OmarElGabry /
miniPHP
Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.
Common duplication problems, and corresponding solutions are:
Complex classes like Session often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Session, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 10 | class Session{ |
||
|
|
|||
| 11 | |||
| 12 | /** |
||
| 13 | * constructor for Session Object. |
||
| 14 | * |
||
| 15 | * @access private |
||
| 16 | */ |
||
| 17 | private function __construct() {} |
||
| 18 | |||
| 19 | /** |
||
| 20 | * Starts the session if not started yet. |
||
| 21 | * |
||
| 22 | * @access public |
||
| 23 | * |
||
| 24 | */ |
||
| 25 | public static function init(){ |
||
| 26 | |||
| 27 | $session_id = session_id(); |
||
| 28 | if (empty($session_id)) { |
||
| 29 | session_start(); |
||
| 30 | } |
||
| 31 | } |
||
| 32 | |||
| 33 | /** |
||
| 34 | * Checks if session data exists and valid or not. |
||
| 35 | * |
||
| 36 | * @access public |
||
| 37 | * @static static method |
||
| 38 | * @param string $ip |
||
| 39 | * @param string $userAgent |
||
| 40 | * @return boolean |
||
| 41 | * |
||
| 42 | */ |
||
| 43 | public static function isSessionValid($ip, $userAgent){ |
||
| 44 | |||
| 45 | $isLoggedIn = self::getIsLoggedIn(); |
||
| 46 | $userId = self::getUserId(); |
||
| 47 | $userRole = self::getUserRole(); |
||
| 48 | |||
| 49 | // 1. check if there is any data in session |
||
| 50 | if(empty($isLoggedIn) || empty($userId) || empty($userRole)){ |
||
| 51 | return false; |
||
| 52 | } |
||
| 53 | |||
| 54 | /*if(!self::isConcurrentSessionExists()){ |
||
| 55 | self::remove(); |
||
| 56 | return false; |
||
| 57 | }*/ |
||
| 58 | |||
| 59 | // 2. then check ip address and user agent |
||
| 60 | if(!self::validateIPAddress($ip) || !self::validateUserAgent($userAgent)) { |
||
| 61 | Logger::log("SESSION", "current session is invalid", __FILE__, __LINE__); |
||
| 62 | self::remove(); |
||
| 63 | return false; |
||
| 64 | } |
||
| 65 | |||
| 66 | // 3. check if session is expired |
||
| 67 | if(!self::validateSessionExpiry()){ |
||
| 68 | self::remove(); |
||
| 69 | return false; |
||
| 70 | } |
||
| 71 | |||
| 72 | return true; |
||
| 73 | } |
||
| 74 | |||
| 75 | /** |
||
| 76 | * Get IsLoggedIn value(boolean) |
||
| 77 | * |
||
| 78 | * @access public |
||
| 79 | * @static static method |
||
| 80 | * @return boolean |
||
| 81 | * |
||
| 82 | */ |
||
| 83 | public static function getIsLoggedIn(){ |
||
| 86 | |||
| 87 | /** |
||
| 88 | * Get User ID. |
||
| 89 | * |
||
| 90 | * @access public |
||
| 91 | * @static static method |
||
| 92 | * @return string|null |
||
| 93 | * |
||
| 94 | */ |
||
| 95 | public static function getUserId(){ |
||
| 98 | |||
| 99 | /** |
||
| 100 | * Get User Role |
||
| 101 | * |
||
| 102 | * @access public |
||
| 103 | * @static static method |
||
| 104 | * @return string|null |
||
| 105 | * |
||
| 106 | */ |
||
| 107 | public static function getUserRole(){ |
||
| 110 | |||
| 111 | /** |
||
| 112 | * Get CSRF Token |
||
| 113 | * |
||
| 114 | * @access public |
||
| 115 | * @static static method |
||
| 116 | * @return string|null |
||
| 117 | * |
||
| 118 | */ |
||
| 119 | public static function getCsrfToken(){ |
||
| 122 | |||
| 123 | /** |
||
| 124 | * Get CSRF Token generated time |
||
| 125 | * |
||
| 126 | * @access public |
||
| 127 | * @static static method |
||
| 128 | * @return string|null |
||
| 129 | * |
||
| 130 | */ |
||
| 131 | public static function getCsrfTokenTime(){ |
||
| 134 | |||
| 135 | /** |
||
| 136 | * set session key and value |
||
| 137 | * |
||
| 138 | * @access public |
||
| 139 | * @static static method |
||
| 140 | * @param $key |
||
| 141 | * @param $value |
||
| 142 | * |
||
| 143 | */ |
||
| 144 | public static function set($key, $value){ |
||
| 147 | |||
| 148 | /** |
||
| 149 | * get session value by $key |
||
| 150 | * |
||
| 151 | * @access public |
||
| 152 | * @static static method |
||
| 153 | * @param $key |
||
| 154 | * @return mixed |
||
| 155 | * |
||
| 156 | */ |
||
| 157 | public static function get($key){ |
||
