WPInv_Session_Handler::get_session_cookie() - Code Metrics - Inspection of "remove use of wp_session library and use transient..." - AyeCode/invoicing - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#217)

by Patrik

created 2019-10-11 14:26 UTC

WPInv_Session_Handler::get_session_cookie() B

↳ Parent: WPInv_Session_Handler

Complexity

Conditions	7
Paths	8

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	7
nc	8
nop	0
dl	0
loc	23
rs	8.6186
c	0
b	0
f	0

<?php
/**
 * Handle data for the current customers session.
 * Implements the WPInv_Session abstract class.
 *
 */

defined( 'ABSPATH' ) || exit;

/**
 * Session handler class.
 */
class WPInv_Session_Handler extends WPInv_Session {

	/**
	 * Cookie name used for the session.
	 *
	 * @var string cookie name
	 */
	protected $_cookie;

	/**
	 * Stores session expiry.
	 *
	 * @var int session due to expire timestamp
	 */
	protected $_session_expiring;

	/**
	 * Stores session due to expire timestamp.
	 *
	 * @var string session expiration timestamp
	 */
	protected $_session_expiration;

	/**
	 * True when the cookie exists.
	 *
	 * @var bool Based on whether a cookie exists.
	 */
	protected $_has_cookie = false;

	/**
	 * Table name for session data.
	 *
	 * @var string Custom session table name
	 */
	protected $_table;

	/**
	 * Constructor for the session class.
	 */
	public function __construct() {

	    $this->_cookie = apply_filters( 'wpinv_cookie', 'wpinv_session_' . COOKIEHASH );
        add_action( 'init', array( $this, 'init' ), -1 );
	}

	/**
	 * Init hooks and session data.
	 *
	 * @since 3.3.0
	 */
	public function init() {
		$this->init_session_cookie();

		add_action( 'wp', array( $this, 'set_customer_session_cookie' ), 10 );
		add_action( 'shutdown', array( $this, 'save_data' ), 20 );
		add_action( 'wp_logout', array( $this, 'destroy_session' ) );

		if ( ! is_user_logged_in() ) {
			add_filter( 'nonce_user_logged_out', array( $this, 'nonce_user_logged_out' ) );
		}
	}

	/**
	 * Setup cookie and customer ID.
	 *
	 * @since 3.6.0
	 */
	public function init_session_cookie() {
		$cookie = $this->get_session_cookie();

		if ( $cookie ) {
			$this->_customer_id        = $cookie[0];
			$this->_session_expiration = $cookie[1];
			$this->_session_expiring   = $cookie[2];
			$this->_has_cookie         = true;
			$this->_data               = $this->get_session_data();

			// If the user logs in, update session.
			if ( is_user_logged_in() && get_current_user_id() != $this->_customer_id ) {
				$this->_customer_id = get_current_user_id();
				$this->_dirty       = true;
				$this->save_data();
				$this->set_customer_session_cookie( true );
			}

			// Update session if its close to expiring.
			if ( time() > $this->_session_expiring ) {
				$this->set_session_expiration();
				$this->update_session_timestamp( $this->_customer_id, $this->_session_expiration );
			}
		} else {
			$this->set_session_expiration();
			$this->_customer_id = $this->generate_customer_id();
$answer = 42;

$correct = false;

$correct = (bool) $answer;
			$this->_data        = $this->get_session_data();
		}
	}

	/**
	 * Sets the session cookie on-demand (usually after adding an item to the cart).
	 *
	 * Since the cookie name (as of 2.1) is prepended with wp, cache systems like batcache will not cache pages when set.
	 *
	 * Warning: Cookies will only be set if this is called before the headers are sent.
	 *
	 * @param bool $set Should the session cookie be set.
	 */
	public function set_customer_session_cookie( $set ) {
		if ( $set ) {
			$to_hash           = $this->_customer_id . '|' . $this->_session_expiration;
			$cookie_hash       = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) );
			$cookie_value      = $this->_customer_id . '||' . $this->_session_expiration . '||' . $this->_session_expiring . '||' . $cookie_hash;
			$this->_has_cookie = true;

			if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) {
				$this->setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true );
			}
		}
	}

	public function setcookie($name, $value, $expire = 0, $secure = false, $httponly = false){
        if ( ! headers_sent() ) {
            setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters( 'wpinv_cookie_httponly', $httponly, $name, $value, $expire, $secure ) );
        } elseif ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
            headers_sent( $file, $line );
            trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE ); // @codingStandardsIgnoreLine
        }
    }

