Completed
Push — master ( 360150...a544b6 )
by Damian
686:40
created
code/HybridSessionStore.php 3 patches
Doc Comments   +8 added lines, -5 removed lines patch added patch discarded remove patch
@@ -54,8 +54,8 @@  discard block
 block discarded – undo
54 54
 	private $saltedKey;
55 55
 
56 56
 	/**
57
-	 * @param $key a per-site secret string which is used as the base encryption key.
58
-	 * @param $salt a per-session random string which is used as a salt to generate a per-session key
57
+	 * @param string $key a per-site secret string which is used as the base encryption key.
58
+	 * @param string $salt a per-session random string which is used as a salt to generate a per-session key
59 59
 	 *
60 60
 	 * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session,
61 61
 	 * and even modify & re-sign it.
@@ -79,7 +79,7 @@  discard block
 block discarded – undo
79 79
 	/**
80 80
 	 * Encrypt and then sign some cleartext
81 81
 	 *
82
-	 * @param $cleartext - The cleartext to encrypt and sign
82
+	 * @param string $cleartext - The cleartext to encrypt and sign
83 83
 	 * @return string - The encrypted-and-signed message as base64 ASCII.
84 84
 	 */
85 85
 	public function encrypt($cleartext) {
@@ -101,8 +101,8 @@  discard block
 block discarded – undo
101 101
 	/**
102 102
 	 * Check the signature on an encrypted-and-signed message, and if valid decrypt the content
103 103
 	 *
104
-	 * @param $data - The encrypted-and-signed message as base64 ASCII
105
-	 * @return bool|string - The decrypted cleartext or false if signature failed
104
+	 * @param string $data - The encrypted-and-signed message as base64 ASCII
105
+	 * @return string|false - The decrypted cleartext or false if signature failed
106 106
 	 */
107 107
 	public function decrypt($data) {
108 108
 		$data = base64_decode($data);
@@ -422,6 +422,9 @@  discard block
 block discarded – undo
422 422
 		$this->setKey($this->getKey());
423 423
 	}
424 424
 
425
+	/**
426
+	 * @param string $key
427
+	 */
425 428
 	public function setKey($key) {
426 429
 		parent::setKey($key);
427 430
 		foreach($this->handlers as $handler) {
Please login to merge, or discard this patch.
Spacing   +20 added lines, -20 removed lines patch added patch discarded remove patch
@@ -7,7 +7,7 @@  discard block
 block discarded – undo
7 7
  * Then, either way, add a new function "register_sessionhandler" which takes a SessionHandlerInterface and
8 8
  * registers it (including registering session_write_close as a shutdown function)
9 9
  */
10
-if(!interface_exists('SessionHandlerInterface')) {
10
+if (!interface_exists('SessionHandlerInterface')) {
11 11
 	interface SessionHandlerInterface {
12 12
 		/* Methods */
13 13
 		public function close();
@@ -19,7 +19,7 @@  discard block
 block discarded – undo
19 19
 	}
20 20
 }
21 21
 
22
-if(version_compare(PHP_VERSION, '5.4.0', '<')) {
22
+if (version_compare(PHP_VERSION, '5.4.0', '<')) {
23 23
 	function register_sessionhandler($handler) {
24 24
 		session_set_save_handler(
25 25
 			array($handler, 'open'),
@@ -95,7 +95,7 @@  discard block
 block discarded – undo
95 95
 
96 96
 		$hash = hash_hmac('sha256', $enc, $this->saltedKey);
97 97
 
98
-		return base64_encode($iv.$hash.$enc);
98
+		return base64_encode($iv . $hash . $enc);
99 99
 	}
100 100
 
101 101
 	/**
@@ -161,8 +161,8 @@  discard block
 block discarded – undo
161 161
 	 */
162 162
 	protected function getLifetime() {
163 163
 		$params = session_get_cookie_params();
164
-		$cookieLifetime = (int)$params['lifetime'];
165
-		$gcLifetime = (int)ini_get('session.gc_maxlifetime');
164
+		$cookieLifetime = (int) $params['lifetime'];
165
+		$gcLifetime = (int) ini_get('session.gc_maxlifetime');
166 166
 		return $cookieLifetime ? min($cookieLifetime, $gcLifetime) : $gcLifetime;
167 167
 	}
168 168
 
