- [x] [sessionManager] Import de sessionManager
This commit is contained in:
parent
cdac865293
commit
683af1ebbf
|
@ -9,6 +9,12 @@
|
||||||
"machineDefault" :[
|
"machineDefault" :[
|
||||||
"create",
|
"create",
|
||||||
|
|
||||||
|
"getAll"
|
||||||
|
],
|
||||||
|
|
||||||
|
"groupDefault" :[
|
||||||
|
"create",
|
||||||
|
|
||||||
"getAll"
|
"getAll"
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace manager\module;
|
||||||
|
|
||||||
|
class groupDefault{
|
||||||
|
|
||||||
|
|
||||||
|
public static function getAll(){
|
||||||
|
return array(
|
||||||
|
'groups' => \manager\Database::delNumeric( \manager\Database::getPDO()->query("SELECT * FROM group ORDER BY id_group")->fetchAll() )
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
?>
|
|
@ -35,6 +35,17 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public static function create($code, $username, $firstname, $lastname, $mail, $password, $status){
|
public static function create($code, $username, $firstname, $lastname, $mail, $password, $status){
|
||||||
|
/* [1] Normalisation + verification des donnees
|
||||||
|
=========================================================*/
|
||||||
|
$password_hash = sha1($password);
|
||||||
|
|
||||||
|
$correct_param = \manager\Database::check('user.code', $code);
|
||||||
|
$correct_param = $correct_param && \manager\Database::check('user.username', $username);
|
||||||
|
$correct_param = $correct_param && \manager\Database::check('user.firstname', $firstname);
|
||||||
|
$correct_param = $correct_param && \manager\Database::check('user.lastname', $lastname);
|
||||||
|
$correct_param = $correct_param && \manager\Database::check('user.mail', $mail);
|
||||||
|
$correct_param = $correct_param && \manager\Database::check('user.password', $password);
|
||||||
|
|
||||||
|
|
||||||
$request = new \manager\Repo('user/create', array($code, $username, $firstname, $lastname, $mail, $password, $status) );
|
$request = new \manager\Repo('user/create', array($code, $username, $firstname, $lastname, $mail, $password, $status) );
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,121 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace manager;
|
||||||
|
|
||||||
|
|
||||||
|
class sessionManager{
|
||||||
|
|
||||||
|
private static $prefix;
|
||||||
|
|
||||||
|
|
||||||
|
/*************************/
|
||||||
|
/* SECURE SHA1 ALGORITHM */
|
||||||
|
/*************************/
|
||||||
|
private static function secure_sha1($data){
|
||||||
|
return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') );
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*****************************/
|
||||||
|
/* INITIALISATION DE SESSION */
|
||||||
|
/*****************************/
|
||||||
|
private static function reset_session($session_id=null){
|
||||||
|
// On ferme la session
|
||||||
|
session_destroy();
|
||||||
|
|
||||||
|
// On definit l'id session si donne en argument
|
||||||
|
if( $session_id != null )
|
||||||
|
session_id( $session_id );
|
||||||
|
|
||||||
|
// Precaution: on met a jour le cookie
|
||||||
|
setcookie('PHPSESSID', session_id(), time()+60*30 );
|
||||||
|
|
||||||
|
// On redemarre la session avec le bon id session
|
||||||
|
\session_start();
|
||||||
|
|
||||||
|
// On met a jour le token
|
||||||
|
self::update_token();
|
||||||
|
|
||||||
|
|
||||||
|
header('Refresh: 0');
|
||||||
|
}
|
||||||
|
|
||||||
|
/*******************/
|
||||||
|
/* GENERE UN TOKEN */
|
||||||
|
/*******************/
|
||||||
|
private static function update_token(){
|
||||||
|
$token = self::$prefix.self::secure_sha1(uniqid());
|
||||||
|
|
||||||
|
// On definit le token en session
|
||||||
|
$_SESSION['session_token'] = $token;
|
||||||
|
|
||||||
|
// On definit le token en cookie
|
||||||
|
$_COOKIE['session_token'] = $_SESSION['session_token'];
|
||||||
|
setcookie('session_token', $_COOKIE['session_token'], time()+60*30 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/************/
|
||||||
|
/* AMORCEUR */
|
||||||
|
/************/
|
||||||
|
public static function session_start(){
|
||||||
|
/* [1] Génération et Gestion des donnees a utiliser
|
||||||
|
==============================================================*/
|
||||||
|
// On genere le hash a partir des donnees personnelles
|
||||||
|
self::$prefix = self::secure_sha1( $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'] );
|
||||||
|
|
||||||
|
// On cree un id session associe a ces donnees personnelles
|
||||||
|
$sessid = substr(self::$prefix,0,5) . substr(self::secure_sha1(uniqid()),0,24);
|
||||||
|
|
||||||
|
// On genere un token pour l'execution suivante
|
||||||
|
$token = self::$prefix.self::secure_sha1(uniqid());
|
||||||
|
|
||||||
|
// On definit/recupere le token
|
||||||
|
$session_token = (isset($_COOKIE['session_token'])) ? $_COOKIE['session_token'] : null;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* [2] Verification de l'id session
|
||||||
|
==============================================================*/
|
||||||
|
\session_start();
|
||||||
|
|
||||||
|
// On verifie l'id session (5 premiers chars du hash des donnees perso)
|
||||||
|
$valid_sessid = strpos( session_id(), substr(self::$prefix,0,5) ) === 0;
|
||||||
|
|
||||||
|
// Si id session incorrect ou pas de token
|
||||||
|
if( !$valid_sessid )
|
||||||
|
self::reset_session( $sessid ); // On initialise la session (bon id session)
|
||||||
|
|
||||||
|
|
||||||
|
// si id session invalide
|
||||||
|
|
||||||
|
|
||||||
|
/* [3] Verification du token
|
||||||
|
==============================================================*/
|
||||||
|
// On verifie que le token est valide
|
||||||
|
$valid_token = $session_token != null; // verification de l'existence du cookie
|
||||||
|
$valid_token = $valid_token && strpos($session_token, self::$prefix) === 0; // verification des donnes personnelles
|
||||||
|
$valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe
|
||||||
|
$valid_token = $valid_token && $_SESSION['session_token'] == $_COOKIE['session_token']; // verification que la session est coherente
|
||||||
|
|
||||||
|
/* [4] Si token inexistant
|
||||||
|
==============================================================*/
|
||||||
|
if( !$valid_token )
|
||||||
|
self::reset_session($sessid); // On initialise la session
|
||||||
|
else
|
||||||
|
self::update_token(); // Dans tous les cas, on cree un nouveau token
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
// Override du namespace
|
||||||
|
function session_start(){
|
||||||
|
sessionManager::session_start();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
?>
|
1
todo.md
1
todo.md
|
@ -39,6 +39,7 @@
|
||||||
########
|
########
|
||||||
# FAIT #
|
# FAIT #
|
||||||
########
|
########
|
||||||
|
- [x] [sessionManager] Import de sessionManager
|
||||||
- [x] [phpunit/tests/Database_*] Tests unitaire de delNumeric()
|
- [x] [phpunit/tests/Database_*] Tests unitaire de delNumeric()
|
||||||
- [x] [Database] Mise a jour des methodes de Database
|
- [x] [Database] Mise a jour des methodes de Database
|
||||||
- [x] [Database::construct] Gestion du singleton et de la config
|
- [x] [Database::construct] Gestion du singleton et de la config
|
||||||
|
|
Loading…
Reference in New Issue