	/**
	 * Should the session cookie be secure?
	 *
	 * @since 3.6.0
	 * @return bool
	 */
	protected function use_secure_cookie() {
        $is_https = false !== strstr( get_option( 'home' ), 'https:' );
		return apply_filters( 'wpinv_session_use_secure_cookie', $is_https && is_ssl() );
	}

	/**
	 * Return true if the current user has an active session, i.e. a cookie to retrieve values.
	 *
	 * @return bool
	 */
	public function has_session() {
		return isset( $_COOKIE[ $this->_cookie ] ) || $this->_has_cookie || is_user_logged_in(); // @codingStandardsIgnoreLine.
	}

	/**
	 * Set session expiration.
	 */
	public function set_session_expiration() {
		$this->_session_expiring   = time() + intval( apply_filters( 'wpinv_session_expiring', 60 * 60 * 47 ) ); // 47 Hours.
		$this->_session_expiration = time() + intval( apply_filters( 'wpinv_session_expiration', 60 * 60 * 48 ) ); // 48 Hours.
$answer = 42;

$correct = false;

$correct = (bool) $answer;
	}

	/**
	 * Generate a unique customer ID for guests, or return user ID if logged in.
	 *
	 * Uses Portable PHP password hashing framework to generate a unique cryptographically strong ID.
	 *
	 * @return string
	 */
	public function generate_customer_id() {
		$customer_id = '';

		if ( is_user_logged_in() ) {
			$customer_id = get_current_user_id();
		}

		if ( empty( $customer_id ) ) {
            $customer_id = wp_create_nonce('wpinv-session-customer-id');
		}

		return $customer_id;
	}

	/**
	 * Get the session cookie, if set. Otherwise return false.
	 *
	 * Session cookies without a customer ID are invalid.
	 *
	 * @return bool|array
	 */
	public function get_session_cookie() {
		$cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wp_unslash( $_COOKIE[ $this->_cookie ] ) : false; // @codingStandardsIgnoreLine.

		if ( empty( $cookie_value ) || ! is_string( $cookie_value ) ) {
			return false;
		}

		list( $customer_id, $session_expiration, $session_expiring, $cookie_hash ) = explode( '||', $cookie_value );

		if ( empty( $customer_id ) ) {
			return false;
		}

		// Validate hash.
		$to_hash = $customer_id . '|' . $session_expiration;
		$hash    = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) );

		if ( empty( $cookie_hash ) || ! hash_equals( $hash, $cookie_hash ) ) {
			return false;
		}

		return array( $customer_id, $session_expiration, $session_expiring, $cookie_hash );
	}

	/**
	 * Get session data.
	 *
	 * @return array
	 */
	public function get_session_data() {
		return $this->has_session() ? (array) $this->get_session( $this->_customer_id ) : array();
	}

	public function generate_key($customer_id){
        if(!$customer_id){
            return;
        }

        return 'wpi_trans_'.$customer_id;
    }

	/**
	 * Save data.
	 */
	public function save_data() {
		// Dirty if something changed - prevents saving nothing new.
		if ( $this->_dirty && $this->has_session() ) {

            set_transient( $this->generate_key($this->_customer_id), $this->_data, $this->_session_expiration);

			$this->_dirty = false;
		}
	}

	/**
	 * Destroy all session data.
	 */
	public function destroy_session() {
		$this->delete_session( $this->_customer_id );
		$this->forget_session();
	}

	/**
	 * Forget all session data without destroying it.
	 */
	public function forget_session() {
		$this->setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true );

		wpinv_empty_cart();

		$this->_data        = array();
		$this->_dirty       = false;
		$this->_customer_id = $this->generate_customer_id();
$answer = 42;

$correct = false;

