Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
0.00% |
0 / 1 |
|
25.00% |
1 / 4 |
CRAP | |
6.25% |
1 / 16 |
| sessionManager | |
0.00% |
0 / 1 |
|
25.00% |
1 / 4 |
110.70 | |
6.25% |
1 / 16 |
| sha1 | |
100.00% |
1 / 1 |
1 | |
100.00% |
1 / 1 |
|||
| reset_session | |
0.00% |
0 / 1 |
6 | |
0.00% |
0 / 8 |
|||
| update_token | |
0.00% |
0 / 1 |
2 | |
0.00% |
0 / 5 |
|||
| session_start | |
0.00% |
0 / 1 |
56 | |
0.00% |
0 / 2 |
|||
| <?php | |
| namespace manager; | |
| class sessionManager{ | |
| private static $prefix; | |
| /*************************/ | |
| /* SECURE SHA1 ALGORITHM */ | |
| /*************************/ | |
| public static function sha1($data){ | |
| return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') ); | |
| } | |
| /*****************************/ | |
| /* INITIALISATION DE SESSION */ | |
| /*****************************/ | |
| private static function reset_session($session_id=null){ | |
| // On ferme la session | |
| session_destroy(); | |
| // On definit l'id session si donne en argument | |
| if( $session_id != null ) | |
| session_id( $session_id ); | |
| // Precaution: on met a jour le cookie | |
| setcookie( 'PHPSESSID', session_id(), time()+60*30, '/'); | |
| // On redemarre la session avec le bon id session | |
| \session_start(); | |
| // On met a jour le token | |
| self::update_token(); | |
| header('Refresh: 0'); | |
| } | |
| /*******************/ | |
| /* GENERE UN TOKEN */ | |
| /*******************/ | |
| private static function update_token(){ | |
| $token = self::$prefix.self::sha1(uniqid()); | |
| // On definit le token en session | |
| $_SESSION['session_token'] = $token; | |
| // On definit le token en cookie | |
| $_COOKIE['session_token'] = $_SESSION['session_token']; | |
| setcookie( 'session_token', $_COOKIE['session_token'], time()+60*30, '/'); | |
| } | |
| /************/ | |
| /* AMORCEUR */ | |
| /************/ | |
| public static function session_start(){ | |
| \session_start(); | |
| return; | |
| /* [1] Génération et Gestion des donnees a utiliser | |
| ==============================================================*/ | |
| // On genere le hash a partir des donnees personnelles | |
| self::$prefix = self::sha1( $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'] ); | |
| // On cree un id session associe aux donnees personnelles | |
| $sessid = substr(self::$prefix,0,5) . substr(self::sha1(uniqid()),0,24); | |
| // On genere un token pour l'execution suivante | |
| $token = self::$prefix.self::sha1(uniqid()); | |
| // On definit/recupere le token | |
| $session_token = (isset($_COOKIE['session_token'])) ? $_COOKIE['session_token'] : null; | |
| /* [2] Verification de l'id session | |
| ==============================================================*/ | |
| \session_start(); | |
| // On verifie l'id session (5 premiers chars du hash des donnees perso) | |
| $valid_sessid = strpos( session_id(), substr(self::$prefix,0,5) ) === 0; | |
| // Si id session incorrect ou pas de token | |
| if( !$valid_sessid ) | |
| self::reset_session( $sessid ); // On initialise la session (bon id session) | |
| /* [3] Verification du token | |
| ==============================================================*/ | |
| // On verifie que le token est valide | |
| $valid_token = $session_token != null; // verification de l'existence du cookie | |
| $valid_token = $valid_token && strpos($session_token, self::$prefix) === 0; // verification des donnes personnelles | |
| $valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe | |
| $valid_token = $valid_token && $_SESSION['session_token'] == $_COOKIE['session_token']; // verification que la session est coherente | |
| /* [4] Si token inexistant | |
| ==============================================================*/ | |
| if( !$valid_token ) | |
| self::reset_session($sessid); // On initialise la session | |
| else | |
| self::update_token(); // Dans tous les cas, on cree un nouveau token | |
| } | |
| } | |
| ?> |