BenoitCier
/
Opendistrib
sforkowany z Laclic/Souke
Obserwuj 1
Polub 0
Forkuj 0
Kod Zgłoszenia 0 Oczekujące zmiany 0 Wydania 0 Wiki Aktywność
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
3 Commity
2 Gałęzie
Drzewo: c34e5111c8
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'c34e5111c8'
${ noResults }
Opendistrib/vendor/yiisoft/yii2/web/Session.php

867 lines
30KB
Czysty Wina Historia 

  1. <?php

  2. /**

  3.  * @link http://www.yiiframework.com/

  4.  * @copyright Copyright (c) 2008 Yii Software LLC

  5.  * @license http://www.yiiframework.com/license/

  6.  */

  7. 

  8. namespace yii\web;

  9. 

  10. use Yii;

  11. use yii\base\Component;

  12. use yii\base\InvalidConfigException;

  13. use yii\base\InvalidParamException;

  14. 

  15. /**

  16.  * Session provides session data management and the related configurations.

  17.  *

  18.  * Session is a Web application component that can be accessed via `Yii::$app->session`.

  19.  *

  20.  * To start the session, call [[open()]]; To complete and send out session data, call [[close()]];

  21.  * To destroy the session, call [[destroy()]].

  22.  *

  23.  * Session can be used like an array to set and get session data. For example,

  24.  *

  25.  * ~~~

  26.  * $session = new Session;

  27.  * $session->open();

  28.  * $value1 = $session['name1'];  // get session variable 'name1'

  29.  * $value2 = $session['name2'];  // get session variable 'name2'

  30.  * foreach ($session as $name => $value) // traverse all session variables

  31.  * $session['name3'] = $value3;  // set session variable 'name3'

  32.  * ~~~

  33.  *

  34.  * Session can be extended to support customized session storage.

  35.  * To do so, override [[useCustomStorage]] so that it returns true, and

  36.  * override these methods with the actual logic about using custom storage:

  37.  * [[openSession()]], [[closeSession()]], [[readSession()]], [[writeSession()]],

  38.  * [[destroySession()]] and [[gcSession()]].

  39.  *

  40.  * Session also supports a special type of session data, called *flash messages*.

  41.  * A flash message is available only in the current request and the next request.

  42.  * After that, it will be deleted automatically. Flash messages are particularly

  43.  * useful for displaying confirmation messages. To use flash messages, simply

  44.  * call methods such as [[setFlash()]], [[getFlash()]].

  45.  *

  46.  * @property array $allFlashes Flash messages (key => message or key => [message1, message2]). This property

  47.  * is read-only.

  48.  * @property array $cookieParams The session cookie parameters. This property is read-only.

  49.  * @property integer $count The number of session variables. This property is read-only.

  50.  * @property string $flash The key identifying the flash message. Note that flash messages and normal session

  51.  * variables share the same name space. If you have a normal session variable using the same name, its value will

  52.  * be overwritten by this method. This property is write-only.

  53.  * @property float $gCProbability The probability (percentage) that the GC (garbage collection) process is

  54.  * started on every session initialization, defaults to 1 meaning 1% chance.

  55.  * @property boolean $hasSessionId Whether the current request has sent the session ID.

  56.  * @property string $id The current session ID.

  57.  * @property boolean $isActive Whether the session has started. This property is read-only.

  58.  * @property SessionIterator $iterator An iterator for traversing the session variables. This property is

  59.  * read-only.

  60.  * @property string $name The current session name.

  61.  * @property string $savePath The current session save path, defaults to '/tmp'.

  62.  * @property integer $timeout The number of seconds after which data will be seen as 'garbage' and cleaned up.

  63.  * The default value is 1440 seconds (or the value of "session.gc_maxlifetime" set in php.ini).

  64.  * @property boolean|null $useCookies The value indicating whether cookies should be used to store session

  65.  * IDs.

  66.  * @property boolean $useCustomStorage Whether to use custom storage. This property is read-only.

  67.  * @property boolean $useTransparentSessionID Whether transparent sid support is enabled or not, defaults to

  68.  * false.