@@ -172,7 +172,7 @@  discard block
 block discarded – undo
172 172
 	 * @return int
173 173
 	 */
174 174
 	protected function getNow() {
175
-		return (int)SS_Datetime::now()->Format('U');
175
+		return (int) SS_Datetime::now()->Format('U');
176 176
 	}
177 177
 }
178 178
 
@@ -227,7 +227,7 @@  discard block
 block discarded – undo
227 227
 	protected $currentCookieData;
228 228
 
229 229
 	public function open($save_path, $name) {
230
-		$this->cookie = $name.'_2';
230
+		$this->cookie = $name . '_2';
231 231
 		// Read the incoming value, then clear the cookie - we might not be able
232 232
 		// to do so later if write() is called after headers are sent
233 233
 		// This is intended to force a failover to the database store if the
@@ -247,7 +247,7 @@  discard block
 block discarded – undo
247 247
 	 */
248 248
 	protected function getCrypto($session_id) {
249 249
 		$key = $this->getKey();
250
-		if(!$key) return null;
250
+		if (!$key) return null;
251 251
 		if (!$this->crypto || $this->crypto->salt != $session_id) {
252 252
 			$this->crypto = new HybridSessionStore_Crypto($key, $session_id);
253 253
 		}
@@ -256,7 +256,7 @@  discard block
 block discarded – undo
256 256
 
257 257
 	public function read($session_id) {
258 258
 		// Check ability to safely decrypt content
259
-		if(!$this->currentCookieData
259
+		if (!$this->currentCookieData
260 260
 			|| !($crypto = $this->getCrypto($session_id))
261 261
 		) return;
262 262
 
@@ -266,7 +266,7 @@  discard block
 block discarded – undo
266 266
 
267 267
 		// Verify expiration
268 268
 		if ($cookieData) {
269
-			$expiry = (int)substr($cookieData, 0, 10);
269
+			$expiry = (int) substr($cookieData, 0, 10);
270 270
 			$data = substr($cookieData, 10);
271 271
 
272 272
 			if ($expiry > $this->getNow()) return $data;
@@ -284,7 +284,7 @@  discard block
 block discarded – undo
284 284
 
285 285
 	public function write($session_id, $session_data) {
286 286
 		// Check ability to safely encrypt and write content
287
-		if(!$this->canWrite()
287
+		if (!$this->canWrite()
288 288
 			|| (strlen($session_data) > Config::inst()->get(__CLASS__, 'max_length'))
289 289
 			|| !($crypto = $this->getCrypto($session_id))
290 290
 		) return false;
@@ -301,7 +301,7 @@  discard block
 block discarded – undo
301 301
 		);
302 302
 
303 303
 		// Respect auto-expire on browser close for the session cookie (in case the cookie lifetime is zero)
304
-		$cookieLifetime = min((int)$params['lifetime'], $lifetime);
304
+		$cookieLifetime = min((int) $params['lifetime'], $lifetime);
305 305
 		Cookie::set(
306 306
 			$this->cookie,
307 307
 			$this->currentCookieData,
@@ -335,7 +335,7 @@  discard block
 block discarded – undo
335 335
 	 */
336 336
 	protected function isDatabaseReady() {
337 337
 		// Such as during setup of testsession prior to DB connection.
338
-		if(!DB::isActive()) return false;
338
+		if (!DB::isActive()) return false;
339 339
 
340 340
 		// If we have a DB of the wrong type then complain
341 341
 		if (!(DB::getConn() instanceof MySQLDatabase)) {
@@ -353,7 +353,7 @@  discard block
 block discarded – undo
353 353
 	}
354 354
 
355 355
 	public function read($session_id) {
356
-		if(!$this->isDatabaseReady()) return null;
356
+		if (!$this->isDatabaseReady()) return null;
357 357
 
358 358
 		$result = DB::query(sprintf(
359 359
 			'SELECT "Data" FROM "HybridSessionDataObject"
@@ -369,7 +369,7 @@  discard block
 block discarded – undo
369 369
 	}
370 370
 
