-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathCookieSessionHandler.php
More file actions
124 lines (92 loc) · 3.68 KB
/
CookieSessionHandler.php
File metadata and controls
124 lines (92 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?php namespace Rakit\Session;
use SessionHandlerInterface;
class CookieSessionHandler implements SessionHandlerInterface {
const IV_SEPARATOR = '::';
protected $cookie_name;
protected $configs;
protected $encrypt = false;
public function __construct($cookie_name = 'rksess', array $configs = array()) {
$this->cookie_name = $cookie_name;
$default_configs = array(
'expire' => 0,
'path' => null,
'domain' => null,
'secure' => false,
'httponly' => false,
'mcrypt_key' => null
);
$configs = array_merge($default_configs, $configs);
if (is_string($configs['mcrypt_key'])) {
$this->encrypt = true;
$configs = array_merge(array('mcrypt_chiper' => MCRYPT_BLOWFISH, 'mcrypt_mode' => MCRYPT_MODE_CBC,), $configs);
}
$this->configs = $configs;
}
public function open($save_path, $sess_name) {
return true;
}
public function close() {
return true;
}
public function read($sess_id) {
$data = $this->getCookiedata();
if ($this->encrypt) {
if (!empty($data)) {
$explode = explode(static ::IV_SEPARATOR, $data, 2);
$this->configs['mcrypt_iv'] = $explode[0];
$data = $this->decrypt(base64_decode($explode[1]));
}
else {
$this->configs['mcrypt_iv'] = base64_encode($this->generateIV());
$data = '';
}
}
return $data ? $data : '';
}
public function write($sess_id, $data) {
if ($this->encrypt) {
$data = base64_encode($this->encrypt($data));
$data = $this->configs['mcrypt_iv'] . static ::IV_SEPARATOR . $data;
}
setcookie($this->cookie_name, $data, $this->configs['expire'], $this->configs['path'], $this->configs['domain'], $this->configs['secure'], $this->configs['httponly']);
return true;
}
public function destroy($sess_id) {
if (isset($_COOKIE[$this->cookie_name])) {
unset($_COOKIE[$this->cookie_name]);
setcookie($this->cookie_name, '', (-1 * 24 * 60 * 60));
}
return true;
}
public function gc($lifetime) {
return true;
}
protected function getCookiedata() {
return isset($_COOKIE[$this->cookie_name]) ? $_COOKIE[$this->cookie_name] : '';
}
protected function encrypt($plain) {
$cipher = $this->configs['mcrypt_chiper'];
$key = $this->configs['mcrypt_key'];
$mode = $this->configs['mcrypt_mode'];
$iv = base64_decode($this->configs['mcrypt_iv']);
return mcrypt_encrypt($cipher, $key, $plain, $mode, $iv);
}
protected function decrypt($encrypted) {
$cipher = $this->configs['mcrypt_chiper'];
$key = $this->configs['mcrypt_key'];
$mode = $this->configs['mcrypt_mode'];
$iv = base64_decode($this->configs['mcrypt_iv']);
return rtrim(mcrypt_decrypt($cipher, $key, $encrypted, $mode, $iv));
}
protected function generateIV() {
$cipher = $this->configs['mcrypt_chiper'];
$mode = $this->configs['mcrypt_mode'];
$iv_size = mcrypt_get_iv_size($cipher, $mode);
return mcrypt_create_iv($iv_size);
}
protected function validEncryptedCookie($data) {
$base64_regex = "[a-zA-Z0-9\/\=\_\@\-]+";
$regex = '/^' . $base64_regex . static ::IV_SEPARATOR . $base64_regex . '$/';
return preg_match($regex, $data);
}
}