2016-02-12 21:48:16 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace manager;
|
|
|
|
|
|
|
|
|
|
|
|
class sessionManager{
|
|
|
|
|
|
|
|
private static $prefix;
|
|
|
|
|
|
|
|
|
|
|
|
/*************************/
|
|
|
|
/* SECURE SHA1 ALGORITHM */
|
|
|
|
/*************************/
|
2016-02-12 22:22:14 +00:00
|
|
|
public static function secure_sha1($data){
|
2016-02-12 21:48:16 +00:00
|
|
|
return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') );
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*****************************/
|
|
|
|
/* INITIALISATION DE SESSION */
|
|
|
|
/*****************************/
|
|
|
|
private static function reset_session($session_id=null){
|
|
|
|
// On ferme la session
|
|
|
|
session_destroy();
|
|
|
|
|
|
|
|
// On definit l'id session si donne en argument
|
|
|
|
if( $session_id != null )
|
|
|
|
session_id( $session_id );
|
2016-07-02 15:10:41 +00:00
|
|
|
|
2016-02-12 21:48:16 +00:00
|
|
|
// Precaution: on met a jour le cookie
|
|
|
|
setcookie('PHPSESSID', session_id(), time()+60*30 );
|
|
|
|
|
|
|
|
// On redemarre la session avec le bon id session
|
|
|
|
\session_start();
|
|
|
|
|
|
|
|
// On met a jour le token
|
|
|
|
self::update_token();
|
|
|
|
|
|
|
|
|
|
|
|
header('Refresh: 0');
|
|
|
|
}
|
|
|
|
|
|
|
|
/*******************/
|
|
|
|
/* GENERE UN TOKEN */
|
|
|
|
/*******************/
|
|
|
|
private static function update_token(){
|
|
|
|
$token = self::$prefix.self::secure_sha1(uniqid());
|
2016-07-02 15:10:41 +00:00
|
|
|
|
2016-02-12 21:48:16 +00:00
|
|
|
// On definit le token en session
|
|
|
|
$_SESSION['session_token'] = $token;
|
|
|
|
|
|
|
|
// On definit le token en cookie
|
|
|
|
$_COOKIE['session_token'] = $_SESSION['session_token'];
|
|
|
|
setcookie('session_token', $_COOKIE['session_token'], time()+60*30 );
|
|
|
|
}
|
2016-07-02 15:10:41 +00:00
|
|
|
|
2016-02-12 21:48:16 +00:00
|
|
|
/************/
|
|
|
|
/* AMORCEUR */
|
|
|
|
/************/
|
|
|
|
public static function session_start(){
|
2016-07-02 15:10:41 +00:00
|
|
|
|
|
|
|
// \session_start();
|
|
|
|
// return;
|
|
|
|
|
|
|
|
|
|
|
|
|
2016-02-12 21:48:16 +00:00
|
|
|
/* [1] Génération et Gestion des donnees a utiliser
|
|
|
|
==============================================================*/
|
|
|
|
// On genere le hash a partir des donnees personnelles
|
|
|
|
self::$prefix = self::secure_sha1( $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'] );
|
|
|
|
|
|
|
|
// On cree un id session associe a ces donnees personnelles
|
|
|
|
$sessid = substr(self::$prefix,0,5) . substr(self::secure_sha1(uniqid()),0,24);
|
|
|
|
|
|
|
|
// On genere un token pour l'execution suivante
|
|
|
|
$token = self::$prefix.self::secure_sha1(uniqid());
|
|
|
|
|
|
|
|
// On definit/recupere le token
|
|
|
|
$session_token = (isset($_COOKIE['session_token'])) ? $_COOKIE['session_token'] : null;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* [2] Verification de l'id session
|
|
|
|
==============================================================*/
|
|
|
|
\session_start();
|
|
|
|
|
|
|
|
// On verifie l'id session (5 premiers chars du hash des donnees perso)
|
2016-07-02 15:10:41 +00:00
|
|
|
$valid_sessid = strpos( session_id(), substr(self::$prefix,0,5) ) === 0;
|
2016-02-12 21:48:16 +00:00
|
|
|
|
2016-07-02 15:10:41 +00:00
|
|
|
// Si id session incorrect ou pas de token
|
2016-02-12 21:48:16 +00:00
|
|
|
if( !$valid_sessid )
|
|
|
|
self::reset_session( $sessid ); // On initialise la session (bon id session)
|
2016-07-02 15:10:41 +00:00
|
|
|
|
2016-02-12 21:48:16 +00:00
|
|
|
|
|
|
|
// si id session invalide
|
2016-07-02 15:10:41 +00:00
|
|
|
|
|
|
|
|
2016-02-12 21:48:16 +00:00
|
|
|
/* [3] Verification du token
|
|
|
|
==============================================================*/
|
|
|
|
// On verifie que le token est valide
|
|
|
|
$valid_token = $session_token != null; // verification de l'existence du cookie
|
|
|
|
$valid_token = $valid_token && strpos($session_token, self::$prefix) === 0; // verification des donnes personnelles
|
2016-02-12 22:22:14 +00:00
|
|
|
$valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe
|
2016-02-12 21:48:16 +00:00
|
|
|
$valid_token = $valid_token && $_SESSION['session_token'] == $_COOKIE['session_token']; // verification que la session est coherente
|
|
|
|
|
|
|
|
/* [4] Si token inexistant
|
|
|
|
==============================================================*/
|
|
|
|
if( !$valid_token )
|
|
|
|
self::reset_session($sessid); // On initialise la session
|
|
|
|
else
|
|
|
|
self::update_token(); // Dans tous les cas, on cree un nouveau token
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
?>
|