From e826ea283ab857466a7a577374afce05591cb05f Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Sat, 10 Dec 2016 13:41:57 +0100
Subject: [PATCH] added session:1.0

---
 exporter/packages.json                        |   6 +-
 .../session/1.0/core/sessionHandler.php       | 209 ++++++++++++++++++
 2 files changed, 214 insertions(+), 1 deletion(-)
 create mode 100644 src/packages/session/1.0/core/sessionHandler.php

diff --git a/exporter/packages.json b/exporter/packages.json
index b847df8..651d1b0 100755
--- a/exporter/packages.json
+++ b/exporter/packages.json
@@ -1,5 +1,8 @@
 {
     "available": {
+        "session": {
+            "1.0": []
+        },
         "error": {
             "1.0": [],
             "2.0": []
@@ -65,6 +68,7 @@
         "http": "1.0",
         "orm": "0.8.2",
         "database": "2.0",
-        "router": "2.0"
+        "router": "2.0",
+        "session": "1.0"
     }
 }
\ No newline at end of file
diff --git a/src/packages/session/1.0/core/sessionHandler.php b/src/packages/session/1.0/core/sessionHandler.php
new file mode 100644
index 0000000..ae7dc9e
--- /dev/null
+++ b/src/packages/session/1.0/core/sessionHandler.php
@@ -0,0 +1,209 @@
+<?php
+
+	namespace session\core;
+
+
+	class sessionHandler{
+
+
+		/*************************/
+		/* SECURE SHA1 ALGORITHM */
+		/*************************/
+		public static function secure_hash($data, $salt='">\[..|{@#))', $depth=1){
+			/* (1) On hash @depth fois
+			---------------------------------------------------------*/
+			$hash = $data;
+			$c = 0;
+
+			for( $h = 0 ; $h < $depth ; $h++ ){
+				$hash = hash('sha256', $salt.hash('sha256', $hash.'_)Q@#((%*_$%(@#') );
+				$c++;
+			}
+
+
+			/* (2) On renvoie le résultat
+			---------------------------------------------------------*/
+			return $hash;
+		}
+
+
+		/*************************/
+		/* GO TO ANOTHER SESSION */
+		/*************************/
+		private static function change_session($new_sessid){
+			/* (1) Close current session */
+			\session_commit();
+
+			/* (2) Set new session id */
+			\session_id($new_sessid);
+
+			/* (3) Start new session */
+			\session_start();
+		}
+
+
+		/*****************************/
+		/* INITIALISATION DE SESSION */
+		/*****************************/
+		private static function reset_session($incorrect=false){
+
+			/* (1) Si mauvais client
+			---------------------------------------------------------*/
+			if( $incorrect ){
+
+				// var_dump("[incorrect] sessid = ".session_id());
+
+				/* (1) on met le client sur une autre session (sans supprimer la session)*/
+				\session_regenerate_id(false);
+
+				/* (2) On supprime les données */
+				\session_unset();
+
+			/* (2)  Si client correct + session parent
+			---------------------------------------------------------*/
+			}elseif( !isset($_SESSION['__SESSION_MANAGER__']['PARENT']) ){
+
+				/* (1) La session actuelle devient un enfant -> child */
+				$child_sessid = session_id();
+
+				/* (2) On supprime tout ses sous-enfants */
+
+					// {2.1} On ferme la session actuelle //
+					\session_commit();
+
+					// {2.2} On supprime chaque sous-enfant //
+					foreach($_SESSION['__SESSION_MANAGER__']['CHILDREN'] as $subchild){
+						\session_id($subchild); // on choisi l'enfant
+						\session_start();    // on ouvre la session
+						\session_unset();    // on supprime les donnees
+						\session_destroy();  // on supprime la session
+					}
+
+					// {2.3} On revient sur la session actuelle //
+					\session_id($child_sessid);
+					\session_start();
+
+
+				/* (3) On regenere l'id session sans désactiver l'ancien */
+				\session_regenerate_id(false);
+
+				/* (4) La nouvelle session devient le parent -> parent */
+				$parent_sessid = session_id();
