silverstripe /
silverstripe-hybridsessions
@@ -54,8 +54,8 @@ discard block |
||
| 54 | 54 | private $saltedKey; |
| 55 | 55 | |
| 56 | 56 | /** |
| 57 | - * @param $key a per-site secret string which is used as the base encryption key. |
|
| 58 | - * @param $salt a per-session random string which is used as a salt to generate a per-session key |
|
| 57 | + * @param string $key a per-site secret string which is used as the base encryption key. |
|
| 58 | + * @param string $salt a per-session random string which is used as a salt to generate a per-session key |
|
| 59 | 59 | * |
| 60 | 60 | * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session, |
| 61 | 61 | * and even modify & re-sign it. |
@@ -79,7 +79,7 @@ discard block |
||
| 79 | 79 | /** |
| 80 | 80 | * Encrypt and then sign some cleartext |
| 81 | 81 | * |
| 82 | - * @param $cleartext - The cleartext to encrypt and sign |
|
| 82 | + * @param string $cleartext - The cleartext to encrypt and sign |
|
| 83 | 83 | * @return string - The encrypted-and-signed message as base64 ASCII. |
| 84 | 84 | */ |
| 85 | 85 | public function encrypt($cleartext) { |
@@ -101,8 +101,8 @@ discard block |
||
| 101 | 101 | /** |
| 102 | 102 | * Check the signature on an encrypted-and-signed message, and if valid decrypt the content |
| 103 | 103 | * |
| 104 | - * @param $data - The encrypted-and-signed message as base64 ASCII |
|
| 105 | - * @return bool|string - The decrypted cleartext or false if signature failed |
|
| 104 | + * @param string $data - The encrypted-and-signed message as base64 ASCII |
|
| 105 | + * @return string|false - The decrypted cleartext or false if signature failed |
|
| 106 | 106 | */ |
| 107 | 107 | public function decrypt($data) { |
| 108 | 108 | $data = base64_decode($data); |
@@ -422,6 +422,9 @@ discard block |
||
| 422 | 422 | $this->setKey($this->getKey()); |
| 423 | 423 | } |
| 424 | 424 | |
| 425 | + /** |
|
| 426 | + * @param string $key |
|
| 427 | + */ |
|
| 425 | 428 | public function setKey($key) { |
| 426 | 429 | parent::setKey($key); |
| 427 | 430 | foreach($this->handlers as $handler) { |
@@ -7,7 +7,7 @@ discard block |
||
| 7 | 7 | * Then, either way, add a new function "register_sessionhandler" which takes a SessionHandlerInterface and |
| 8 | 8 | * registers it (including registering session_write_close as a shutdown function) |
| 9 | 9 | */ |
| 10 | -if(!interface_exists('SessionHandlerInterface')) { |
|
| 10 | +if (!interface_exists('SessionHandlerInterface')) { |
|
| 11 | 11 | interface SessionHandlerInterface { |
| 12 | 12 | /* Methods */ |
| 13 | 13 | public function close(); |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | } |
| 20 | 20 | } |
| 21 | 21 | |
| 22 | -if(version_compare(PHP_VERSION, '5.4.0', '<')) { |
|
| 22 | +if (version_compare(PHP_VERSION, '5.4.0', '<')) { |
|
| 23 | 23 | function register_sessionhandler($handler) { |
| 24 | 24 | session_set_save_handler( |
| 25 | 25 | array($handler, 'open'), |
@@ -95,7 +95,7 @@ discard block |
||
| 95 | 95 | |
| 96 | 96 | $hash = hash_hmac('sha256', $enc, $this->saltedKey); |
| 97 | 97 | |
| 98 | - return base64_encode($iv.$hash.$enc); |
|
| 98 | + return base64_encode($iv . $hash . $enc); |
|
| 99 | 99 | } |
| 100 | 100 | |
| 101 | 101 | /** |
@@ -161,8 +161,8 @@ discard block |
||
| 161 | 161 | */ |
| 162 | 162 | protected function getLifetime() { |
| 163 | 163 | $params = session_get_cookie_params(); |
| 164 | - $cookieLifetime = (int)$params['lifetime']; |
|
| 165 | - $gcLifetime = (int)ini_get('session.gc_maxlifetime'); |
|
| 164 | + $cookieLifetime = (int) $params['lifetime']; |
|
| 165 | + $gcLifetime = (int) ini_get('session.gc_maxlifetime'); |
|
| 166 | 166 | return $cookieLifetime ? min($cookieLifetime, $gcLifetime) : $gcLifetime; |
