Seditio Source
Root |
./othercms/wordpress-6.0/wp-includes/class-wp-user-meta-session-tokens.php
<?php
/**
 * Session API: WP_User_Meta_Session_Tokens class
 *
 * @package WordPress
 * @subpackage Session
 * @since 4.7.0
 */

/**
 * Meta-based user sessions token manager.
 *
 * @since 4.0.0
 *
 * @see WP_Session_Tokens
 */
class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {

    /**
     * Retrieves all sessions of the user.
     *
     * @since 4.0.0
     *
     * @return array Sessions of the user.
     */
    protected function get_sessions() {
        $sessions = get_user_meta( $this->user_id, 'session_tokens', true );

        if ( ! is_array( $sessions ) ) {
            return array();
        }

        $sessions = array_map( array( $this, 'prepare_session' ), $sessions );
        return array_filter( $sessions, array( $this, 'is_still_valid' ) );
    }

    /**
     * Converts an expiration to an array of session information.
     *
     * @param mixed $session Session or expiration.
     * @return array Session.
     */
    protected function prepare_session( $session ) {
        if ( is_int( $session ) ) {
            return array( 'expiration' => $session );
        }

        return $session;
    }

    /**
     * Retrieves a session based on its verifier (token hash).
     *
     * @since 4.0.0
     *
     * @param string $verifier Verifier for the session to retrieve.
     * @return array|null The session, or null if it does not exist
     */
    protected function get_session( $verifier ) {
        $sessions = $this->get_sessions();

        if ( isset( $sessions[ $verifier ] ) ) {
            return $sessions[ $verifier ];
        }

        return null;
    }

    /**
     * Updates a session based on its verifier (token hash).
     *
     * @since 4.0.0
     *
     * @param string $verifier Verifier for the session to update.
     * @param array  $session  Optional. Session. Omitting this argument destroys the session.
     */
    protected function update_session( $verifier, $session = null ) {
        $sessions = $this->get_sessions();

        if ( $session ) {
            $sessions[ $verifier ] = $session;
        } else {
            unset( $sessions[ $verifier ] );
        }

        $this->update_sessions( $sessions );
    }

    /**
     * Updates the user's sessions in the usermeta table.
     *
     * @since 4.0.0
     *
     * @param array $sessions Sessions.
     */
    protected function update_sessions( $sessions ) {
        if ( $sessions ) {
            update_user_meta( $this->user_id, 'session_tokens', $sessions );
        } else {
            delete_user_meta( $this->user_id, 'session_tokens' );
        }
    }

    /**
     * Destroys all sessions for this user, except the single session with the given verifier.
     *
     * @since 4.0.0
     *
     * @param string $verifier Verifier of the session to keep.
     */
    protected function destroy_other_sessions( $verifier ) {
        $session = $this->get_session( $verifier );
        $this->update_sessions( array( $verifier => $session ) );
    }

    /**
     * Destroys all session tokens for the user.
     *
     * @since 4.0.0
     */
    protected function destroy_all_sessions() {
        $this->update_sessions( array() );
    }

    /**
     * Destroys all sessions for all users.
     *
     * @since 4.0.0
     */
    public static function drop_sessions() {
        delete_metadata( 'user', 0, 'session_tokens', false, true );
    }
}