  69.  *

  70.  * @author Qiang Xue <qiang.xue@gmail.com>

  71.  * @since 2.0

  72.  */

  73. class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Countable

  74. {

  75.     /**

  76.      * @var string the name of the session variable that stores the flash message data.

  77.      */

  78.     public $flashParam = '__flash';

  79.     /**

  80.      * @var \SessionHandlerInterface|array an object implementing the SessionHandlerInterface or a configuration array. If set, will be used to provide persistency instead of build-in methods.

  81.      */

  82.     public $handler;

  83. 

  84.     /**

  85.      * @var array parameter-value pairs to override default session cookie parameters that are used for session_set_cookie_params() function

  86.      * Array may have the following possible keys: 'lifetime', 'path', 'domain', 'secure', 'httponly'

  87.      * @see http://www.php.net/manual/en/function.session-set-cookie-params.php

  88.      */

  89.     private $_cookieParams = ['httponly' => true];

  90. 

  91. 

  92.     /**

  93.      * Initializes the application component.

  94.      * This method is required by IApplicationComponent and is invoked by application.

  95.      */

  96.     public function init()

  97.     {

  98.         parent::init();

  99.         register_shutdown_function([$this, 'close']);

  100.     }

  101. 

  102.     /**

  103.      * Returns a value indicating whether to use custom session storage.

  104.      * This method should be overridden to return true by child classes that implement custom session storage.

  105.      * To implement custom session storage, override these methods: [[openSession()]], [[closeSession()]],

  106.      * [[readSession()]], [[writeSession()]], [[destroySession()]] and [[gcSession()]].

  107.      * @return boolean whether to use custom storage.

  108.      */

  109.     public function getUseCustomStorage()

  110.     {

  111.         return false;

  112.     }

  113. 

  114.     /**

  115.      * Starts the session.

  116.      */

  117.     public function open()

  118.     {

  119.         if ($this->getIsActive()) {

  120.             return;

  121.         }

  122. 

  123.         $this->registerSessionHandler();

  124. 

  125.         $this->setCookieParamsInternal();

  126. 

  127.         @session_start();

  128. 

  129.         if ($this->getIsActive()) {

  130.             Yii::info('Session started', __METHOD__);

  131.             $this->updateFlashCounters();

  132.         } else {

  133.             $error = error_get_last();

  134.             $message = isset($error['message']) ? $error['message'] : 'Failed to start session.';

  135.             Yii::error($message, __METHOD__);

  136.         }

  137.     }

  138. 

  139.     /**

  140.      * Registers session handler.

  141.      * @throws \yii\base\InvalidConfigException

  142.      */

  143.     protected function registerSessionHandler()

  144.     {

  145.         if ($this->handler !== null) {

  146.             if (!is_object($this->handler)) {

  147.                 $this->handler = Yii::createObject($this->handler);

  148.             }

  149.             if (!$this->handler instanceof \SessionHandlerInterface) {

  150.                 throw new InvalidConfigException('"' . get_class($this) . '::handler" must implement the SessionHandlerInterface.');

  151.             }

  152.             @session_set_save_handler($this->handler, false);

  153.         } elseif ($this->getUseCustomStorage()) {

  154.             @session_set_save_handler(

  155.                 [$this, 'openSession'],

  156.                 [$this, 'closeSession'],

  157.                 [$this, 'readSession'],

  158.                 [$this, 'writeSession'],

  159.                 [$this, 'destroySession'],

  160.                 [$this, 'gcSession']

  161.             );

  162.         }

  163.     }

  164. 

  165.     /**

  166.      * Ends the current session and store session data.

  167.      */

  168.     public function close()

  169.     {

  170.         if ($this->getIsActive()) {

  171.             @session_write_close();

  172.         }

  173.     }

  174. 

  175.     /**

  176.      * Frees all session variables and destroys all data registered to a session.

  177.      */

  178.     public function destroy()

  179.     {

  180.         if ($this->getIsActive()) {

  181.             @session_unset();

  182.             @session_destroy();

  183.         }

  184.     }

  185. 

  186.     /**

  187.      * @return boolean whether the session has started

  188.      */

  189.     public function getIsActive()

  190.     {

  191.         return session_status() == PHP_SESSION_ACTIVE;

  192.     }

  193. 