| 160 | |||
| 161 | /** |
||
| 162 | * get session value by $key and destroy it |
||
| 163 | * |
||
| 164 | * @access public |
||
| 165 | * @static static method |
||
| 166 | * @param $key |
||
| 167 | * @return mixed |
||
| 168 | * |
||
| 169 | */ |
||
| 170 | public static function getAndDestroy($key){ |
||
| 183 | |||
| 184 | /** |
||
| 185 | * matches current IP Address with the one stored in the session |
||
| 186 | * |
||
| 187 | * @access public |
||
| 188 | * @static static method |
||
| 189 | * @param string $ip |
||
| 190 | * @return bool |
||
| 191 | * |
||
| 192 | */ |
||
| 193 | private static function validateIPAddress($ip){ |
||
| 201 | |||
| 202 | /** |
||
| 203 | * matches current user agent with the one stored in the session |
||
| 204 | * |
||
| 205 | * @access public |
||
| 206 | * @static static method |
||
| 207 | * @param string $userAgent |
||
| 208 | * @return bool |
||
| 209 | * |
||
| 210 | */ |
||
| 211 | private static function validateUserAgent($userAgent){ |
||
| 219 | |||
| 220 | /** |
||
| 221 | * checks if session has been expired |
||
| 222 | * |
||
| 223 | * @access public |
||
| 224 | * @static static method |
||
| 225 | * @return bool |
||
| 226 | * |
||
| 227 | */ |
||
| 228 | private static function validateSessionExpiry(){ |
||
| 238 | |||
| 239 | /** |
||
| 240 | * checks for session concurrency |
||
| 241 | * |
||
| 242 | * This is done as the following: |
||
| 243 | * UserA logs in with his session id('123') and it will be stored in the database. |
||
| 244 | * Then, UserB logs in also using the same email and password of UserA from another PC, |
||
| 245 | * and also store the session id('456') in the database |
||
| 246 | * |
||
| 247 | * Now, Whenever UserA performs any action, |
||
| 248 | * You then check the session_id() against the last one stored in the database('456'), |
||
| 249 | * If they don't match then log both of them out. |
||
| 250 | * |
||
| 251 | * @access public |
||
| 252 | * @static static method |
||
| 253 | * @return bool |
||
| 254 | * @see Session::updateSessionId() |
||
| 255 | * @see http://stackoverflow.com/questions/6126285/php-stop-concurrent-user-logins |
||
| 256 | */ |
||
| 257 | public static function isConcurrentSessionExists(){ |
||
| 277 | |||
| 278 | /** |
||
| 279 | * get CSRF token and generate a new one if expired |
||
| 280 | * |
||
| 281 | * @access public |
||
| 282 | * @static static method |
||
| 283 | * @return string |
||
| 284 | * |
||
| 285 | */ |
||
| 286 | public static function generateCsrfToken(){ |
||
| 300 | |||
| 301 | /** |
||
| 302 | * reset session id, delete session file on server, and re-assign the values. |
||
| 303 | * |
||
| 304 | * @access public |
||
| 305 | * @static static method |
||
| 306 | * @param array $data |
||
| 307 | * @return string |
||
| 308 | * |
||
| 309 | */ |
||
| 310 | public static function reset($data){ |
||
| 334 | |||
| 335 | /** |
||
| 336 | * update session id in database |
||
| 337 | * |
||
| 338 | * @access public |
||
| 339 | * @static static method |
||
| 340 | * @param string $userId |
||
| 341 | * @param string $sessionId |
||
| 342 | * @return string |
||
| 343 | * |
||
| 344 | */ |
||
| 345 | View Code Duplication | private static function updateSessionId($userId, $sessionId = null){ |
|
| 354 | |||
| 355 | /** |
||
| 356 | * Remove the session |
||
| 357 | * Either by regenerating the session id & file, and clear the session data |
||
| 358 | * Or, delete session completely from the browser cookies and destroy it's file on the server |
||
| 359 | * |
||
| 360 | * @access public |
||
| 361 | * @static static method |
||
| 362 | * @param bool $keep True to keep session in browser, and just regenerate it's id, and clear data. |
||
| 363 | * False to destroy session cookie in browser completely and it's file on server |
||
| 364 | */ |
||
| 365 | public static function remove($keep = false){ |
||
| 398 | |||
| 399 | } |
||
| 400 |
Loading history...
You can fix this by adding a namespace to your class:
When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.