371 371
 	public function write($session_id, $session_data) {
372
-		if(!$this->isDatabaseReady()) return false;
372
+		if (!$this->isDatabaseReady()) return false;
373 373
 
374 374
 		$expiry = $this->getNow() + $this->getLifetime();
375 375
 		DB::query($str = sprintf(
@@ -389,7 +389,7 @@  discard block
 block discarded – undo
389 389
 	}
390 390
 
391 391
 	public function gc($maxlifetime) {
392
-		if(!$this->isDatabaseReady()) return;
392
+		if (!$this->isDatabaseReady()) return;
393 393
 		DB::query(sprintf(
394 394
 			'DELETE FROM "HybridSessionDataObject" WHERE "Expiry" < %u',
395 395
 			$this->getNow()
@@ -424,7 +424,7 @@  discard block
 block discarded – undo
424 424
 
425 425
 	public function setKey($key) {
426 426
 		parent::setKey($key);
427
-		foreach($this->handlers as $handler) {
427
+		foreach ($this->handlers as $handler) {
428 428
 			$handler->setKey($key);
429 429
 		}
430 430
 	}
@@ -444,7 +444,7 @@  discard block
 block discarded – undo
444 444
 		return true;
445 445
 	}
446 446
 
447
-	public function close(){
447
+	public function close() {
448 448
 		foreach ($this->handlers as $handler) {
449 449
 			$handler->close();
450 450
 		}
@@ -485,7 +485,7 @@  discard block
 block discarded – undo
485 485
 	 */
486 486
 	public static function init($key = null) {
487 487
 		$instance = Injector::inst()->get(__CLASS__);
488
-		if(empty($key)) {
488
+		if (empty($key)) {
489 489
 			user_error(
490 490
 				'HybridSessionStore::init() was not given a $key. Disabling cookie-based storage',
491 491
 				E_USER_WARNING
@@ -508,7 +508,7 @@  discard block
 block discarded – undo
508 508
 	}
509 509
 
510 510
 	public function postRequest(SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model) {
511
-		if(HybridSessionStore::is_enabled()) {
511
+		if (HybridSessionStore::is_enabled()) {
512 512
 			session_write_close();
513 513
 		}
514 514
 	}
Please login to merge, or discard this patch.
Braces   +37 added lines, -14 removed lines patch added patch discarded remove patch
@@ -32,8 +32,7 @@  discard block
 block discarded – undo
32 32
 
33 33
 		register_shutdown_function('session_write_close');
34 34
 	}
35
-}
36
-else {
35
+} else {
37 36
 	function register_sessionhandler($handler) {
38 37
 		session_set_save_handler($handler, true);
39 38
 	}
@@ -122,7 +121,9 @@  discard block
 block discarded – undo
122 121
 		// Needs to be after decrypt so it always runs, to avoid timing attack
123 122
 		$gen_hash = hash_hmac('sha256', $enc, $this->saltedKey);
124 123
 
125
-		if ($gen_hash == $hash) return $cleartext;
124
+		if ($gen_hash == $hash) {
125
+			return $cleartext;
126
+		}
126 127
 		return false;
127 128
 	}
128 129
 }
@@ -233,7 +234,9 @@  discard block
 block discarded – undo
233 234
 		// This is intended to force a failover to the database store if the
234 235
 		// modified session cannot be emitted.
235 236
 		$this->currentCookieData = Cookie::get($this->cookie);
236
-		if ($this->currentCookieData) Cookie::set($this->cookie, '');
237
+		if ($this->currentCookieData) {
238
+			Cookie::set($this->cookie, '');
239
+		}
237 240
 	}
238 241
 
239 242
 	public function close() {
@@ -247,7 +250,9 @@  discard block
 block discarded – undo
247 250
 	 */
248 251
 	protected function getCrypto($session_id) {
249 252
 		$key = $this->getKey();
250
-		if(!$key) return null;
253
+		if(!$key) {
254
+			return null;
255
+		}
251 256
 		if (!$this->crypto || $this->crypto->salt != $session_id) {
252 257
 			$this->crypto = new HybridSessionStore_Crypto($key, $session_id);
253 258
 		}
@@ -258,7 +263,9 @@  discard block
 block discarded – undo
258 263
 		// Check ability to safely decrypt content
259 264
 		if(!$this->currentCookieData
260 265
 			|| !($crypto = $this->getCrypto($session_id))
261
-		) return;
266
+		) {
267
+			return;
268
+		}
262 269
 
