From 24e52aa781272f95022df60dffc71d587b7d12ba Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Fri, 12 Feb 2016 22:48:16 +0100 Subject: [PATCH] - [x] [sessionManager] Import de sessionManager --- config/modules.json | 6 ++ manager/module/groupDefault.php | 21 ++++++ manager/module/userDefault.php | 11 +++ manager/sessionManager.php | 121 ++++++++++++++++++++++++++++++++ todo.md | 1 + 5 files changed, 160 insertions(+) create mode 100644 manager/module/groupDefault.php create mode 100644 manager/sessionManager.php diff --git a/config/modules.json b/config/modules.json index a98abea..236de25 100755 --- a/config/modules.json +++ b/config/modules.json @@ -9,6 +9,12 @@ "machineDefault" :[ "create", + "getAll" + ], + + "groupDefault" :[ + "create", + "getAll" ] diff --git a/manager/module/groupDefault.php b/manager/module/groupDefault.php new file mode 100644 index 0000000..0848492 --- /dev/null +++ b/manager/module/groupDefault.php @@ -0,0 +1,21 @@ + \manager\Database::delNumeric( \manager\Database::getPDO()->query("SELECT * FROM group ORDER BY id_group")->fetchAll() ) + ); + } + + + + + + } + + +?> \ No newline at end of file diff --git a/manager/module/userDefault.php b/manager/module/userDefault.php index a6079fe..1f68b29 100755 --- a/manager/module/userDefault.php +++ b/manager/module/userDefault.php @@ -35,6 +35,17 @@ * */ public static function create($code, $username, $firstname, $lastname, $mail, $password, $status){ + /* [1] Normalisation + verification des donnees + =========================================================*/ + $password_hash = sha1($password); + + $correct_param = \manager\Database::check('user.code', $code); + $correct_param = $correct_param && \manager\Database::check('user.username', $username); + $correct_param = $correct_param && \manager\Database::check('user.firstname', $firstname); + $correct_param = $correct_param && \manager\Database::check('user.lastname', $lastname); + $correct_param = $correct_param && \manager\Database::check('user.mail', $mail); + $correct_param = $correct_param && \manager\Database::check('user.password', $password); + $request = new \manager\Repo('user/create', array($code, $username, $firstname, $lastname, $mail, $password, $status) ); diff --git a/manager/sessionManager.php b/manager/sessionManager.php new file mode 100644 index 0000000..b622008 --- /dev/null +++ b/manager/sessionManager.php @@ -0,0 +1,121 @@ +\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') ); + } + + + /*****************************/ + /* INITIALISATION DE SESSION */ + /*****************************/ + private static function reset_session($session_id=null){ + // On ferme la session + session_destroy(); + + // On definit l'id session si donne en argument + if( $session_id != null ) + session_id( $session_id ); + + // Precaution: on met a jour le cookie + setcookie('PHPSESSID', session_id(), time()+60*30 ); + + // On redemarre la session avec le bon id session + \session_start(); + + // On met a jour le token + self::update_token(); + + + header('Refresh: 0'); + } + + /*******************/ + /* GENERE UN TOKEN */ + /*******************/ + private static function update_token(){ + $token = self::$prefix.self::secure_sha1(uniqid()); + + // On definit le token en session + $_SESSION['session_token'] = $token; + + // On definit le token en cookie + $_COOKIE['session_token'] = $_SESSION['session_token']; + setcookie('session_token', $_COOKIE['session_token'], time()+60*30 ); + } + + /************/ + /* AMORCEUR */ + /************/ + public static function session_start(){ + /* [1] Génération et Gestion des donnees a utiliser + ==============================================================*/ + // On genere le hash a partir des donnees personnelles + self::$prefix = self::secure_sha1( $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'] ); + + // On cree un id session associe a ces donnees personnelles + $sessid = substr(self::$prefix,0,5) . substr(self::secure_sha1(uniqid()),0,24); + + // On genere un token pour l'execution suivante + $token = self::$prefix.self::secure_sha1(uniqid()); + + // On definit/recupere le token + $session_token = (isset($_COOKIE['session_token'])) ? $_COOKIE['session_token'] : null; + + + + /* [2] Verification de l'id session + ==============================================================*/ + \session_start(); + + // On verifie l'id session (5 premiers chars du hash des donnees perso) + $valid_sessid = strpos( session_id(), substr(self::$prefix,0,5) ) === 0; + + // Si id session incorrect ou pas de token + if( !$valid_sessid ) + self::reset_session( $sessid ); // On initialise la session (bon id session) + + + // si id session invalide + + + /* [3] Verification du token + ==============================================================*/ + // On verifie que le token est valide + $valid_token = $session_token != null; // verification de l'existence du cookie + $valid_token = $valid_token && strpos($session_token, self::$prefix) === 0; // verification des donnes personnelles + $valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe + $valid_token = $valid_token && $_SESSION['session_token'] == $_COOKIE['session_token']; // verification que la session est coherente + + /* [4] Si token inexistant + ==============================================================*/ + if( !$valid_token ) + self::reset_session($sessid); // On initialise la session + else + self::update_token(); // Dans tous les cas, on cree un nouveau token + + + } + + + } + + + + // Override du namespace + function session_start(){ + sessionManager::session_start(); + } + + +?> diff --git a/todo.md b/todo.md index 1d4578c..1d84385 100755 --- a/todo.md +++ b/todo.md @@ -39,6 +39,7 @@ ######## # FAIT # ######## +- [x] [sessionManager] Import de sessionManager - [x] [phpunit/tests/Database_*] Tests unitaire de delNumeric() - [x] [Database] Mise a jour des methodes de Database - [x] [Database::construct] Gestion du singleton et de la config