1<?php
  2/**
  3 * Session API: WP_User_Meta_Session_Tokens class
  4 *
  5 * @package WordPress
  6 * @subpackage Session
  7 * @since 4.7.0
  8 */
  9
 10/**
 11 * Meta-based user sessions token manager.
 12 *
 13 * @since 4.0.0
 14 *
 15 * @see WP_Session_Tokens
 16 */
 17class WP_User_Meta_Session_Tokens extends WP_Session_Tokens {
 18
 19	/**
 20	 * Retrieves all sessions of the user.
 21	 *
 22	 * @since 4.0.0
 23	 *
 24	 * @return array Sessions of the user.
 25	 */
 26	protected function get_sessions() {
 27		$sessions = get_user_meta( $this->user_id, 'session_tokens', true );
 28
 29		if ( ! is_array( $sessions ) ) {
 30			return array();
 31		}
 32
 33		$sessions = array_map( array( $this, 'prepare_session' ), $sessions );
 34		return array_filter( $sessions, array( $this, 'is_still_valid' ) );
 35	}
 36
 37	/**
 38	 * Converts an expiration to an array of session information.
 39	 *
 40	 * @since 4.0.0
 41	 *
 42	 * @param mixed $session Session or expiration.
 43	 * @return array Session.
 44	 */
 45	protected function prepare_session( $session ) {
 46		if ( is_int( $session ) ) {
 47			return array( 'expiration' => $session );
 48		}
 49
 50		return $session;
 51	}
 52
 53	/**
 54	 * Retrieves a session based on its verifier (token hash).
 55	 *
 56	 * @since 4.0.0
 57	 *
 58	 * @param string $verifier Verifier for the session to retrieve.
 59	 * @return array|null The session, or null if it does not exist
 60	 */
 61	protected function get_session( $verifier ) {
 62		$sessions = $this->get_sessions();
 63
 64		if ( isset( $sessions[ $verifier ] ) ) {
 65			return $sessions[ $verifier ];
 66		}
 67
 68		return null;
 69	}
 70
 71	/**
 72	 * Updates a session based on its verifier (token hash).
 73	 *
 74	 * @since 4.0.0
 75	 *
 76	 * @param string $verifier Verifier for the session to update.
 77	 * @param array  $session  Optional. Session. Omitting this argument destroys the session.
 78	 */
 79	protected function update_session( $verifier, $session = null ) {
 80		$sessions = $this->get_sessions();
 81
 82		if ( $session ) {
 83			$sessions[ $verifier ] = $session;
 84		} else {
 85			unset( $sessions[ $verifier ] );
 86		}
 87
 88		$this->update_sessions( $sessions );
 89	}
 90
 91	/**
 92	 * Updates the user's sessions in the usermeta table.
 93	 *
 94	 * @since 4.0.0
 95	 *
 96	 * @param array $sessions Sessions.
 97	 */
 98	protected function update_sessions( $sessions ) {
 99		if ( $sessions ) {
100			update_user_meta( $this->user_id, 'session_tokens', $sessions );
101		} else {
102			delete_user_meta( $this->user_id, 'session_tokens' );
103		}
104	}
105
106	/**
107	 * Destroys all sessions for this user, except the single session with the given verifier.
108	 *
109	 * @since 4.0.0
110	 *
111	 * @param string $verifier Verifier of the session to keep.
112	 */
113	protected function destroy_other_sessions( $verifier ) {
114		$session = $this->get_session( $verifier );
115		$this->update_sessions( array( $verifier => $session ) );
116	}
117
118	/**
119	 * Destroys all session tokens for the user.
120	 *
121	 * @since 4.0.0
122	 */
123	protected function destroy_all_sessions() {
124		$this->update_sessions( array() );
125	}
126
127	/**
128	 * Destroys all sessions for all users.
129	 *
130	 * @since 4.0.0
131	 */
132	public static function drop_sessions() {
133		delete_metadata( 'user', 0, 'session_tokens', false, true );
134	}
135}
136