Issues in Session.php - New Issues - Inspection of "Merge pull request #1473 from hemberger/session-re..." - smrealms/smr - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — main ( 623909...273242 )

by Dan

created 2022-11-22 07:18 UTC

src/lib/Smr/Session.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php declare(strict_types=1);

namespace Smr;

use AbstractSmrPlayer;
use Page;
use Smr\Container\DiContainer;
use SmrAccount;
use SmrPlayer;

class Session {

	private const TIME_BEFORE_EXPIRY = 172800; // 2 days

	private const URL_LOAD_DELAY = [
		'configure_hardware.php' => .4,
		'forces_drop.php' => .4,
		'forces_drop_processing.php' => .5,
		'forces_refresh_processing.php' => .4,
		'sector_jump_processing.php' => .4,
		'sector_move_processing.php' => .4,
		'sector_scan.php' => .4,
		'shop_goods_processing.php' => .4,
		'trader_attack_processing.php' => .75,
		'trader_examine.php' => .75,
	];

	protected Database $db;

	private string $sessionID;
	private int $gameID;
	/** @var array<string, Page> */
	private array $links = [];
	private ?Page $currentPage = null;
	private bool $generate;
	public readonly bool $ajax;
	private string $SN;
	private string $lastSN;
	private int $accountID;
	private float $lastAccessed;

	/** @var ?array<string, string> */
	protected ?array $previousAjaxReturns;
	/** @var array<string, string> */
	protected array $ajaxReturns = [];

	/**
	 * Return the Smr\Session in the DI container.
	 * If one does not exist yet, it will be created.
	 * This is the intended way to construct this class.
	 */
	public static function getInstance(): self {
		return DiContainer::get(self::class);
	}

	/**
	 * Smr\Session constructor.
	 * Not intended to be constructed by hand. Use Smr\Session::getInstance().
	 */
	public function __construct() {
		// Initialize the db connector here
		$this->db = Database::getInstance();

		// now try the cookie
		$idLength = 32;
		if (isset($_COOKIE['session_id']) && strlen($_COOKIE['session_id']) === $idLength) {
			$this->sessionID = $_COOKIE['session_id'];
		} else {
			// create a new session id
			do {
				$this->sessionID = random_string($idLength);
				$dbResult = $this->db->read('SELECT 1 FROM active_session WHERE session_id = ' . $this->db->escapeString($this->sessionID));
			} while ($dbResult->hasRecord()); //Make sure we haven't somehow clashed with someone else's session.

			// This is a minor hack to make sure that setcookie is not called
			// for CLI programs and tests (to avoid "headers already sent").
			if (headers_sent() === false) {
				setcookie('session_id', $this->sessionID);
			}
		}

		// Delete any expired sessions
		$this->db->write('DELETE FROM active_session WHERE last_accessed < ' . $this->db->escapeNumber(time() - self::TIME_BEFORE_EXPIRY));

		// try to get current session
		$this->ajax = Request::getInt('ajax', 0) === 1;

		$this->SN = Request::get('sn', '');
		$this->fetchVarInfo();

		if (!$this->ajax && $this->hasCurrentVar()) {
			$file = $this->getCurrentVar()->file;
			$loadDelay = self::URL_LOAD_DELAY[$file] ?? 0;
			$timeBetweenLoads = microtime(true) - $this->lastAccessed;
			if ($timeBetweenLoads < $loadDelay) {
				$sleepTime = IRound(($loadDelay - $timeBetweenLoads) * 1000000);
				//echo 'Sleeping for: ' . $sleepTime . 'us';
				usleep($sleepTime);
			}
			if (ENABLE_DEBUG) {
				$this->db->insert('debug', [
					'debug_type' => $this->db->escapeString('Delay: ' . $file),
					'account_id' => $this->db->escapeNumber($this->accountID),
					'value' => $this->db->escapeNumber($timeBetweenLoads),
				]);
			}
		}
	}

	public function fetchVarInfo(): void {
		$dbResult = $this->db->read('SELECT * FROM active_session WHERE session_id = ' . $this->db->escapeString($this->sessionID));
		if ($dbResult->hasRecord()) {
			$dbRecord = $dbResult->record();
			$this->generate = false;
			$this->sessionID = $dbRecord->getString('session_id');
			$this->accountID = $dbRecord->getInt('account_id');
			$this->gameID = $dbRecord->getInt('game_id');
			$this->lastAccessed = $dbRecord->getFloat('last_accessed');
			$this->lastSN = $dbRecord->getString('last_sn');
			// We may not have ajax_returns if ajax was disabled
			$this->previousAjaxReturns = $dbRecord->getObject('ajax_returns', true, true);

			[$this->links, $lastPage] = $dbRecord->getObject('session_var', true);

			$ajaxRefresh = $this->ajax && !$this->hasChangedSN();
			if ($ajaxRefresh) {
				$this->currentPage = $lastPage;
			} elseif (isset($this->links[$this->SN])) {
				// If the current page is modified during page processing, we need
				// to make sure the original link is unchanged. So we clone it here.
				$this->currentPage = clone $this->links[$this->SN];
			}

			if (!$ajaxRefresh) { // since form pages don't ajax refresh properly
				foreach ($this->links as $sn => $link) {
					if (!$link->reusable) {
						// This link is no longer valid
						unset($this->links[$sn]);
					}
				}
			}
		} else {
			$this->generate = true;
			$this->accountID = 0;
			$this->gameID = 0;
		}
	}