  194.     private $_hasSessionId;

  195. 

  196.     /**

  197.      * Returns a value indicating whether the current request has sent the session ID.

  198.      * The default implementation will check cookie and $_GET using the session name.

  199.      * If you send session ID via other ways, you may need to override this method

  200.      * or call [[setHasSessionId()]] to explicitly set whether the session ID is sent.

  201.      * @return boolean whether the current request has sent the session ID.

  202.      */

  203.     public function getHasSessionId()

  204.     {

  205.         if ($this->_hasSessionId === null) {

  206.             $name = $this->getName();

  207.             $request = Yii::$app->getRequest();

  208.             if (!empty($_COOKIE[$name]) && ini_get('session.use_cookies')) {

  209.                 $this->_hasSessionId = true;

  210.             } elseif (!ini_get('session.use_only_cookies') && ini_get('session.use_trans_sid')) {

  211.                 $this->_hasSessionId = $request->get($name) !== null;

  212.             } else {

  213.                 $this->_hasSessionId = false;

  214.             }

  215.         }

  216. 

  217.         return $this->_hasSessionId;

  218.     }

  219. 

  220.     /**

  221.      * Sets the value indicating whether the current request has sent the session ID.

  222.      * This method is provided so that you can override the default way of determining

  223.      * whether the session ID is sent.

  224.      * @param boolean $value whether the current request has sent the session ID.

  225.      */

  226.     public function setHasSessionId($value)

  227.     {

  228.         $this->_hasSessionId = $value;

  229.     }

  230. 

  231.     /**

  232.      * Gets the session ID.

  233.      * This is a wrapper for [PHP session_id()](http://php.net/manual/en/function.session-id.php).

  234.      * @return string the current session ID

  235.      */

  236.     public function getId()

  237.     {

  238.         return session_id();

  239.     }

  240. 

  241.     /**

  242.      * Sets the session ID.

  243.      * This is a wrapper for [PHP session_id()](http://php.net/manual/en/function.session-id.php).

  244.      * @param string $value the session ID for the current session

  245.      */

  246.     public function setId($value)

  247.     {

  248.         session_id($value);

  249.     }

  250. 

  251.     /**

  252.      * Updates the current session ID with a newly generated one .

  253.      * Please refer to <http://php.net/session_regenerate_id> for more details.

  254.      * @param boolean $deleteOldSession Whether to delete the old associated session file or not.

  255.      */

  256.     public function regenerateID($deleteOldSession = false)

  257.     {

  258.         // add @ to inhibit possible warning due to race condition

  259.         // https://github.com/yiisoft/yii2/pull/1812

  260.         @session_regenerate_id($deleteOldSession);

  261.     }

  262. 

  263.     /**

  264.      * Gets the name of the current session.

  265.      * This is a wrapper for [PHP session_name()](http://php.net/manual/en/function.session-name.php).

  266.      * @return string the current session name

  267.      */

  268.     public function getName()

  269.     {

  270.         return session_name();

  271.     }

  272. 

  273.     /**

  274.      * Sets the name for the current session.

  275.      * This is a wrapper for [PHP session_name()](http://php.net/manual/en/function.session-name.php).

  276.      * @param string $value the session name for the current session, must be an alphanumeric string.

  277.      * It defaults to "PHPSESSID".

  278.      */

  279.     public function setName($value)

  280.     {

  281.         session_name($value);

  282.     }

  283. 

  284.     /**

  285.      * Gets the current session save path.

  286.      * This is a wrapper for [PHP session_save_path()](http://php.net/manual/en/function.session-save-path.php).

  287.      * @return string the current session save path, defaults to '/tmp'.

  288.      */

  289.     public function getSavePath()

  290.     {

  291.         return session_save_path();

  292.     }

  293. 

  294.     /**

  295.      * Sets the current session save path.

  296.      * This is a wrapper for [PHP session_save_path()](http://php.net/manual/en/function.session-save-path.php).

  297.      * @param string $value the current session save path. This can be either a directory name or a path alias.