+
+				/* (5) On retourne sur l'enfant pour enregistrer le parent */
+				self::change_session($child_sessid);
+				$_SESSION['__SESSION_MANAGER__']['PARENT'] = $parent_sessid;
+				\session_name('child');
+
+				/* (6) On retourne sur le parent pour ajouter l'enfant*/
+				self::change_session($parent_sessid);
+				$_SESSION['__SESSION_MANAGER__']['CHILDREN'][] = $child_sessid;
+				\session_name('parent');
+
+				// var_dump("[parent] child: $child_sessid ; parent = $parent_sessid");
+
+
+			/* (3) Si client correct + session enfant
+			---------------------------------------------------------*/
+			}else{
+
+				/* (1) On récupère l'id de session parent */
+				$parent_sessid = $_SESSION['__SESSION_MANAGER__']['PARENT'];
+				// var_dump("[child] child: ".session_id()." ; parent = $parent_sessid");
+
+				/* (2) On supprime la session enfant */
+				\session_unset();
+				\session_destroy();
+
+				/* (3) On redirige sur le parent */
+				\session_id($parent_sessid);
+				\session_start();
+
+				\session_name('child');
+			}
+
+			/* (4) On met à jour les données de vérification
+			---------------------------------------------------------*/
+			$_SESSION['__SESSION_MANAGER__'] = [
+				'ID'       => isset($_SESSION['__SESSION_MANAGER__']['ID']) ? $_SESSION['__SESSION_MANAGER__']['ID'] : self::secure_hash(uniqid()),
+				'RA'       => $_SERVER['REMOTE_ADDR'],
+				'HUA'      => $_SERVER['HTTP_USER_AGENT'],
+				'CHILDREN' => []
+			];
+
+			/* (5) Precaution: on met a jour le cookie
+			---------------------------------------------------------*/
+			$_COOKIE['PHPSESSID'] = session_id();
+			\setcookie('PHPSESSID', session_id(), time()+60*30, '/', $_SERVER['SERVER_NAME'], false, true);
+
+		}
+
+
+		/************/
+		/* AMORCEUR */
+		/************/
+		public static function session_start($sessid=null){
+
+			/* [1] Génération et Gestion des donnees a utiliser
+			==============================================================*/
+			// On genere un token pour l'execution suivante
+			$token = self::secure_hash(uniqid());
+
+			// On definit/recupere le token
+			$session_token = (isset($_COOKIE['session_token']))  ? $_COOKIE['session_token']  : null;
+
+
+
+			/* [2] Verification de l'id session
+			==============================================================*/
+			/* (1) Set cookie defaults for session */
+			\session_set_cookie_params(60*20, '/', $_SERVER['SERVER_NAME'], isset($_SERVER['HTTPS']), true);
+
+			!is_null($sessid) && \session_id($sessid);
+
+			/* (2) Start session */
+			\session_start();
+
+
+			// var_dump('start: '.session_id());
+			echo "\n";
+
+			// Si ip + user-agent incorrect -> on change de session
+			// Si ip + user-agent correct   -> on regenere l'id
+			self::reset_session( self::checkClient() < 0 );
+
+
+			echo "\n";
+			// var_dump('end: '.session_id());
+		}
+
+
+		/****************************/
+		/* CHECK CLIENT CREDENTIALS */
+		/****************************/
+		private static function checkClient(){
+			/* (1) Check if check values are given */
+			if( !isset($_SESSION['__SESSION_MANAGER__']) || !is_array($_SESSION['__SESSION_MANAGER__']) )
+				return -2; // no value
+
+			/* (2) Check if each value is given */
+			if( !isset($_SESSION['__SESSION_MANAGER__']['RA']) || !isset($_SESSION['__SESSION_MANAGER__']['HUA']) )
+				return -2; // no value
+
+			/* (3) Check if client IP is correct */
+			if( $_SESSION['__SESSION_MANAGER__']['RA'] !== $_SERVER['REMOTE_ADDR'] )
+				return -1; // not correct
+
+			/* (4) Check if user-agent is correct */
+			if( $_SESSION['__SESSION_MANAGER__']['HUA'] !== $_SERVER['HTTP_USER_AGENT'] )
+				return -1;
+
+
+			/* (5) If all is right */
+			return 0;
+		}
+
+	}
+
+
+?>