added session:1.0
This commit is contained in:
parent
0e77b7ab4d
commit
e826ea283a
|
@ -1,5 +1,8 @@
|
|||
{
|
||||
"available": {
|
||||
"session": {
|
||||
"1.0": []
|
||||
},
|
||||
"error": {
|
||||
"1.0": [],
|
||||
"2.0": []
|
||||
|
@ -65,6 +68,7 @@
|
|||
"http": "1.0",
|
||||
"orm": "0.8.2",
|
||||
"database": "2.0",
|
||||
"router": "2.0"
|
||||
"router": "2.0",
|
||||
"session": "1.0"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,209 @@
|
|||
<?php
|
||||
|
||||
namespace session\core;
|
||||
|
||||
|
||||
class sessionHandler{
|
||||
|
||||
|
||||
/*************************/
|
||||
/* SECURE SHA1 ALGORITHM */
|
||||
/*************************/
|
||||
public static function secure_hash($data, $salt='">\[..|{@#))', $depth=1){
|
||||
/* (1) On hash @depth fois
|
||||
---------------------------------------------------------*/
|
||||
$hash = $data;
|
||||
$c = 0;
|
||||
|
||||
for( $h = 0 ; $h < $depth ; $h++ ){
|
||||
$hash = hash('sha256', $salt.hash('sha256', $hash.'_)Q@#((%*_$%(@#') );
|
||||
$c++;
|
||||
}
|
||||
|
||||
|
||||
/* (2) On renvoie le résultat
|
||||
---------------------------------------------------------*/
|
||||
return $hash;
|
||||
}
|
||||
|
||||
|
||||
/*************************/
|
||||
/* GO TO ANOTHER SESSION */
|
||||
/*************************/
|
||||
private static function change_session($new_sessid){
|
||||
/* (1) Close current session */
|
||||
\session_commit();
|
||||
|
||||
/* (2) Set new session id */
|
||||
\session_id($new_sessid);
|
||||
|
||||
/* (3) Start new session */
|
||||
\session_start();
|
||||
}
|
||||
|
||||
|
||||
/*****************************/
|
||||
/* INITIALISATION DE SESSION */
|
||||
/*****************************/
|
||||
private static function reset_session($incorrect=false){
|
||||
|
||||
/* (1) Si mauvais client
|
||||
---------------------------------------------------------*/
|
||||
if( $incorrect ){
|
||||
|
||||
// var_dump("[incorrect] sessid = ".session_id());
|
||||
|
||||
/* (1) on met le client sur une autre session (sans supprimer la session)*/
|
||||
\session_regenerate_id(false);
|
||||
|
||||
/* (2) On supprime les données */
|
||||
\session_unset();
|
||||
|
||||
/* (2) Si client correct + session parent
|
||||
---------------------------------------------------------*/
|
||||
}elseif( !isset($_SESSION['__SESSION_MANAGER__']['PARENT']) ){
|
||||
|
||||
/* (1) La session actuelle devient un enfant -> child */
|
||||
$child_sessid = session_id();
|
||||
|
||||
/* (2) On supprime tout ses sous-enfants */
|
||||
|
||||
// {2.1} On ferme la session actuelle //
|
||||
\session_commit();
|
||||
|
||||
// {2.2} On supprime chaque sous-enfant //
|
||||
foreach($_SESSION['__SESSION_MANAGER__']['CHILDREN'] as $subchild){
|
||||
\session_id($subchild); // on choisi l'enfant
|
||||
\session_start(); // on ouvre la session
|
||||
\session_unset(); // on supprime les donnees
|
||||
\session_destroy(); // on supprime la session
|
||||
}
|
||||
|
||||
// {2.3} On revient sur la session actuelle //
|
||||
\session_id($child_sessid);
|
||||
\session_start();
|
||||
|
||||
|
||||
/* (3) On regenere l'id session sans désactiver l'ancien */
|
||||
\session_regenerate_id(false);
|
||||
|
||||
/* (4) La nouvelle session devient le parent -> parent */
|
||||
$parent_sessid = session_id();
|
||||
|
||||
/* (5) On retourne sur l'enfant pour enregistrer le parent */
|
||||
self::change_session($child_sessid);
|
||||
$_SESSION['__SESSION_MANAGER__']['PARENT'] = $parent_sessid;
|
||||
\session_name('child');
|
||||
|
||||
/* (6) On retourne sur le parent pour ajouter l'enfant*/
|
||||
self::change_session($parent_sessid);
|
||||
$_SESSION['__SESSION_MANAGER__']['CHILDREN'][] = $child_sessid;
|
