silverstripe /
silverstripe-hybridsessions
@@ -54,8 +54,8 @@ discard block |
||
| 54 | 54 | private $saltedKey; |
| 55 | 55 | |
| 56 | 56 | /** |
| 57 | - * @param $key a per-site secret string which is used as the base encryption key. |
|
| 58 | - * @param $salt a per-session random string which is used as a salt to generate a per-session key |
|
| 57 | + * @param string $key a per-site secret string which is used as the base encryption key. |
|
| 58 | + * @param string $salt a per-session random string which is used as a salt to generate a per-session key |
|
| 59 | 59 | * |
| 60 | 60 | * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session, |
| 61 | 61 | * and even modify & re-sign it. |
@@ -79,7 +79,7 @@ discard block |
||
| 79 | 79 | /** |
| 80 | 80 | * Encrypt and then sign some cleartext |
| 81 | 81 | * |
| 82 | - * @param $cleartext - The cleartext to encrypt and sign |
|
| 82 | + * @param string $cleartext - The cleartext to encrypt and sign |
|
| 83 | 83 | * @return string - The encrypted-and-signed message as base64 ASCII. |
| 84 | 84 | */ |
| 85 | 85 | public function encrypt($cleartext) { |
@@ -101,8 +101,8 @@ discard block |
||
| 101 | 101 | /** |
| 102 | 102 | * Check the signature on an encrypted-and-signed message, and if valid decrypt the content |
| 103 | 103 | * |
| 104 | - * @param $data - The encrypted-and-signed message as base64 ASCII |
|
| 105 | - * @return bool|string - The decrypted cleartext or false if signature failed |
|
| 104 | + * @param string $data - The encrypted-and-signed message as base64 ASCII |
|
| 105 | + * @return string|false - The decrypted cleartext or false if signature failed |
|
| 106 | 106 | */ |
| 107 | 107 | public function decrypt($data) { |
| 108 | 108 | $data = base64_decode($data); |
@@ -422,6 +422,9 @@ discard block |
||
| 422 | 422 | $this->setKey($this->getKey()); |
| 423 | 423 | } |
| 424 | 424 | |
| 425 | + /** |
|
| 426 | + * @param string $key |
|
| 427 | + */ |
|
| 425 | 428 | public function setKey($key) { |
| 426 | 429 | parent::setKey($key); |
| 427 | 430 | foreach($this->handlers as $handler) { |
@@ -7,7 +7,7 @@ discard block |
||
| 7 | 7 | * Then, either way, add a new function "register_sessionhandler" which takes a SessionHandlerInterface and |
| 8 | 8 | * registers it (including registering session_write_close as a shutdown function) |
| 9 | 9 | */ |
| 10 | -if(!interface_exists('SessionHandlerInterface')) { |
|
| 10 | +if (!interface_exists('SessionHandlerInterface')) { |
|
| 11 | 11 | interface SessionHandlerInterface { |
| 12 | 12 | /* Methods */ |
| 13 | 13 | public function close(); |
@@ -19,7 +19,7 @@ discard block |
||
| 19 | 19 | } |
| 20 | 20 | } |
| 21 | 21 | |
| 22 | -if(version_compare(PHP_VERSION, '5.4.0', '<')) { |
|
| 22 | +if (version_compare(PHP_VERSION, '5.4.0', '<')) { |
|
| 23 | 23 | function register_sessionhandler($handler) { |
| 24 | 24 | session_set_save_handler( |
| 25 | 25 | array($handler, 'open'), |
@@ -95,7 +95,7 @@ discard block |
||
| 95 | 95 | |
| 96 | 96 | $hash = hash_hmac('sha256', $enc, $this->saltedKey); |
| 97 | 97 | |
| 98 | - return base64_encode($iv.$hash.$enc); |
|
| 98 | + return base64_encode($iv . $hash . $enc); |
