Session::isConcurrentSessionExists() - Code Metrics - panique/huge - Measure and Improve Code Quality continuously with Scrutinizer

Session::isConcurrentSessionExists() A
last analyzed 2020-05-13 16:02 UTC

↳ Parent: Session

Complexity

Conditions	4
Paths	3

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	21
rs	9.584
c	0
b	0
f	0
cc	4
nc	3
nop	0

<?php

/**
 * Session class
 *
 * handles the session stuff. creates session when no one exists, sets and gets values, and closes the session
 * properly (=logout). Not to forget the check if the user is logged in or not.
 */
class Session
{
    /**
     * starts the session
     */
    public static function init()
    {
        // if no session exist, start the session
        if (session_id() == '') {
            session_start();
        }
    }

    /**
     * sets a specific value to a specific key of the session
     *
     * @param mixed $key key
     * @param mixed $value value
     */
    public static function set($key, $value)
    {
        $_SESSION[$key] = $value;
    }

    /**
     * gets/returns the value of a specific key of the session
     *
     * @param mixed $key Usually a string, right ?
     * @return mixed the key's value or nothing
     */
    public static function get($key)
    {
        if (isset($_SESSION[$key])) {
            $value = $_SESSION[$key];

            // filter the value for XSS vulnerabilities
            return Filter::XSSFilter($value);
        }
    }

    /**
     * adds a value as a new array element to the key.
     * useful for collecting error messages etc
     *
     * @param mixed $key
     * @param mixed $value
     */
    public static function add($key, $value)
    {
        $_SESSION[$key][] = $value;
    }

    /**
     * deletes the session (= logs the user out)
     */
    public static function destroy()
    {
        session_destroy();
    }

    /**
     * update session id in database
     *
     * @access public
     * @static static method
     * @param  string $userId
     * @param  string $sessionId
     */
    public static function updateSessionId($userId, $sessionId = null)
    {
        $database = DatabaseFactory::getFactory()->getConnection();
        $sql = "UPDATE users SET session_id = :session_id WHERE user_id = :user_id";

        $query = $database->prepare($sql);
        $query->execute(array(':session_id' => $sessionId, ":user_id" => $userId));
    }

    /**
     * checks for session concurrency
     *
     * This is done as the following:
     * UserA logs in with his session id('123') and it will be stored in the database.
     * Then, UserB logs in also using the same email and password of UserA from another PC,
     * and also store the session id('456') in the database
     *
     * Now, Whenever UserA performs any action,
     * You then check the session_id() against the last one stored in the database('456'),
     * If they don't match then log both of them out.
     *
     * @access public
     * @static static method
     * @return bool
     * @see Session::updateSessionId()
     * @see http://stackoverflow.com/questions/6126285/php-stop-concurrent-user-logins
     */
    public static function isConcurrentSessionExists()
    {
        $session_id = session_id();
        $userId     = Session::get('user_id');

        if (isset($userId) && isset($session_id)) {

            $database = DatabaseFactory::getFactory()->getConnection();
            $sql = "SELECT session_id FROM users WHERE user_id = :user_id LIMIT 1";

            $query = $database->prepare($sql);
            $query->execute(array(":user_id" => $userId));

            $result = $query->fetch();
            $userSessionId = !empty($result)? $result->session_id: null;

            return $session_id !== $userSessionId;
        }

        return false;
    }

    /**
     * Checks if the user is logged in or not
     *
     * @return bool user's login status
     */
    public static function userIsLoggedIn()
    {
        return (self::get('user_logged_in') ? true : false);
    }
}


1			<?php
2
3			/**
4			* Session class
5			*
6			* handles the session stuff. creates session when no one exists, sets and gets values, and closes the session
7			* properly (=logout). Not to forget the check if the user is logged in or not.
8			*/
9			class Session
10			{
11			/**
12			* starts the session
13			*/
14			public static function init()
15			{
16			// if no session exist, start the session
17			if (session_id() == '') {
18			session_start();
19			}
20			}
21
22			/**
23			* sets a specific value to a specific key of the session
24			*
25			* @param mixed $key key
26			* @param mixed $value value
27			*/
28			public static function set($key, $value)
29			{
30			$_SESSION[$key] = $value;
31			}
32
33			/**
34			* gets/returns the value of a specific key of the session
35			*
36			* @param mixed $key Usually a string, right ?
37			* @return mixed the key's value or nothing
38			*/
39			public static function get($key)
40			{
41			if (isset($_SESSION[$key])) {
42			$value = $_SESSION[$key];
43
44			// filter the value for XSS vulnerabilities
45			return Filter::XSSFilter($value);
46			}
47			}
48
49			/**
50			* adds a value as a new array element to the key.
51			* useful for collecting error messages etc
52			*
53			* @param mixed $key
54			* @param mixed $value
55			*/
56			public static function add($key, $value)
57			{
58			$_SESSION[$key][] = $value;
59			}
60
61			/**
62			* deletes the session (= logs the user out)
63			*/
64			public static function destroy()
65			{
66			session_destroy();
67			}
68
69			/**
70			* update session id in database
71			*
72			* @access public
73			* @static static method
74			* @param string $userId
75			* @param string $sessionId
76			*/
77			public static function updateSessionId($userId, $sessionId = null)
78			{
79			$database = DatabaseFactory::getFactory()->getConnection();
80			$sql = "UPDATE users SET session_id = :session_id WHERE user_id = :user_id";
81
82			$query = $database->prepare($sql);
83			$query->execute(array(':session_id' => $sessionId, ":user_id" => $userId));
84			}
85
86			/**
87			* checks for session concurrency
88			*
89			* This is done as the following:
90			* UserA logs in with his session id('123') and it will be stored in the database.
91			* Then, UserB logs in also using the same email and password of UserA from another PC,
92			* and also store the session id('456') in the database
93			*
94			* Now, Whenever UserA performs any action,
95			* You then check the session_id() against the last one stored in the database('456'),
96			* If they don't match then log both of them out.
97			*
98			* @access public
99			* @static static method
100			* @return bool
101			* @see Session::updateSessionId()
102			* @see http://stackoverflow.com/questions/6126285/php-stop-concurrent-user-logins
103			*/
104			public static function isConcurrentSessionExists()
105			{
106			$session_id = session_id();
107			$userId = Session::get('user_id');
108
109			if (isset($userId) && isset($session_id)) {
110
111			$database = DatabaseFactory::getFactory()->getConnection();
112			$sql = "SELECT session_id FROM users WHERE user_id = :user_id LIMIT 1";
113
114			$query = $database->prepare($sql);
115			$query->execute(array(":user_id" => $userId));
116
117			$result = $query->fetch();
118			$userSessionId = !empty($result)? $result->session_id: null;
119
120			return $session_id !== $userSessionId;
121			}
122
123			return false;
124			}
125
126			/**
127			* Checks if the user is logged in or not
128			*
129			* @return bool user's login status
130			*/
131			public static function userIsLoggedIn()
132			{
133			return (self::get('user_logged_in') ? true : false);
134			}
135			}
136

panique / huge

GitHub Access Token became invalid

Session::isConcurrentSessionExists() A last analyzed 2020-05-13 16:02 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

Session::isConcurrentSessionExists() A
last analyzed 2020-05-13 16:02 UTC