() || $this->isValidForPath($urlPath) ? self::$_urlHostCache[$urlHost]
466:             : $this->getEncryptedSessionId();
467:     }
468: 
469:     /**
470:      * Check if session is valid for given hostname
471:      *
472:      * @param string $host
473:      * @return bool
474:      */
475:     public function isValidForHost($host)
476:     {
477:         $hostArr = explode(':', $host);
478:         $hosts = $this->getSessionHosts();
479:         return !empty($hosts[$hostArr[0]]);
480:     }
481: 
482:     /**
483:      * Check if session is valid for given path
484:      *
485:      * @param string $path
486:      * @return bool
487:      */
488:     public function isValidForPath($path)
489:     {
490:         $cookiePath = trim($this->getCookiePath(), '/') . '/';
491:         if ($cookiePath == '/') {
492:             return true;
493:         }
494: 
495:         $urlPath = trim($path, '/') . '/';
496: 
497:         return strpos($urlPath, $cookiePath) === 0;
498:     }
499: 
500:     /**
501:      * Add hostname to session
502:      *
503:      * @param string $host
504:      * @return Mage_Core_Model_Session_Abstract
505:      */
506:     public function addHost($host)
507:     {
508:         if ($host === true) {
509:             if (!$host = Mage::app()->getFrontController()->getRequest()->getHttpHost()) {
510:                 return $this;
511:             }
512:         }
513: 
514:         if (!$host) {
515:             return $this;
516:         }
517: 
518:         $hosts = $this->getSessionHosts();
519:         $hosts[$host] = true;
520:         $this->setSessionHosts($hosts);
521:         return $this;
522:     }
523: 
524:     /**
525:      * Retrieve session hostnames
526:      *
527:      * @return array
528:      */
529:     public function getSessionHosts()
530:     {
531:         return $this->getData('session_hosts');
532:     }
533: 
534:     /**
535:      * Retrieve session save method
536:      *
537:      * @return string
538:      */
539:     public function getSessionSaveMethod()
540:     {
541:         if (Mage::isInstalled() && $sessionSave = Mage::getConfig()->getNode(self::XML_NODE_SESSION_SAVE)) {
542:             return $sessionSave;
543:         }
544:         return parent::getSessionSaveMethod();
545:     }
546: 
547:     /**
548:      * Get session save path
549:      *
550:      * @return string
551:      */
552:     public function getSessionSavePath()
553:     {
554:         if (Mage::isInstalled() && $sessionSavePath = Mage::getConfig()->getNode(self::XML_NODE_SESSION_SAVE_PATH)) {
555:             return $sessionSavePath;
556:         }
557:         return parent::getSessionSavePath();
558:     }
559: 
560:     /**
561:      * Renew session id and update session cookie
562:      *
563:      * @return Mage_Core_Model_Session_Abstract
564:      */
565:     public function renewSession()
566:     {
567:         $this->getCookie()->delete($this->getSessionName());
568:         $this->regenerateSessionId();
569: 
570:         $sessionHosts = $this->getSessionHosts();
571:         $currentCookieDomain = $this->getCookie()->getDomain();
572:         if (is_array($sessionHosts)) {
573:             foreach (array_keys($sessionHosts) as $host) {
574:                 // Delete cookies with the same name for parent domains
575:                 if (strpos($currentCookieDomain, $host) > 0) {
576:                     $this->getCookie()->delete($this->getSessionName(), null, $host);
577:                 }
578:             }
579:         }
580: 
581:         return $this;
582:     }
583: }
584: