Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * @author: Kevin Olinger <https://kevyn.lu>, 2017-01-11
- * @copyright: 2017+ Kevin Olinger
- *
- * Last modified: 2017-01-12
- */
- namespace core\modules;
- use core\modules\session\SecureHandler;
- use core\Core;
- class SessionModule {
- protected $name, $cookie;
- protected static $secHandler = null;
- //Set up session
- public function __construct() {
- if(!extension_loaded("openssl")) Core::End("The OpenSSL extension must be installed to use the session module.");
- if(!extension_loaded("mbstring")) Core::End("The Multibytes extension must be installed to use the session module.");
- $this->name = str_replace(" ", "_", APPLICATION);
- ini_set("session.entropy_file", "/dev/urandom");
- ini_set("session.entropy_length", 16);
- ini_set("session.hash_function", "sha256");
- ini_set("session.use_cookies", 1);
- ini_set("session.use_only_cookies", 1);
- ini_set("session.use_trans_sid", 0);
- ini_set("session.save_handler", "files");
- ini_set("session.cookie_httponly", 1);
- ini_set("session.cookie_secure", isset($_SERVER["HTTPS"]));
- ini_set("session.referer_check", 0);
- self::$secHandler = new SecureHandler();
- session_set_save_handler(self::$secHandler, true);
- session_save_path(sys_get_temp_dir());
- session_name($this->name);
- session_set_cookie_params(
- $this->cookie["lifetime"],
- $this->cookie["path"],
- $this->cookie["domain"],
- $this->cookie["secure"],
- $this->cookie["httponly"]
- );
- }
- //Start and validate session
- public function __run() {
- if($this->start()) Core::End("An error occured while trying to start the session.");
- if(!$this->isValid()) $this->forget();
- }
- //Basic session management
- public function start(): bool {
- if(session_id() === "") {
- if(session_start()) return mt_rand(0, 4) === 0 ? $this->refresh() : true;
- }
- return false;
- }
- public function refresh(): bool {
- return session_regenerate_id(true);
- }
- public function forget(): bool {
- if(session_id() === "") return false;
- $_SESSION = array();
- setcookie(
- $this->name,
- "",
- time() - 42000,
- $this->cookie["path"],
- $this->cookie["domain"],
- $this->cookie["secure"],
- $this->cookie["httponly"]
- );
- setcookie(
- "KEY_". $this->name,
- "",
- time() - 42000,
- $this->cookie["path"],
- $this->cookie["domain"],
- $this->cookie["secure"],
- $this->cookie["httponly"]
- );
- return session_destroy();
- }
- //Validation related methods
- public function updateValidationData($hash = null) {
- if(!isset($_SESSION["_fingerprint"]) && !$hash) {
- $hash = $hash ?? hash("sha384", $_SERVER["HTTP_USER_AGENT"] . $_SERVER["REMOTE_ADDR"]);
- $_SESSION["_fingerprint"] = $hash;
- }
- $_SESSION["_last_activity"] = time();
- }
- public function isValid($ttl = 1): bool {
- $return = true;
- $last = isset($_SESSION["_last_activity"]) ? $_SESSION["_last_activity"] : false;
- $hash = hash("sha384", $_SERVER["HTTP_USER_AGENT"] . $_SERVER["REMOTE_ADDR"]);
- if($last !== false && time() - $last > $ttl * 60) return false;
- if(isset($_SESSION["_fingerprint"])) $return = hash_equals($hash, $_SESSION["_fingerprint"]);
- if($return) $this->updateValidationData($hash);
- return $return;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement