Simplify session handling #39

Merged
Roflin merged 2 commits from simplify-sessions into master 2023-11-22 16:03:40 +01:00
2 changed files with 36 additions and 22 deletions
Showing only changes of commit 65ee07d95b - Show all commits

View File

@ -11,7 +11,7 @@ class Logout extends HTMLController
public function __construct()
{
// Clear the entire sesssion.
$_SESSION = [];
Session::clear();
// Back to the frontpage you go.
header('Location: ' . BASEURL);

View File

@ -3,22 +3,52 @@
* Session.php
* Contains the key class Session.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
* Kabuki CMS (C) 2013-2023, Aaron van Geffen
*****************************************************************************/
class Session
{
public static function clear()
{
$_SESSION = [];
}
public static function start()
{
session_start();
if (!isset($_SESSION['session_token_key'], $_SESSION['session_token']))
self::generateSessionToken();
return true;
}
public static function generateSessionToken()
{
$_SESSION['session_token'] = sha1(session_id() . mt_rand());
$_SESSION['session_token_key'] = substr(preg_replace('~^\d+~', '', sha1(mt_rand() . session_id() . mt_rand())), 0, rand(7, 12));
return true;
}
public static function getSessionToken()
{
if (empty($_SESSION['session_token']))
trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
return $_SESSION['session_token'];
}
public static function getSessionTokenKey()
{
if (empty($_SESSION['session_token_key']))
trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
return $_SESSION['session_token_key'];
}
public static function resetSessionToken()
{
$_SESSION['session_token'] = sha1(session_id() . mt_rand());
$_SESSION['session_token_key'] = substr(preg_replace('~^\d+~', '', sha1(mt_rand() . session_id() . mt_rand())), 0, rand(7, 12));
// Old interface; now always true.
return true;
}
@ -45,23 +75,7 @@ class Session
throw new UserFacingException('Invalid referring URL. Please reload the page and try again.');
}
// All looks good from here! But you can only use this token once, so...
return self::resetSessionToken();
}
public static function getSessionToken()
{
if (empty($_SESSION['session_token']))
trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
return $_SESSION['session_token'];
}
public static function getSessionTokenKey()
{
if (empty($_SESSION['session_token_key']))
trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
return $_SESSION['session_token_key'];
// All looks good from here!
return true;
}
}