  298.      * @throws InvalidParamException if the path is not a valid directory

  299.      */

  300.     public function setSavePath($value)

  301.     {

  302.         $path = Yii::getAlias($value);

  303.         if (is_dir($path)) {

  304.             session_save_path($path);

  305.         } else {

  306.             throw new InvalidParamException("Session save path is not a valid directory: $value");

  307.         }

  308.     }

  309. 

  310.     /**

  311.      * @return array the session cookie parameters.

  312.      * @see http://php.net/manual/en/function.session-get-cookie-params.php

  313.      */

  314.     public function getCookieParams()

  315.     {

  316.         return array_merge(session_get_cookie_params(), array_change_key_case($this->_cookieParams));

  317.     }

  318. 

  319.     /**

  320.      * Sets the session cookie parameters.

  321.      * The cookie parameters passed to this method will be merged with the result

  322.      * of `session_get_cookie_params()`.

  323.      * @param array $value cookie parameters, valid keys include: `lifetime`, `path`, `domain`, `secure` and `httponly`.

  324.      * @throws InvalidParamException if the parameters are incomplete.

  325.      * @see http://us2.php.net/manual/en/function.session-set-cookie-params.php

  326.      */

  327.     public function setCookieParams(array $value)

  328.     {

  329.         $this->_cookieParams = $value;

  330.     }

  331. 

  332.     /**

  333.      * Sets the session cookie parameters.

  334.      * This method is called by [[open()]] when it is about to open the session.

  335.      * @throws InvalidParamException if the parameters are incomplete.

  336.      * @see http://us2.php.net/manual/en/function.session-set-cookie-params.php

  337.      */

  338.     private function setCookieParamsInternal()

  339.     {

  340.         $data = $this->getCookieParams();

  341.         extract($data);

  342.         if (isset($lifetime, $path, $domain, $secure, $httponly)) {

  343.             session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);

  344.         } else {

  345.             throw new InvalidParamException('Please make sure cookieParams contains these elements: lifetime, path, domain, secure and httponly.');

  346.         }

  347.     }

  348. 

  349.     /**

  350.      * Returns the value indicating whether cookies should be used to store session IDs.

  351.      * @return boolean|null the value indicating whether cookies should be used to store session IDs.

  352.      * @see setUseCookies()

  353.      */

  354.     public function getUseCookies()

  355.     {

  356.         if (ini_get('session.use_cookies') === '0') {

  357.             return false;

  358.         } elseif (ini_get('session.use_only_cookies') === '1') {

  359.             return true;

  360.         } else {

  361.             return null;

  362.         }

  363.     }

  364. 

  365.     /**

  366.      * Sets the value indicating whether cookies should be used to store session IDs.

  367.      * Three states are possible:

  368.      *

  369.      * - true: cookies and only cookies will be used to store session IDs.

  370.      * - false: cookies will not be used to store session IDs.

  371.      * - null: if possible, cookies will be used to store session IDs; if not, other mechanisms will be used (e.g. GET parameter)

  372.      *

  373.      * @param boolean|null $value the value indicating whether cookies should be used to store session IDs.

  374.      */

  375.     public function setUseCookies($value)

  376.     {

  377.         if ($value === false) {

  378.             ini_set('session.use_cookies', '0');

  379.             ini_set('session.use_only_cookies', '0');

  380.         } elseif ($value === true) {

  381.             ini_set('session.use_cookies', '1');

  382.             ini_set('session.use_only_cookies', '1');

  383.         } else {

  384.             ini_set('session.use_cookies', '1');

  385.             ini_set('session.use_only_cookies', '0');

  386.         }

  387.     }

  388. 

  389.     /**

  390.      * @return float the probability (percentage) that the GC (garbage collection) process is started on every session initialization, defaults to 1 meaning 1% chance.

  391.      */

  392.     public function getGCProbability()

  393.     {

  394.         return (float) (ini_get('session.gc_probability') / ini_get('session.gc_divisor') * 100);

  395.     }

  396. 

  397.     /**

  398.      * @param float $value the probability (percentage) that the GC (garbage collection) process is started on every session initialization.

  399.      * @throws InvalidParamException if the value is not between 0 and 100.

  400.      */

  401.     public function setGCProbability($value)

  402.     {

  403.         if ($value >= 0 && $value <= 100) {

  404.             // percent * 21474837 / 2147483647 ≈ percent * 0.01

  405.             ini_set('session.gc_probability', floor($value * 21474836.47));

  406.             ini_set('session.gc_divisor', 2147483647);

  407.         } else {

  408.             throw new InvalidParamException('GCProbability must be a value between 0 and 100.');

  409.         }

  410.     }

  411. 

  412.     /**

  413.      * @return boolean whether transparent sid support is enabled or not, defaults to false.

  414.      */

  415.     public function getUseTransparentSessionID()

  416.     {

  417.         return ini_get('session.use_trans_sid') == 1;

  418.     }

  419. 

  420.     /**

  421.      * @param boolean $value whether transparent sid support is enabled or not.

  422.      */

  423.     public function setUseTransparentSessionID($value)

  424.     {

  425.         ini_set('session.use_trans_sid', $value ? '1' : '0');

  426.     }

  427. 

  428.     /**

  429.      * @return integer the number of seconds after which data will be seen as 'garbage' and cleaned up.

  430.      * The default value is 1440 seconds (or the value of "session.gc_maxlifetime" set in php.ini).

  431.      */

  432.     public function getTimeout()

  433.     {

  434.         return (int) ini_get('session.gc_maxlifetime');

  435.     }

  436. 

  437.     /**

  438.      * @param integer $value the number of seconds after which data will be seen as 'garbage' and cleaned up

  439.      */

  440.     public function setTimeout($value)

  441.     {

  442.         ini_set('session.gc_maxlifetime', $value);

  443.     }

  444. 

  445.     /**

  446.      * Session open handler.

  447.      * This method should be overridden if [[useCustomStorage]] returns true.

  448.      * Do not call this method directly.

  449.      * @param string $savePath session save path

  450.      * @param string $sessionName session name

  451.      * @return boolean whether session is opened successfully

  452.      */

  453.     public function openSession($savePath, $sessionName)

  454.     {

  455.         return true;

  456.     }

  457. 

  458.     /**

  459.      * Session close handler.

  460.      * This method should be overridden if [[useCustomStorage]] returns true.

  461.      * Do not call this method directly.

  462.      * @return boolean whether session is closed successfully

  463.      */

  464.     public function closeSession()

  465.     {

  466.         return true;

  467.     }

  468. 

  469.     /**

  470.      * Session read handler.

  471.      * This method should be overridden if [[useCustomStorage]] returns true.

  472.      * Do not call this method directly.

  473.      * @param string $id session ID

  474.      * @return string the session data

  475.      */

  476.     public function readSession($id)

  477.     {

  478.         return '';

  479.     }

  480. 

  481.     /**

  482.      * Session write handler.

  483.      * This method should be overridden if [[useCustomStorage]] returns true.

  484.      * Do not call this method directly.

  485.      * @param string $id session ID

  486.      * @param string $data session data

  487.      * @return boolean whether session write is successful

  488.      */

  489.     public function writeSession($id, $data)

  490.     {

  491.         return true;

  492.     }

  493. 

  494.     /**

  495.      * Session destroy handler.

  496.      * This method should be overridden if [[useCustomStorage]] returns true.

  497.      * Do not call this method directly.

  498.      * @param string $id session ID

  499.      * @return boolean whether session is destroyed successfully

  500.      */

  501.     public function destroySession($id)

  502.     {

  503.         return true;

  504.     }

  505. 

  506.     /**

  507.      * Session GC (garbage collection) handler.

  508.      * This method should be overridden if [[useCustomStorage]] returns true.

  509.      * Do not call this method directly.

  510.      * @param integer $maxLifetime the number of seconds after which data will be seen as 'garbage' and cleaned up.

  511.      * @return boolean whether session is GCed successfully

  512.      */

  513.     public function gcSession($maxLifetime)

  514.     {

  515.         return true;

  516.     }

  517. 

  518.     /**

  519.      * Returns an iterator for traversing the session variables.

  520.      * This method is required by the interface IteratorAggregate.

  521.      * @return SessionIterator an iterator for traversing the session variables.

  522.      */

  523.     public function getIterator()

  524.     {

  525.         $this->open();

  526.         return new SessionIterator;

  527.     }

  528. 