| 167 | 167 | } |
| 168 | 168 | |
@@ -172,7 +172,7 @@ discard block |
||
| 172 | 172 | * @return int |
| 173 | 173 | */ |
| 174 | 174 | protected function getNow() { |
| 175 | - return (int)SS_Datetime::now()->Format('U'); |
|
| 175 | + return (int) SS_Datetime::now()->Format('U'); |
|
| 176 | 176 | } |
| 177 | 177 | } |
| 178 | 178 | |
@@ -227,7 +227,7 @@ discard block |
||
| 227 | 227 | protected $currentCookieData; |
| 228 | 228 | |
| 229 | 229 | public function open($save_path, $name) { |
| 230 | - $this->cookie = $name.'_2'; |
|
| 230 | + $this->cookie = $name . '_2'; |
|
| 231 | 231 | // Read the incoming value, then clear the cookie - we might not be able |
| 232 | 232 | // to do so later if write() is called after headers are sent |
| 233 | 233 | // This is intended to force a failover to the database store if the |
@@ -247,7 +247,7 @@ discard block |
||
| 247 | 247 | */ |
| 248 | 248 | protected function getCrypto($session_id) { |
| 249 | 249 | $key = $this->getKey(); |
| 250 | - if(!$key) return null; |
|
| 250 | + if (!$key) return null; |
|
| 251 | 251 | if (!$this->crypto || $this->crypto->salt != $session_id) { |
| 252 | 252 | $this->crypto = new HybridSessionStore_Crypto($key, $session_id); |
| 253 | 253 | } |
@@ -256,7 +256,7 @@ discard block |
||
| 256 | 256 | |
| 257 | 257 | public function read($session_id) { |
| 258 | 258 | // Check ability to safely decrypt content |
| 259 | - if(!$this->currentCookieData |
|
| 259 | + if (!$this->currentCookieData |
|
| 260 | 260 | || !($crypto = $this->getCrypto($session_id)) |
| 261 | 261 | ) return; |
| 262 | 262 | |
@@ -266,7 +266,7 @@ discard block |
||
| 266 | 266 | |
| 267 | 267 | // Verify expiration |
| 268 | 268 | if ($cookieData) { |
| 269 | - $expiry = (int)substr($cookieData, 0, 10); |
|
| 269 | + $expiry = (int) substr($cookieData, 0, 10); |
|
| 270 | 270 | $data = substr($cookieData, 10); |
| 271 | 271 | |
| 272 | 272 | if ($expiry > $this->getNow()) return $data; |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | |
| 285 | 285 | public function write($session_id, $session_data) { |
| 286 | 286 | // Check ability to safely encrypt and write content |
| 287 | - if(!$this->canWrite() |
|
| 287 | + if (!$this->canWrite() |
|
| 288 | 288 | || (strlen($session_data) > Config::inst()->get(__CLASS__, 'max_length')) |
| 289 | 289 | || !($crypto = $this->getCrypto($session_id)) |
| 290 | 290 | ) return false; |
@@ -301,7 +301,7 @@ discard block |
||
| 301 | 301 | ); |
| 302 | 302 | |
| 303 | 303 | // Respect auto-expire on browser close for the session cookie (in case the cookie lifetime is zero) |
| 304 | - $cookieLifetime = min((int)$params['lifetime'], $lifetime); |
|
| 304 | + $cookieLifetime = min((int) $params['lifetime'], $lifetime); |
|
| 305 | 305 | Cookie::set( |
| 306 | 306 | $this->cookie, |
| 307 | 307 | $this->currentCookieData, |
@@ -335,7 +335,7 @@ discard block |
||
| 335 | 335 | */ |
| 336 | 336 | protected function isDatabaseReady() { |
| 337 | 337 | // Such as during setup of testsession prior to DB connection. |
| 338 | - if(!DB::isActive()) return false; |
|
| 338 | + if (!DB::isActive()) return false; |
|
| 339 | 339 | |
| 340 | 340 | // If we have a DB of the wrong type then complain |
| 341 | 341 | if (!(DB::getConn() instanceof MySQLDatabase)) { |
@@ -353,7 +353,7 @@ discard block |
||
| 353 | 353 | } |
| 354 | 354 | |
| 355 | 355 | public function read($session_id) { |
| 356 | - if(!$this->isDatabaseReady()) return null; |
|
| 356 | + if (!$this->isDatabaseReady()) return null; |
|
| 357 | 357 | |
| 358 | 358 | $result = DB::query(sprintf( |
| 359 | 359 | 'SELECT "Data" FROM "HybridSessionDataObject" |
@@ -369,7 +369,7 @@ discard block |
||
| 369 | 369 | } |