|
| 99 | 99 | } |
| 100 | 100 | |
| 101 | 101 | /** |
@@ -161,8 +161,8 @@ discard block |
||
| 161 | 161 | */ |
| 162 | 162 | protected function getLifetime() { |
| 163 | 163 | $params = session_get_cookie_params(); |
| 164 | - $cookieLifetime = (int)$params['lifetime']; |
|
| 165 | - $gcLifetime = (int)ini_get('session.gc_maxlifetime'); |
|
| 164 | + $cookieLifetime = (int) $params['lifetime']; |
|
| 165 | + $gcLifetime = (int) ini_get('session.gc_maxlifetime'); |
|
| 166 | 166 | return $cookieLifetime ? min($cookieLifetime, $gcLifetime) : $gcLifetime; |
| 167 | 167 | } |
| 168 | 168 | |
@@ -172,7 +172,7 @@ discard block |
||
| 172 | 172 | * @return int |
| 173 | 173 | */ |
| 174 | 174 | protected function getNow() { |
| 175 | - return (int)SS_Datetime::now()->Format('U'); |
|
| 175 | + return (int) SS_Datetime::now()->Format('U'); |
|
| 176 | 176 | } |
| 177 | 177 | } |
| 178 | 178 | |
@@ -227,7 +227,7 @@ discard block |
||
| 227 | 227 | protected $currentCookieData; |
| 228 | 228 | |
| 229 | 229 | public function open($save_path, $name) { |
| 230 | - $this->cookie = $name.'_2'; |
|
| 230 | + $this->cookie = $name . '_2'; |
|
| 231 | 231 | // Read the incoming value, then clear the cookie - we might not be able |
| 232 | 232 | // to do so later if write() is called after headers are sent |
| 233 | 233 | // This is intended to force a failover to the database store if the |
@@ -247,7 +247,7 @@ discard block |
||
| 247 | 247 | */ |
| 248 | 248 | protected function getCrypto($session_id) { |
| 249 | 249 | $key = $this->getKey(); |
| 250 | - if(!$key) return null; |
|
| 250 | + if (!$key) return null; |
|
| 251 | 251 | if (!$this->crypto || $this->crypto->salt != $session_id) { |
| 252 | 252 | $this->crypto = new HybridSessionStore_Crypto($key, $session_id); |
| 253 | 253 | } |
@@ -256,7 +256,7 @@ discard block |
||
| 256 | 256 | |
| 257 | 257 | public function read($session_id) { |
| 258 | 258 | // Check ability to safely decrypt content |
| 259 | - if(!$this->currentCookieData |
|
| 259 | + if (!$this->currentCookieData |
|
| 260 | 260 | || !($crypto = $this->getCrypto($session_id)) |
| 261 | 261 | ) return; |
| 262 | 262 | |
@@ -266,7 +266,7 @@ discard block |
||
| 266 | 266 | |
| 267 | 267 | // Verify expiration |
| 268 | 268 | if ($cookieData) { |
| 269 | - $expiry = (int)substr($cookieData, 0, 10); |
|
| 269 | + $expiry = (int) substr($cookieData, 0, 10); |
|
| 270 | 270 | $data = substr($cookieData, 10); |
| 271 | 271 | |
| 272 | 272 | if ($expiry > $this->getNow()) return $data; |
@@ -284,7 +284,7 @@ discard block |
||
| 284 | 284 | |
| 285 | 285 | public function write($session_id, $session_data) { |
| 286 | 286 | // Check ability to safely encrypt and write content |
| 287 | - if(!$this->canWrite() |
|
| 287 | + if (!$this->canWrite() |
|
| 288 | 288 | || (strlen($session_data) > Config::inst()->get(__CLASS__, 'max_length')) |
| 289 | 289 | || !($crypto = $this->getCrypto($session_id)) |
| 290 | 290 | ) return false; |
@@ -301,7 +301,7 @@ discard block |
||
| 301 | 301 | ); |
| 302 | 302 | |
| 303 | 303 | // Respect auto-expire on browser close for the session cookie (in case the cookie lifetime is zero) |