$correct = (bool) $answer;
	}

	/**
	 * When a user is logged out, ensure they have a unique nonce by using the customer/session ID.
	 *
	 * @param int $uid User ID.
	 * @return string
	 */
	public function nonce_user_logged_out( $uid ) {
		return $this->has_session() && $this->_customer_id ? $this->_customer_id : $uid;
	}

	/**
	 * Returns the session.
	 *
	 * @param string $customer_id Customer ID.
	 * @param mixed  $default Default session value.
	 * @return string|array
	 */
	public function get_session( $customer_id, $default = false ) {

		if ( defined( 'WP_SETUP_CONFIG' ) ) {
			return array();
		}

        if ( !is_user_logged_in() ) {
            if(!wp_verify_nonce( $customer_id, 'wpinv-session-customer-id' )){
                return array();
            }
        }

        $key = $this->generate_key($customer_id);
        $value = get_transient($key);

        if ( !$value ) {
            $value = $default;
        }

		return maybe_unserialize( $value );
	}

	/**
	 * Delete the session from the cache and database.
	 *
	 * @param int $customer_id Customer ID.
	 */
	public function delete_session( $customer_id ) {

        $key = $this->generate_key($customer_id);

		delete_transient($key);
	}

	/**
	 * Update the session expiry timestamp.
	 *
	 * @param string $customer_id Customer ID.
	 * @param int    $timestamp Timestamp to expire the cookie.
	 */
	public function update_session_timestamp( $customer_id, $timestamp ) {

        set_transient( $this->generate_key($customer_id), maybe_serialize( $this->_data ), $timestamp);

	}
}

global $wpi_session;
$wpi_session = new WPInv_Session_Handler();