||||
\session_name('parent');
|
||||
|
||||
// var_dump("[parent] child: $child_sessid ; parent = $parent_sessid");
|
||||
|
||||
|
||||
/* (3) Si client correct + session enfant
|
||||
---------------------------------------------------------*/
|
||||
}else{
|
||||
|
||||
/* (1) On récupère l'id de session parent */
|
||||
$parent_sessid = $_SESSION['__SESSION_MANAGER__']['PARENT'];
|
||||
// var_dump("[child] child: ".session_id()." ; parent = $parent_sessid");
|
||||
|
||||
/* (2) On supprime la session enfant */
|
||||
\session_unset();
|
||||
\session_destroy();
|
||||
|
||||
/* (3) On redirige sur le parent */
|
||||
\session_id($parent_sessid);
|
||||
\session_start();
|
||||
|
||||
\session_name('child');
|
||||
}
|
||||
|
||||
/* (4) On met à jour les données de vérification
|
||||
---------------------------------------------------------*/
|
||||
$_SESSION['__SESSION_MANAGER__'] = [
|
||||
'ID' => isset($_SESSION['__SESSION_MANAGER__']['ID']) ? $_SESSION['__SESSION_MANAGER__']['ID'] : self::secure_hash(uniqid()),
|
||||
'RA' => $_SERVER['REMOTE_ADDR'],
|
||||
'HUA' => $_SERVER['HTTP_USER_AGENT'],
|
||||
'CHILDREN' => []
|
||||
];
|
||||
|
||||
/* (5) Precaution: on met a jour le cookie
|
||||
---------------------------------------------------------*/
|
||||
$_COOKIE['PHPSESSID'] = session_id();
|
||||
\setcookie('PHPSESSID', session_id(), time()+60*30, '/', $_SERVER['SERVER_NAME'], false, true);
|
||||
|
||||
}
|
||||
|
||||
|
||||
/************/
|
||||
/* AMORCEUR */
|
||||
/************/
|
||||
public static function session_start($sessid=null){
|
||||
|
||||
/* [1] Génération et Gestion des donnees a utiliser
|
||||
==============================================================*/
|
||||
// On genere un token pour l'execution suivante
|
||||
$token = self::secure_hash(uniqid());
|
||||
|
||||
// On definit/recupere le token
|
||||
$session_token = (isset($_COOKIE['session_token'])) ? $_COOKIE['session_token'] : null;
|
||||
|
||||
|
||||
|
||||
/* [2] Verification de l'id session
|
||||
==============================================================*/
|
||||
/* (1) Set cookie defaults for session */
|
||||
\session_set_cookie_params(60*20, '/', $_SERVER['SERVER_NAME'], isset($_SERVER['HTTPS']), true);
|
||||
|
||||
!is_null($sessid) && \session_id($sessid);
|
||||
|
||||
/* (2) Start session */
|
||||
\session_start();
|
||||
|
||||
|
||||
// var_dump('start: '.session_id());
|
||||
echo "\n";
|
||||
|
||||
// Si ip + user-agent incorrect -> on change de session
|
||||
// Si ip + user-agent correct -> on regenere l'id
|
||||
self::reset_session( self::checkClient() < 0 );
|
||||
|
||||
|
||||
echo "\n";
|
||||
// var_dump('end: '.session_id());
|
||||
}
|
||||
|
||||
|
||||
/****************************/
|
||||
/* CHECK CLIENT CREDENTIALS */
|
||||
/****************************/
|
||||
private static function checkClient(){
|
||||
/* (1) Check if check values are given */
|
||||
if( !isset($_SESSION['__SESSION_MANAGER__']) || !is_array($_SESSION['__SESSION_MANAGER__']) )
|
||||
return -2; // no value
|
||||
|
||||
/* (2) Check if each value is given */
|
||||
if( !isset($_SESSION['__SESSION_MANAGER__']['RA']) || !isset($_SESSION['__SESSION_MANAGER__']['HUA']) )
|
||||
return -2; // no value
|
||||
|
||||
/* (3) Check if client IP is correct */
|
||||
if( $_SESSION['__SESSION_MANAGER__']['RA'] !== $_SERVER['REMOTE_ADDR'] )
|
||||
return -1; // not correct
|
||||
|
||||
/* (4) Check if user-agent is correct */
|
||||
if( $_SESSION['__SESSION_MANAGER__']['HUA'] !== $_SERVER['HTTP_USER_AGENT'] )
|
||||
return -1;
|
||||
|
||||
|
||||
/* (5) If all is right */
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
?>
|
Loading…
Reference in New Issue