| 304 | - $cookieLifetime = min((int)$params['lifetime'], $lifetime); |
|
| 304 | + $cookieLifetime = min((int) $params['lifetime'], $lifetime); |
|
| 305 | 305 | Cookie::set( |
| 306 | 306 | $this->cookie, |
| 307 | 307 | $this->currentCookieData, |
@@ -335,7 +335,7 @@ discard block |
||
| 335 | 335 | */ |
| 336 | 336 | protected function isDatabaseReady() { |
| 337 | 337 | // Such as during setup of testsession prior to DB connection. |
| 338 | - if(!DB::isActive()) return false; |
|
| 338 | + if (!DB::isActive()) return false; |
|
| 339 | 339 | |
| 340 | 340 | // If we have a DB of the wrong type then complain |
| 341 | 341 | if (!(DB::getConn() instanceof MySQLDatabase)) { |
@@ -353,7 +353,7 @@ discard block |
||
| 353 | 353 | } |
| 354 | 354 | |
| 355 | 355 | public function read($session_id) { |
| 356 | - if(!$this->isDatabaseReady()) return null; |
|
| 356 | + if (!$this->isDatabaseReady()) return null; |
|
| 357 | 357 | |
| 358 | 358 | $result = DB::query(sprintf( |
| 359 | 359 | 'SELECT "Data" FROM "HybridSessionDataObject" |
@@ -369,7 +369,7 @@ discard block |
||
| 369 | 369 | } |
| 370 | 370 | |
| 371 | 371 | public function write($session_id, $session_data) { |
| 372 | - if(!$this->isDatabaseReady()) return false; |
|
| 372 | + if (!$this->isDatabaseReady()) return false; |
|
| 373 | 373 | |
| 374 | 374 | $expiry = $this->getNow() + $this->getLifetime(); |
| 375 | 375 | DB::query($str = sprintf( |
@@ -389,7 +389,7 @@ discard block |
||
| 389 | 389 | } |
| 390 | 390 | |
| 391 | 391 | public function gc($maxlifetime) { |
| 392 | - if(!$this->isDatabaseReady()) return; |
|
| 392 | + if (!$this->isDatabaseReady()) return; |
|
| 393 | 393 | DB::query(sprintf( |
| 394 | 394 | 'DELETE FROM "HybridSessionDataObject" WHERE "Expiry" < %u', |
| 395 | 395 | $this->getNow() |
@@ -424,7 +424,7 @@ discard block |
||
| 424 | 424 | |
| 425 | 425 | public function setKey($key) { |
| 426 | 426 | parent::setKey($key); |
| 427 | - foreach($this->handlers as $handler) { |
|
| 427 | + foreach ($this->handlers as $handler) { |
|
| 428 | 428 | $handler->setKey($key); |
| 429 | 429 | } |
| 430 | 430 | } |
@@ -444,7 +444,7 @@ discard block |
||
| 444 | 444 | return true; |
| 445 | 445 | } |
| 446 | 446 | |
| 447 | - public function close(){ |
|
| 447 | + public function close() { |
|
| 448 | 448 | foreach ($this->handlers as $handler) { |
| 449 | 449 | $handler->close(); |
| 450 | 450 | } |
@@ -485,7 +485,7 @@ discard block |
||
| 485 | 485 | */ |
| 486 | 486 | public static function init($key = null) { |
| 487 | 487 | $instance = Injector::inst()->get(__CLASS__); |
| 488 | - if(empty($key)) { |
|
| 488 | + if (empty($key)) { |
|
| 489 | 489 | user_error( |
| 490 | 490 | 'HybridSessionStore::init() was not given a $key. Disabling cookie-based storage', |
| 491 | 491 | E_USER_WARNING |
@@ -508,7 +508,7 @@ discard block |
||
| 508 | 508 | } |
| 509 | 509 | |
| 510 | 510 | public function postRequest(SS_HTTPRequest $request, SS_HTTPResponse $response, DataModel $model) { |
| 511 | - if(HybridSessionStore::is_enabled()) { |
|
| 511 | + if (HybridSessionStore::is_enabled()) { |
|
| 512 | 512 | session_write_close(); |
| 513 | 513 | } |
| 514 | 514 | } |