| 370 | 370 | |
| 371 | 371 | public function write($session_id, $session_data) { |
| 372 | - if(!$this->isDatabaseReady()) return false; |
|
| 372 | + if (!$this->isDatabaseReady()) return false; |
|
| 373 | 373 | |
| 374 | 374 | $expiry = $this->getNow() + $this->getLifetime(); |
| 375 | 375 | DB::query($str = sprintf( |
@@ -389,7 +389,7 @@ discard block |
||
| 389 | 389 | } |
| 390 | 390 | |
| 391 | 391 | public function gc($maxlifetime) { |
| 392 | - if(!$this->isDatabaseReady()) return; |
|
| 392 | + if (!$this->isDatabaseReady()) return; |
|
| 393 | 393 | DB::query(sprintf( |
| 394 | 394 | 'DELETE FROM "HybridSessionDataObject" WHERE "Expiry" < %u', |
| 395 | 395 | $this->getNow() |
@@ -424,7 +424,7 @@ discard block |
||
| 424 | 424 | |
| 425 | 425 | public function setKey($key) { |
| 426 | 426 | parent::setKey($key); |
| 427 | - foreach($this->handlers as $handler) { |
|
| 427 | + foreach ($this->handlers as $handler) { |
|
| 428 | 428 | $handler->setKey($key); |
| 429 | 429 | } |
| 430 | 430 | } |
@@ -444,7 +444,7 @@ discard block |
||
| 444 | 444 | return true; |
| 445 | 445 | } |
| 446 | 446 | |
| 447 | - public function close(){ |
|
| 447 | + public function close() { |
|
| 448 | 448 | foreach ($this->handlers as $handler) { |
| 449 | 449 | $handler->close(); |
| 450 | 450 | } |
@@ -485,7 +485,7 @@ discard block |
||
| 485 | 485 | */ |
| 486 | 486 | public static function init($key = null) { |
| 487 | 487 | $instance = Injector::inst()->get(__CLASS__); |
| 488 | - if(empty($key)) { |
|
| 488 | + if (empty($key)) { |
|
| 489 | 489 | user_error( |
| 490 | 490 | 'HybridSessionStore::init() was not given a $key. Disabling cookie-based storage', |
| 491 | 491 | E_USER_WARNING |
@@ -508,7 +508,7 @@ discard block |
||
| 508 | 508 | } |
| 509 | 509 | |
| 510 | 510 | public function postRequest(SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model) { |
| 511 | - if(HybridSessionStore::is_enabled()) { |
|
| 511 | + if (HybridSessionStore::is_enabled()) { |
|
| 512 | 512 | session_write_close(); |
| 513 | 513 | } |
| 514 | 514 | } |
@@ -32,8 +32,7 @@ discard block |
||
| 32 | 32 | |
| 33 | 33 | register_shutdown_function('session_write_close'); |
| 34 | 34 | } |
| 35 | -} |
|
| 36 | -else { |
|
| 35 | +} else { |
|
| 37 | 36 | function register_sessionhandler($handler) { |
| 38 | 37 | session_set_save_handler($handler, true); |
| 39 | 38 | } |
@@ -122,7 +121,9 @@ discard block |
||
| 122 | 121 | // Needs to be after decrypt so it always runs, to avoid timing attack |
| 123 | 122 | $gen_hash = hash_hmac('sha256', $enc, $this->saltedKey); |
| 124 | 123 | |
| 125 | - if ($gen_hash == $hash) return $cleartext; |
|
| 124 | + if ($gen_hash == $hash) { |
|
| 125 | + return $cleartext; |
|
| 126 | + } |
|
| 126 | 127 | return false; |
| 127 | 128 | } |
| 128 | 129 | } |
@@ -233,7 +234,9 @@ discard block |
||
| 233 | 234 | // This is intended to force a failover to the database store if the |
| 234 | 235 | // modified session cannot be emitted. |
| 235 | 236 | $this->currentCookieData = Cookie::get($this->cookie); |
| 236 | - if ($this->currentCookieData) Cookie::set($this->cookie, ''); |
|
| 237 | + if ($this->currentCookieData) { |
|
| 238 | + Cookie::set($this->cookie, ''); |
|
| 239 | + } |
|
| 237 | 240 | } |
| 238 | 241 | |
| 239 | 242 | public function close() { |
@@ -247,7 +250,9 @@ discard block |
||
| 247 | 250 | */ |
| 248 | 251 | protected function getCrypto($session_id) { |
| 249 | 252 | $key = $this->getKey(); |
| 250 | - if(!$key) return null; |
|
| 253 | + if(!$key) { |
|
| 254 | + return null; |
|
| 255 | + } |
|
| 251 | 256 | if (!$this->crypto || $this->crypto->salt != $session_id) { |
| 252 | 257 | $this->crypto = new HybridSessionStore_Crypto($key, $session_id); |
