- [x] [sessionManager] Import de sessionManager
This commit is contained in:
xdrm-brackets
parent
cdac865293
commit
683af1ebbf
|
|
@ -9,6 +9,12 @@
|
|||
"machineDefault" :[
|
||||
"create",
|
||||
|
||||
"getAll"
|
||||
],
|
||||
|
||||
"groupDefault" :[
|
||||
"create",
|
||||
|
||||
"getAll"
|
||||
]
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
<?php
|
||||
|
||||
namespace manager\module;
|
||||
|
||||
class groupDefault{
|
||||
|
||||
|
||||
public static function getAll(){
|
||||
return array(
|
||||
'groups' => \manager\Database::delNumeric( \manager\Database::getPDO()->query("SELECT * FROM group ORDER BY id_group")->fetchAll() )
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
|
|
@ -35,6 +35,17 @@
|
|||
*
|
||||
*/
|
||||
public static function create($code, $username, $firstname, $lastname, $mail, $password, $status){
|
||||
/* [1] Normalisation + verification des donnees
|
||||
=========================================================*/
|
||||
$password_hash = sha1($password);
|
||||
|
||||
$correct_param = \manager\Database::check('user.code', $code);
|
||||
$correct_param = $correct_param && \manager\Database::check('user.username', $username);
|
||||
$correct_param = $correct_param && \manager\Database::check('user.firstname', $firstname);
|
||||
$correct_param = $correct_param && \manager\Database::check('user.lastname', $lastname);
|
||||
$correct_param = $correct_param && \manager\Database::check('user.mail', $mail);
|
||||
$correct_param = $correct_param && \manager\Database::check('user.password', $password);
|
||||
|
||||
|
||||
$request = new \manager\Repo('user/create', array($code, $username, $firstname, $lastname, $mail, $password, $status) );
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,121 @@
|
|||
<?php
|
||||
|
||||
namespace manager;
|
||||
|
||||
|
||||
class sessionManager{
|
||||
|
||||
private static $prefix;
|
||||
|
||||
|
||||
/*************************/
|
||||
/* SECURE SHA1 ALGORITHM */
|
||||
/*************************/
|
||||
private static function secure_sha1($data){
|
||||
return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') );
|
||||
}
|
||||
|
||||
|
||||
/*****************************/
|
||||
/* INITIALISATION DE SESSION */
|
||||
/*****************************/
|
||||
private static function reset_session($session_id=null){
|
||||
// On ferme la session
|
||||
session_destroy();
|
||||
|
||||
// On definit l'id session si donne en argument
|
||||
if( $session_id != null )
|
||||
session_id( $session_id );
|
||||
|
||||
// Precaution: on met a jour le cookie
|
||||
setcookie('PHPSESSID', session_id(), time()+60*30 );
|
||||
|
||||
// On redemarre la session avec le bon id session
|
||||
\session_start();
|
||||
|
||||
// On met a jour le token
|
||||
self::update_token();
|
||||
|
||||
|
||||
header('Refresh: 0');
|
||||
}
|
||||
|
||||
/*******************/
|
||||
/* GENERE UN TOKEN */
|
||||
/*******************/
|
||||
private static function update_token(){
|
||||
$token = self::$prefix.self::secure_sha1(uniqid());
|
||||
|
||||
// On definit le token en session
|
||||
$_SESSION['session_token'] = $token;
|
||||
|
||||
// On definit le token en cookie
|
||||
$_COOKIE['session_token'] = $_SESSION['session_token'];
|
||||
setcookie('session_token', $_COOKIE['session_token'], time()+60*30 );
|
||||
}
|
||||
|
||||
/************/
|
||||
/* AMORCEUR */
|
||||
/************/
|
||||
public static function session_start(){
|
||||
/* [1] Génération et Gestion des donnees a utiliser
|
||||
==============================================================*/
|
||||
// On genere le hash a partir des donnees personnelles
|
||||
self::$prefix = self::secure_sha1( $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'] );
|
||||
|
||||
// On cree un id session associe a ces donnees personnelles
|
||||
$sessid = substr(self::$prefix,0,5) . substr(self::secure_sha1(uniqid()),0,24);
|
||||
|
||||
// On genere un token pour l'execution suivante
|
||||
$token = self::$prefix.self::secure_sha1(uniqid());
|
||||
|
||||
// On definit/recupere le token
|
||||
$session_token = (isset($_COOKIE['session_token'])) ? $_COOKIE['session_token'] : null;
|
||||
|
||||
|
||||
|
||||
/* [2] Verification de l'id session
|
||||
==============================================================*/
|
||||
\session_start();
|
||||
|
||||
// On verifie l'id session (5 premiers chars du hash des donnees perso)
|
||||
$valid_sessid = strpos( session_id(), substr(self::$prefix,0,5) ) === 0;
|
||||
|
||||
// Si id session incorrect ou pas de token
|
||||
if( !$valid_sessid )
|
||||
self::reset_session( $sessid ); // On initialise la session (bon id session)
|
||||
|
||||
|
||||
// si id session invalide
|
||||
|
||||
|
||||
/* [3] Verification du token
|
||||
==============================================================*/
|
||||
// On verifie que le token est valide
|
||||
$valid_token = $session_token != null; // verification de l'existence du cookie
|
||||
$valid_token = $valid_token && strpos($session_token, self::$prefix) === 0; // verification des donnes personnelles
|
||||
$valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe
|
||||
$valid_token = $valid_token && $_SESSION['session_token'] == $_COOKIE['session_token']; // verification que la session est coherente
|
||||
|
||||
/* [4] Si token inexistant
|
||||
==============================================================*/
|
||||
if( !$valid_token )
|
||||
self::reset_session($sessid); // On initialise la session
|
||||
else
|
||||
self::update_token(); // Dans tous les cas, on cree un nouveau token
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Override du namespace
|
||||
function session_start(){
|
||||
sessionManager::session_start();
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
Loading…
Reference in New Issue