1			<?php
2			/**
3			* Handle data for the current customers session.
4			* Implements the WPInv_Session abstract class.
5			*
6			*/
7
8			defined( 'ABSPATH' ) \|\| exit;
9
10			/**
11			* Session handler class.
12			*/
13			class WPInv_Session_Handler extends WPInv_Session {
14
15			/**
16			* Cookie name used for the session.
17			*
18			* @var string cookie name
19			*/
20			protected $_cookie;
21
22			/**
23			* Stores session expiry.
24			*
25			* @var int session due to expire timestamp
26			*/
27			protected $_session_expiring;
28
29			/**
30			* Stores session due to expire timestamp.
31			*
32			* @var string session expiration timestamp
33			*/
34			protected $_session_expiration;
35
36			/**
37			* True when the cookie exists.
38			*
39			* @var bool Based on whether a cookie exists.
40			*/
41			protected $_has_cookie = false;
42
43			/**
44			* Table name for session data.
45			*
46			* @var string Custom session table name
47			*/
48			protected $_table;
49
50			/**
51			* Constructor for the session class.
52			*/
53			public function __construct() {
54
55			$this->_cookie = apply_filters( 'wpinv_cookie', 'wpinv_session_' . COOKIEHASH );
56			add_action( 'init', array( $this, 'init' ), -1 );
57			}
58
59			/**
60			* Init hooks and session data.
61			*
62			* @since 3.3.0
63			*/
64			public function init() {
65			$this->init_session_cookie();
66
67			add_action( 'wp', array( $this, 'set_customer_session_cookie' ), 10 );
68			add_action( 'shutdown', array( $this, 'save_data' ), 20 );
69			add_action( 'wp_logout', array( $this, 'destroy_session' ) );
70
71			if ( ! is_user_logged_in() ) {
72			add_filter( 'nonce_user_logged_out', array( $this, 'nonce_user_logged_out' ) );
73			}
74			}
75
76			/**
77			* Setup cookie and customer ID.
78			*
79			* @since 3.6.0
80			*/
81			public function init_session_cookie() {
82			$cookie = $this->get_session_cookie();
83
84			if ( $cookie ) {
85			$this->_customer_id = $cookie[0];
86			$this->_session_expiration = $cookie[1];
87			$this->_session_expiring = $cookie[2];
88			$this->_has_cookie = true;
89			$this->_data = $this->get_session_data();
90
91			// If the user logs in, update session.
92			if ( is_user_logged_in() && get_current_user_id() != $this->_customer_id ) {
93			$this->_customer_id = get_current_user_id();
94			$this->_dirty = true;
95			$this->save_data();
96			$this->set_customer_session_cookie( true );
97			}
98
99			// Update session if its close to expiring.
100			if ( time() > $this->_session_expiring ) {
101			$this->set_session_expiration();
102			$this->update_session_timestamp( $this->_customer_id, $this->_session_expiration );
103			}
104			} else {
105			$this->set_session_expiration();
106			$this->_customer_id = $this->generate_customer_id();
			0 ignored issues – show Documentation Bug introduced 2019-09-18 13:36 UTC by Report Bug Copy Issue Report The property `$_customer_id` was declared of type `integer`, but `$this->generate_customer_id()` is of type `string`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
107			$this->_data = $this->get_session_data();
108			}
109			}
110
111			/**
112			* Sets the session cookie on-demand (usually after adding an item to the cart).
113			*
114			* Since the cookie name (as of 2.1) is prepended with wp, cache systems like batcache will not cache pages when set.
115			*
116			* Warning: Cookies will only be set if this is called before the headers are sent.
117			*
118			* @param bool $set Should the session cookie be set.
119			*/
120			public function set_customer_session_cookie( $set ) {
121			if ( $set ) {
122			$to_hash = $this->_customer_id . '\|' . $this->_session_expiration;
123			$cookie_hash = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) );
124			$cookie_value = $this->_customer_id . '\|\|' . $this->_session_expiration . '\|\|' . $this->_session_expiring . '\|\|' . $cookie_hash;
125			$this->_has_cookie = true;
126
127			if ( ! isset( $_COOKIE[ $this->_cookie ] ) \|\| $_COOKIE[ $this->_cookie ] !== $cookie_value ) {
128			$this->setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true );
129			}
130			}
131			}
132
133			public function setcookie($name, $value, $expire = 0, $secure = false, $httponly = false){
134			if ( ! headers_sent() ) {
135			setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters( 'wpinv_cookie_httponly', $httponly, $name, $value, $expire, $secure ) );
136			} elseif ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
137			headers_sent( $file, $line );
138			trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE ); // @codingStandardsIgnoreLine
139			}
140			}
141
142			/**
143			* Should the session cookie be secure?
144			*
145			* @since 3.6.0
146			* @return bool
147			*/
148			protected function use_secure_cookie() {
149			$is_https = false !== strstr( get_option( 'home' ), 'https:' );
150			return apply_filters( 'wpinv_session_use_secure_cookie', $is_https && is_ssl() );
151			}
152
153			/**
154			* Return true if the current user has an active session, i.e. a cookie to retrieve values.
155			*
156			* @return bool
157			*/
158			public function has_session() {
159			return isset( $_COOKIE[ $this->_cookie ] ) \|\| $this->_has_cookie \|\| is_user_logged_in(); // @codingStandardsIgnoreLine.
160			}
161
162			/**
163			* Set session expiration.
164			*/
165			public function set_session_expiration() {
166			$this->_session_expiring = time() + intval( apply_filters( 'wpinv_session_expiring', 60 * 60 * 47 ) ); // 47 Hours.