| 253 | 258 | } |
@@ -258,7 +263,9 @@ discard block |
||
| 258 | 263 | // Check ability to safely decrypt content |
| 259 | 264 | if(!$this->currentCookieData |
| 260 | 265 | || !($crypto = $this->getCrypto($session_id)) |
| 261 | - ) return; |
|
| 266 | + ) { |
|
| 267 | + return; |
|
| 268 | + } |
|
| 262 | 269 | |
| 263 | 270 | // Decrypt and invalidate old data |
| 264 | 271 | $cookieData = $crypto->decrypt($this->currentCookieData); |
@@ -269,7 +276,9 @@ discard block |
||
| 269 | 276 | $expiry = (int)substr($cookieData, 0, 10); |
| 270 | 277 | $data = substr($cookieData, 10); |
| 271 | 278 | |
| 272 | - if ($expiry > $this->getNow()) return $data; |
|
| 279 | + if ($expiry > $this->getNow()) { |
|
| 280 | + return $data; |
|
| 281 | + } |
|
| 273 | 282 | } |
| 274 | 283 | } |
| 275 | 284 | |
@@ -287,7 +296,9 @@ discard block |
||
| 287 | 296 | if(!$this->canWrite() |
| 288 | 297 | || (strlen($session_data) > Config::inst()->get(__CLASS__, 'max_length')) |
| 289 | 298 | || !($crypto = $this->getCrypto($session_id)) |
| 290 | - ) return false; |
|
| 299 | + ) { |
|
| 300 | + return false; |
|
| 301 | + } |
|
| 291 | 302 | |
| 292 | 303 | // Prepare content for write |
| 293 | 304 | $params = session_get_cookie_params(); |
@@ -335,7 +346,9 @@ discard block |
||
| 335 | 346 | */ |
| 336 | 347 | protected function isDatabaseReady() { |
| 337 | 348 | // Such as during setup of testsession prior to DB connection. |
| 338 | - if(!DB::isActive()) return false; |
|
| 349 | + if(!DB::isActive()) { |
|
| 350 | + return false; |
|
| 351 | + } |
|
| 339 | 352 | |
| 340 | 353 | // If we have a DB of the wrong type then complain |
| 341 | 354 | if (!(DB::getConn() instanceof MySQLDatabase)) { |
@@ -353,7 +366,9 @@ discard block |
||
| 353 | 366 | } |
| 354 | 367 | |
| 355 | 368 | public function read($session_id) { |
| 356 | - if(!$this->isDatabaseReady()) return null; |
|
| 369 | + if(!$this->isDatabaseReady()) { |
|
| 370 | + return null; |
|
| 371 | + } |
|
| 357 | 372 | |
| 358 | 373 | $result = DB::query(sprintf( |
| 359 | 374 | 'SELECT "Data" FROM "HybridSessionDataObject" |
@@ -369,7 +384,9 @@ discard block |
||
| 369 | 384 | } |
| 370 | 385 | |
| 371 | 386 | public function write($session_id, $session_data) { |
| 372 | - if(!$this->isDatabaseReady()) return false; |
|
| 387 | + if(!$this->isDatabaseReady()) { |
|
| 388 | + return false; |
|
| 389 | + } |
|
| 373 | 390 | |
| 374 | 391 | $expiry = $this->getNow() + $this->getLifetime(); |
| 375 | 392 | DB::query($str = sprintf( |
@@ -389,7 +406,9 @@ discard block |
||
| 389 | 406 | } |
| 390 | 407 | |
| 391 | 408 | public function gc($maxlifetime) { |
| 392 | - if(!$this->isDatabaseReady()) return; |
|
| 409 | + if(!$this->isDatabaseReady()) { |
|
| 410 | + return; |
|
| 411 | + } |
|
| 393 | 412 | DB::query(sprintf( |
| 394 | 413 | 'DELETE FROM "HybridSessionDataObject" WHERE "Expiry" < %u', |
| 395 | 414 | $this->getNow() |
@@ -454,7 +473,9 @@ discard block |
||
| 454 | 473 | |
| 455 | 474 | public function read($session_id) { |
| 456 | 475 | foreach ($this->handlers as $handler) { |
| 457 | - if ($data = $handler->read($session_id)) return $data; |
|
| 476 | + if ($data = $handler->read($session_id)) { |
|
| 477 | + return $data; |
|
| 478 | + } |
|
| 458 | 479 | } |
| 459 | 480 | |
| 460 | 481 | return ''; |
@@ -462,7 +483,9 @@ discard block |
||
| 462 | 483 | |
| 463 | 484 | public function write($session_id, $session_data) { |
| 464 | 485 | foreach ($this->handlers as $handler) { |
| 465 | - if ($handler->write($session_id, $session_data)) return; |
|
| 486 | + if ($handler->write($session_id, $session_data)) { |
|
| 487 | + return; |
|
| 488 | + } |
|
| 466 | 489 | } |
| 467 | 490 | } |
| 468 | 491 | |