  529.     /**

  530.      * Returns the number of items in the session.

  531.      * @return integer the number of session variables

  532.      */

  533.     public function getCount()

  534.     {

  535.         $this->open();

  536.         return count($_SESSION);

  537.     }

  538. 

  539.     /**

  540.      * Returns the number of items in the session.

  541.      * This method is required by Countable interface.

  542.      * @return integer number of items in the session.

  543.      */

  544.     public function count()

  545.     {

  546.         return $this->getCount();

  547.     }

  548. 

  549.     /**

  550.      * Returns the session variable value with the session variable name.

  551.      * If the session variable does not exist, the `$defaultValue` will be returned.

  552.      * @param string $key the session variable name

  553.      * @param mixed $defaultValue the default value to be returned when the session variable does not exist.

  554.      * @return mixed the session variable value, or $defaultValue if the session variable does not exist.

  555.      */

  556.     public function get($key, $defaultValue = null)

  557.     {

  558.         $this->open();

  559.         return isset($_SESSION[$key]) ? $_SESSION[$key] : $defaultValue;

  560.     }

  561. 

  562.     /**

  563.      * Adds a session variable.

  564.      * If the specified name already exists, the old value will be overwritten.

  565.      * @param string $key session variable name

  566.      * @param mixed $value session variable value

  567.      */

  568.     public function set($key, $value)

  569.     {

  570.         $this->open();

  571.         $_SESSION[$key] = $value;

  572.     }

  573. 

  574.     /**

  575.      * Removes a session variable.

  576.      * @param string $key the name of the session variable to be removed

  577.      * @return mixed the removed value, null if no such session variable.

  578.      */

  579.     public function remove($key)

  580.     {

  581.         $this->open();

  582.         if (isset($_SESSION[$key])) {

  583.             $value = $_SESSION[$key];

  584.             unset($_SESSION[$key]);

  585. 

  586.             return $value;

  587.         } else {

  588.             return null;

  589.         }

  590.     }

  591. 

  592.     /**

  593.      * Removes all session variables

  594.      */

  595.     public function removeAll()

  596.     {

  597.         $this->open();

  598.         foreach (array_keys($_SESSION) as $key) {

  599.             unset($_SESSION[$key]);

  600.         }

  601.     }

  602. 

  603.     /**

  604.      * @param mixed $key session variable name

  605.      * @return boolean whether there is the named session variable

  606.      */

  607.     public function has($key)

  608.     {

  609.         $this->open();

  610.         return isset($_SESSION[$key]);

  611.     }

  612. 

  613.     /**

  614.      * Updates the counters for flash messages and removes outdated flash messages.

  615.      * This method should only be called once in [[init()]].

  616.      */

  617.     protected function updateFlashCounters()

  618.     {

  619.         $counters = $this->get($this->flashParam, []);

  620.         if (is_array($counters)) {

  621.             foreach ($counters as $key => $count) {

  622.                 if ($count > 0) {

  623.                     unset($counters[$key], $_SESSION[$key]);

  624.                 } elseif ($count == 0) {

  625.                     $counters[$key]++;

  626.                 }

  627.             }

  628.             $_SESSION[$this->flashParam] = $counters;

  629.         } else {

  630.             // fix the unexpected problem that flashParam doesn't return an array

  631.             unset($_SESSION[$this->flashParam]);

  632.         }

  633.     }

  634. 

  635.     /**

  636.      * Returns a flash message.

  637.      * @param string $key the key identifying the flash message

  638.      * @param mixed $defaultValue value to be returned if the flash message does not exist.

  639.      * @param boolean $delete whether to delete this flash message right after this method is called.

  640.      * If false, the flash message will be automatically deleted in the next request.

  641.      * @return mixed the flash message or an array of messages if addFlash was used

  642.      * @see setFlash()

  643.      * @see addFlash()

  644.      * @see hasFlash()

  645.      * @see getAllFlashes()

  646.      * @see removeFlash()

  647.      */

  648.     public function getFlash($key, $defaultValue = null, $delete = false)

  649.     {

  650.         $counters = $this->get($this->flashParam, []);

  651.         if (isset($counters[$key])) {

  652.             $value = $this->get($key, $defaultValue);

  653.             if ($delete) {

  654.                 $this->removeFlash($key);

  655.             } elseif ($counters[$key] < 0) {

  656.                 // mark for deletion in the next request

  657.                 $counters[$key] = 1;

  658.                 $_SESSION[$this->flashParam] = $counters;

  659.             }

  660. 

