forked from Public/pics
Session: centralise how session tokens are handled
This commit is contained in:
parent
5f778d73b4
commit
65ee07d95b
@ -11,7 +11,7 @@ class Logout extends HTMLController
|
|||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
// Clear the entire sesssion.
|
// Clear the entire sesssion.
|
||||||
$_SESSION = [];
|
Session::clear();
|
||||||
|
|
||||||
// Back to the frontpage you go.
|
// Back to the frontpage you go.
|
||||||
header('Location: ' . BASEURL);
|
header('Location: ' . BASEURL);
|
||||||
|
@ -3,22 +3,52 @@
|
|||||||
* Session.php
|
* Session.php
|
||||||
* Contains the key class Session.
|
* Contains the key class Session.
|
||||||
*
|
*
|
||||||
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
|
* Kabuki CMS (C) 2013-2023, Aaron van Geffen
|
||||||
*****************************************************************************/
|
*****************************************************************************/
|
||||||
|
|
||||||
class Session
|
class Session
|
||||||
{
|
{
|
||||||
|
public static function clear()
|
||||||
|
{
|
||||||
|
$_SESSION = [];
|
||||||
|
}
|
||||||
|
|
||||||
public static function start()
|
public static function start()
|
||||||
{
|
{
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
|
if (!isset($_SESSION['session_token_key'], $_SESSION['session_token']))
|
||||||
|
self::generateSessionToken();
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function generateSessionToken()
|
||||||
|
{
|
||||||
|
$_SESSION['session_token'] = sha1(session_id() . mt_rand());
|
||||||
|
$_SESSION['session_token_key'] = substr(preg_replace('~^\d+~', '', sha1(mt_rand() . session_id() . mt_rand())), 0, rand(7, 12));
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getSessionToken()
|
||||||
|
{
|
||||||
|
if (empty($_SESSION['session_token']))
|
||||||
|
trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
|
||||||
|
|
||||||
|
return $_SESSION['session_token'];
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function getSessionTokenKey()
|
||||||
|
{
|
||||||
|
if (empty($_SESSION['session_token_key']))
|
||||||
|
trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
|
||||||
|
|
||||||
|
return $_SESSION['session_token_key'];
|
||||||
|
}
|
||||||
|
|
||||||
public static function resetSessionToken()
|
public static function resetSessionToken()
|
||||||
{
|
{
|
||||||
$_SESSION['session_token'] = sha1(session_id() . mt_rand());
|
// Old interface; now always true.
|
||||||
$_SESSION['session_token_key'] = substr(preg_replace('~^\d+~', '', sha1(mt_rand() . session_id() . mt_rand())), 0, rand(7, 12));
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -45,23 +75,7 @@ class Session
|
|||||||
throw new UserFacingException('Invalid referring URL. Please reload the page and try again.');
|
throw new UserFacingException('Invalid referring URL. Please reload the page and try again.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// All looks good from here! But you can only use this token once, so...
|
// All looks good from here!
|
||||||
return self::resetSessionToken();
|
return true;
|
||||||
}
|
|
||||||
|
|
||||||
public static function getSessionToken()
|
|
||||||
{
|
|
||||||
if (empty($_SESSION['session_token']))
|
|
||||||
trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
|
|
||||||
|
|
||||||
return $_SESSION['session_token'];
|
|
||||||
}
|
|
||||||
|
|
||||||
public static function getSessionTokenKey()
|
|
||||||
{
|
|
||||||
if (empty($_SESSION['session_token_key']))
|
|
||||||
trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
|
|
||||||
|
|
||||||
return $_SESSION['session_token_key'];
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user