167			$this->_session_expiration = time() + intval( apply_filters( 'wpinv_session_expiration', 60 * 60 * 48 ) ); // 48 Hours.
			0 ignored issues – show Documentation Bug introduced 2019-09-18 13:36 UTC by Report Bug Copy Issue Report The property `$_session_expiration` was declared of type `string`, but `time() + intval(apply_fi...ration', 60 * 60 * 48))` is of type `integer`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
168			}
169
170			/**
171			* Generate a unique customer ID for guests, or return user ID if logged in.
172			*
173			* Uses Portable PHP password hashing framework to generate a unique cryptographically strong ID.
174			*
175			* @return string
176			*/
177			public function generate_customer_id() {
178			$customer_id = '';
179
180			if ( is_user_logged_in() ) {
181			$customer_id = get_current_user_id();
182			}
183
184			if ( empty( $customer_id ) ) {
185			$customer_id = wp_create_nonce('wpinv-session-customer-id');
186			}
187
188			return $customer_id;
189			}
190
191			/**
192			* Get the session cookie, if set. Otherwise return false.
193			*
194			* Session cookies without a customer ID are invalid.
195			*
196			* @return bool\|array
197			*/
198			public function get_session_cookie() {
199			$cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wp_unslash( $_COOKIE[ $this->_cookie ] ) : false; // @codingStandardsIgnoreLine.
200
201			if ( empty( $cookie_value ) \|\| ! is_string( $cookie_value ) ) {
202			return false;
203			}
204
205			list( $customer_id, $session_expiration, $session_expiring, $cookie_hash ) = explode( '\|\|', $cookie_value );
206
207			if ( empty( $customer_id ) ) {
208			return false;
209			}
210
211			// Validate hash.
212			$to_hash = $customer_id . '\|' . $session_expiration;
213			$hash = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) );
214
215			if ( empty( $cookie_hash ) \|\| ! hash_equals( $hash, $cookie_hash ) ) {
216			return false;
217			}
218
219			return array( $customer_id, $session_expiration, $session_expiring, $cookie_hash );
220			}
221
222			/**
223			* Get session data.
224			*
225			* @return array
226			*/
227			public function get_session_data() {
228			return $this->has_session() ? (array) $this->get_session( $this->_customer_id ) : array();
229			}
230
231			public function generate_key($customer_id){
232			if(!$customer_id){
233			return;
234			}
235
236			return 'wpi_trans_'.$customer_id;
237			}
238
239			/**
240			* Save data.
241			*/
242			public function save_data() {
243			// Dirty if something changed - prevents saving nothing new.
244			if ( $this->_dirty && $this->has_session() ) {
245
246			set_transient( $this->generate_key($this->_customer_id), $this->_data, $this->_session_expiration);
247
248			$this->_dirty = false;
249			}
250			}
251
252			/**
253			* Destroy all session data.
254			*/
255			public function destroy_session() {
256			$this->delete_session( $this->_customer_id );
257			$this->forget_session();
258			}
259
260			/**
261			* Forget all session data without destroying it.
262			*/
263			public function forget_session() {
264			$this->setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true );
265
266			wpinv_empty_cart();
267
268			$this->_data = array();
269			$this->_dirty = false;
270			$this->_customer_id = $this->generate_customer_id();
			0 ignored issues – show Documentation Bug introduced 2019-09-18 13:36 UTC by Report Bug Copy Issue Report The property `$_customer_id` was declared of type `integer`, but `$this->generate_customer_id()` is of type `string`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
271			}
272
273			/**
274			* When a user is logged out, ensure they have a unique nonce by using the customer/session ID.
275			*
276			* @param int $uid User ID.
277			* @return string
278			*/
279			public function nonce_user_logged_out( $uid ) {
280			return $this->has_session() && $this->_customer_id ? $this->_customer_id : $uid;
281			}
282
283			/**
284			* Returns the session.
285			*
286			* @param string $customer_id Customer ID.
287			* @param mixed $default Default session value.
288			* @return string\|array
289			*/
290			public function get_session( $customer_id, $default = false ) {
291
292			if ( defined( 'WP_SETUP_CONFIG' ) ) {
293			return array();
294			}
295
296			if ( !is_user_logged_in() ) {
297			if(!wp_verify_nonce( $customer_id, 'wpinv-session-customer-id' )){
298			return array();
299			}
300			}
301
302			$key = $this->generate_key($customer_id);
303			$value = get_transient($key);
304
305			if ( !$value ) {
306			$value = $default;
307			}
308
309			return maybe_unserialize( $value );
310			}
311
312			/**
313			* Delete the session from the cache and database.
314			*
315			* @param int $customer_id Customer ID.
316			*/
317			public function delete_session( $customer_id ) {
318
319			$key = $this->generate_key($customer_id);
320
321			delete_transient($key);
322			}
323
324			/**
325			* Update the session expiry timestamp.
326			*
327			* @param string $customer_id Customer ID.
328			* @param int $timestamp Timestamp to expire the cookie.
329			*/
330			public function update_session_timestamp( $customer_id, $timestamp ) {
331
332			set_transient( $this->generate_key($customer_id), maybe_serialize( $this->_data ), $timestamp);
333
334			}
335			}
336
337			global $wpi_session;
338			$wpi_session = new WPInv_Session_Handler();

AyeCode / invoicing

Pull Request — master (#217)

WPInv_Session_Handler::get_session_cookie() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like