  661.             return $value;

  662.         } else {

  663.             return $defaultValue;

  664.         }

  665.     }

  666. 

  667.     /**

  668.      * Returns all flash messages.

  669.      *

  670.      * You may use this method to display all the flash messages in a view file:

  671.      *

  672.      * ```php

  673.      * <?php

  674.      * foreach(Yii::$app->session->getAllFlashes() as $key => $message) {

  675.      *     echo '<div class="alert alert-' . $key . '">' . $message . '</div>';

  676.      * } ?>

  677.      * ```

  678.      *

  679.      * With the above code you can use the [bootstrap alert][] classes such as `success`, `info`, `danger`

  680.      * as the flash message key to influence the color of the div.

  681.      * 

  682.      * Note that if you use [[addFlash()]], `$message` will be an array, and you will have to adjust the above code.

  683.      *

  684.      * [bootstrap alert]: http://getbootstrap.com/components/#alerts

  685.      *

  686.      * @param boolean $delete whether to delete the flash messages right after this method is called.

  687.      * If false, the flash messages will be automatically deleted in the next request.

  688.      * @return array flash messages (key => message or key => [message1, message2]).

  689.      * @see setFlash()

  690.      * @see addFlash()

  691.      * @see getFlash()

  692.      * @see hasFlash()

  693.      * @see removeFlash()

  694.      */

  695.     public function getAllFlashes($delete = false)

  696.     {

  697.         $counters = $this->get($this->flashParam, []);

  698.         $flashes = [];

  699.         foreach (array_keys($counters) as $key) {

  700.             if (array_key_exists($key, $_SESSION)) {

  701.                 $flashes[$key] = $_SESSION[$key];

  702.                 if ($delete) {

  703.                     unset($counters[$key], $_SESSION[$key]);

  704.                 } elseif ($counters[$key] < 0) {

  705.                     // mark for deletion in the next request

  706.                     $counters[$key] = 1;

  707.                 }

  708.             } else {

  709.                 unset($counters[$key]);

  710.             }

  711.         }

  712. 

  713.         $_SESSION[$this->flashParam] = $counters;

  714. 

  715.         return $flashes;

  716.     }

  717. 

  718.     /**

  719.      * Sets a flash message.

  720.      * A flash message will be automatically deleted after it is accessed in a request and the deletion will happen

  721.      * in the next request.

  722.      * If there is already an existing flash message with the same key, it will be overwritten by the new one.

  723.      * @param string $key the key identifying the flash message. Note that flash messages

  724.      * and normal session variables share the same name space. If you have a normal

  725.      * session variable using the same name, its value will be overwritten by this method.

  726.      * @param mixed $value flash message

  727.      * @param boolean $removeAfterAccess whether the flash message should be automatically removed only if

  728.      * it is accessed. If false, the flash message will be automatically removed after the next request,

  729.      * regardless if it is accessed or not. If true (default value), the flash message will remain until after

  730.      * it is accessed.

  731.      * @see getFlash()

  732.      * @see addFlash()

  733.      * @see removeFlash()

  734.      */

  735.     public function setFlash($key, $value = true, $removeAfterAccess = true)

  736.     {

  737.         $counters = $this->get($this->flashParam, []);

  738.         $counters[$key] = $removeAfterAccess ? -1 : 0;

  739.         $_SESSION[$key] = $value;

  740.         $_SESSION[$this->flashParam] = $counters;

  741.     }

  742. 

  743.     /**

  744.      * Adds a flash message.

  745.      * If there are existing flash messages with the same key, the new one will be appended to the existing message array.

  746.      * @param string $key the key identifying the flash message.

  747.      * @param mixed $value flash message

  748.      * @param boolean $removeAfterAccess whether the flash message should be automatically removed only if

  749.      * it is accessed. If false, the flash message will be automatically removed after the next request,

  750.      * regardless if it is accessed or not. If true (default value), the flash message will remain until after

  751.      * it is accessed.