263 270
 		// Decrypt and invalidate old data
264 271
 		$cookieData = $crypto->decrypt($this->currentCookieData);
@@ -269,7 +276,9 @@  discard block
 block discarded – undo
269 276
 			$expiry = (int)substr($cookieData, 0, 10);
270 277
 			$data = substr($cookieData, 10);
271 278
 
272
-			if ($expiry > $this->getNow()) return $data;
279
+			if ($expiry > $this->getNow()) {
280
+				return $data;
281
+			}
273 282
 		}
274 283
 	}
275 284
 
@@ -287,7 +296,9 @@  discard block
 block discarded – undo
287 296
 		if(!$this->canWrite()
288 297
 			|| (strlen($session_data) > Config::inst()->get(__CLASS__, 'max_length'))
289 298
 			|| !($crypto = $this->getCrypto($session_id))
290
-		) return false;
299
+		) {
300
+			return false;
301
+		}
291 302
 
292 303
 		// Prepare content for write
293 304
 		$params = session_get_cookie_params();
@@ -335,7 +346,9 @@  discard block
 block discarded – undo
335 346
 	 */
336 347
 	protected function isDatabaseReady() {
337 348
 		// Such as during setup of testsession prior to DB connection.
338
-		if(!DB::isActive()) return false;
349
+		if(!DB::isActive()) {
350
+			return false;
351
+		}
339 352
 
340 353
 		// If we have a DB of the wrong type then complain
341 354
 		if (!(DB::getConn() instanceof MySQLDatabase)) {
@@ -353,7 +366,9 @@  discard block
 block discarded – undo
353 366
 	}
354 367
 
355 368
 	public function read($session_id) {
356
-		if(!$this->isDatabaseReady()) return null;
369
+		if(!$this->isDatabaseReady()) {
370
+			return null;
371
+		}
357 372
 
358 373
 		$result = DB::query(sprintf(
359 374
 			'SELECT "Data" FROM "HybridSessionDataObject"
@@ -369,7 +384,9 @@  discard block
 block discarded – undo
369 384
 	}
370 385
 
371 386
 	public function write($session_id, $session_data) {
372
-		if(!$this->isDatabaseReady()) return false;
387
+		if(!$this->isDatabaseReady()) {
388
+			return false;
389
+		}
373 390
 
374 391
 		$expiry = $this->getNow() + $this->getLifetime();
375 392
 		DB::query($str = sprintf(
@@ -389,7 +406,9 @@  discard block
 block discarded – undo
389 406
 	}
390 407
 
391 408
 	public function gc($maxlifetime) {
392
-		if(!$this->isDatabaseReady()) return;
409
+		if(!$this->isDatabaseReady()) {
410
+			return;
411
+		}
393 412
 		DB::query(sprintf(
394 413
 			'DELETE FROM "HybridSessionDataObject" WHERE "Expiry" < %u',
395 414
 			$this->getNow()
@@ -454,7 +473,9 @@  discard block
 block discarded – undo
454 473
 
455 474
 	public function read($session_id) {
456 475
 		foreach ($this->handlers as $handler) {
457
-			if ($data = $handler->read($session_id)) return $data;
476
+			if ($data = $handler->read($session_id)) {
477
+				return $data;
478
+			}
458 479
 		}
459 480
 
460 481
 		return '';
@@ -462,7 +483,9 @@  discard block
 block discarded – undo
462 483
 
463 484
 	public function write($session_id, $session_data) {
464 485
 		foreach ($this->handlers as $handler) {
465
-			if ($handler->write($session_id, $session_data)) return;
486
+			if ($handler->write($session_id, $session_data)) {
487
+				return;
488
+			}
466 489
 		}
467 490
 	}
468 491
 
Please login to merge, or discard this patch.