  752.      * @see getFlash()

  753.      * @see setFlash()

  754.      * @see removeFlash()

  755.      */

  756.     public function addFlash($key, $value = true, $removeAfterAccess = true)

  757.     {

  758.         $counters = $this->get($this->flashParam, []);

  759.         $counters[$key] = $removeAfterAccess ? -1 : 0;

  760.         $_SESSION[$this->flashParam] = $counters;

  761.         if (empty($_SESSION[$key])) {

  762.             $_SESSION[$key] = [$value];

  763.         } else {

  764.             if (is_array($_SESSION[$key])) {

  765.                 $_SESSION[$key][] = $value;

  766.             } else {

  767.                 $_SESSION[$key] = [$_SESSION[$key], $value];

  768.             }

  769.         }

  770.     }

  771. 

  772.     /**

  773.      * Removes a flash message.

  774.      * @param string $key the key identifying the flash message. Note that flash messages

  775.      * and normal session variables share the same name space.  If you have a normal

  776.      * session variable using the same name, it will be removed by this method.

  777.      * @return mixed the removed flash message. Null if the flash message does not exist.

  778.      * @see getFlash()

  779.      * @see setFlash()

  780.      * @see addFlash()

  781.      * @see removeAllFlashes()

  782.      */

  783.     public function removeFlash($key)

  784.     {

  785.         $counters = $this->get($this->flashParam, []);

  786.         $value = isset($_SESSION[$key], $counters[$key]) ? $_SESSION[$key] : null;

  787.         unset($counters[$key], $_SESSION[$key]);

  788.         $_SESSION[$this->flashParam] = $counters;

  789. 

  790.         return $value;

  791.     }

  792. 

  793.     /**

  794.      * Removes all flash messages.

  795.      * Note that flash messages and normal session variables share the same name space.

  796.      * If you have a normal session variable using the same name, it will be removed

  797.      * by this method.

  798.      * @see getFlash()

  799.      * @see setFlash()

  800.      * @see addFlash()

  801.      * @see removeFlash()

  802.      */

  803.     public function removeAllFlashes()

  804.     {

  805.         $counters = $this->get($this->flashParam, []);

  806.         foreach (array_keys($counters) as $key) {

  807.             unset($_SESSION[$key]);

  808.         }

  809.         unset($_SESSION[$this->flashParam]);

  810.     }

  811. 

  812.     /**

  813.      * Returns a value indicating whether there are flash messages associated with the specified key.

  814.      * @param string $key key identifying the flash message type

  815.      * @return boolean whether any flash messages exist under specified key

  816.      */

  817.     public function hasFlash($key)

  818.     {

  819.         return $this->getFlash($key) !== null;

  820.     }

  821. 

  822.     /**

  823.      * This method is required by the interface ArrayAccess.

  824.      * @param mixed $offset the offset to check on

  825.      * @return boolean

  826.      */

  827.     public function offsetExists($offset)

  828.     {

  829.         $this->open();

  830. 

  831.         return isset($_SESSION[$offset]);

  832.     }

  833. 

  834.     /**

  835.      * This method is required by the interface ArrayAccess.

  836.      * @param integer $offset the offset to retrieve element.

  837.      * @return mixed the element at the offset, null if no element is found at the offset

  838.      */

  839.     public function offsetGet($offset)

  840.     {

  841.         $this->open();

  842. 

  843.         return isset($_SESSION[$offset]) ? $_SESSION[$offset] : null;

  844.     }

  845. 

  846.     /**

  847.      * This method is required by the interface ArrayAccess.

  848.      * @param integer $offset the offset to set element

  849.      * @param mixed $item the element value

  850.      */

  851.     public function offsetSet($offset, $item)

  852.     {

  853.         $this->open();

  854.         $_SESSION[$offset] = $item;

  855.     }

  856. 

  857.     /**

  858.      * This method is required by the interface ArrayAccess.

  859.      * @param mixed $offset the offset to unset element

  860.      */

  861.     public function offsetUnset($offset)

  862.     {

  863.         $this->open();

  864.         unset($_SESSION[$offset]);

  865.     }

  866. }