	public function update(): void {
		$sessionVar = [$this->links, $this->currentPage];
		if (!$this->generate) {
			$this->db->write('UPDATE active_session SET account_id=' . $this->db->escapeNumber($this->accountID) . ',game_id=' . $this->db->escapeNumber($this->gameID) . (!$this->ajax ? ',last_accessed=' . $this->db->escapeNumber(Epoch::microtime()) : '') . ',session_var=' . $this->db->escapeObject($sessionVar, true) .
					',last_sn=' . $this->db->escapeString($this->SN) .
					' WHERE session_id=' . $this->db->escapeString($this->sessionID) . ($this->ajax ? ' AND last_sn=' . $this->db->escapeString($this->lastSN) : ''));
		} else {
			$this->db->write('DELETE FROM active_session WHERE account_id = ' . $this->db->escapeNumber($this->accountID) . ' AND game_id = ' . $this->db->escapeNumber($this->gameID));
			$this->db->insert('active_session', [
				'session_id' => $this->db->escapeString($this->sessionID),
				'account_id' => $this->db->escapeNumber($this->accountID),
				'game_id' => $this->db->escapeNumber($this->gameID),
				'last_accessed' => $this->db->escapeNumber(Epoch::microtime()),
				'session_var' => $this->db->escapeObject($sessionVar, true),
			]);
			$this->generate = false;
		}
	}

	/**
	 * Uniquely identifies the session in the database.
	 */
	public function getSessionID(): string {
		return $this->sessionID;
	}

	/**
	 * Returns the Game ID associated with the session.
	 */
	public function getGameID(): int {
		return $this->gameID;
	}

	/**
	 * Returns true if the session is inside a game, false otherwise.
	 */
	public function hasGame(): bool {
		return $this->gameID != 0;
	}

	public function hasAccount(): bool {
		return $this->accountID > 0;
	}

	public function getAccountID(): int {
		return $this->accountID;
	}

	public function getAccount(): SmrAccount {
		return SmrAccount::getAccount($this->accountID);
	}

	public function getPlayer(bool $forceUpdate = false): AbstractSmrPlayer {
		return SmrPlayer::getPlayer($this->accountID, $this->gameID, $forceUpdate);
	}

	/**
	 * Sets the `accountID` attribute of this session.
	 */
	public function setAccount(SmrAccount $account): void {
		$this->accountID = $account->getAccountID();
	}

	/**
	 * Updates the `gameID` attribute of the session and deletes any other
	 * active sessions in this game for this account.
	 */
	public function updateGame(int $gameID): void {
		if ($this->gameID == $gameID) {
			return;
		}
		$this->gameID = $gameID;
		$this->db->write('DELETE FROM active_session WHERE account_id = ' . $this->db->escapeNumber($this->accountID) . ' AND game_id = ' . $this->gameID);
		$this->db->write('UPDATE active_session SET game_id=' . $this->db->escapeNumber($this->gameID) . ' WHERE session_id=' . $this->db->escapeString($this->sessionID));
	}

	/**
	 * The SN is the URL parameter that defines the page being requested.
	 */
	public function getSN(): string {
		return $this->SN;
	}

	/**
	 * Returns true if the current SN is different than the previous SN.
	 */
	public function hasChangedSN(): bool {
		return $this->SN != $this->lastSN;
	}

	public function destroy(): void {
		$this->db->write('DELETE FROM active_session WHERE session_id = ' . $this->db->escapeString($this->sessionID));
		unset($this->sessionID);
		unset($this->accountID);
		unset($this->gameID);
	}

	public function getLastAccessed(): float {
		return $this->lastAccessed;
	}

	/**
	 * Check if the session has a var associated with the current SN.
	 */
	public function hasCurrentVar(): bool {
		return $this->currentPage !== null;
	}

	/**
	 * Returns the session var associated with the current SN.
	 */
	public function getCurrentVar(): Page {
		return $this->currentPage;
	}

	/**
	 * Gets a var from $var, $_REQUEST, or $default. Then stores it in the
	 * session so that it can still be retrieved when the page auto-refreshes.
	 * This is the recommended way to get $_REQUEST data for display pages.
	 * For processing pages, see the Request class.
	 */
	public function getRequestVar(string $varName, string $default = null): string {
		$result = Request::getVar($varName, $default);
		$var = $this->getCurrentVar();
		$var[$varName] = $result;
		return $result;
	}

	public function getRequestVarInt(string $varName, int $default = null): int {
		$result = Request::getVarInt($varName, $default);
		$var = $this->getCurrentVar();
		$var[$varName] = $result;
		return $result;
	}

	/**
	 * @param ?array<int> $default
	 * @return array<int>
	 */
	public function getRequestVarIntArray(string $varName, array $default = null): array {
		$result = Request::getVarIntArray($varName, $default);
		$var = $this->getCurrentVar();
		$var[$varName] = $result;
		return $result;
	}

	/**
	 * Replace the global $var with the given $container.
	 */
	public function setCurrentVar(Page $container): void {
		$this->currentPage = $container;
	}

	public function clearLinks(): void {
		$this->links = [];
	}

	/**
	 * Add a page to the session so that it can be used on next page load.
	 * It will be associated with an SN that will be used for linking.
	 */
	public function addLink(Page $container): string {
		// If we already had a link to this exact page, use the existing SN for it.
		foreach ($this->links as $sn => $link) {
			if ($container == $link) { // loose equality to compare contents
				return $sn;
			}
		}
		// This page isn't an existing link, so give it a new SN.
		do {
			$sn = random_alphabetic_string(6);
		} while (isset($this->links[$sn]));
		$this->links[$sn] = $container;
		return $sn;
	}

	public function addAjaxReturns(string $element, string $contents): bool {
		$this->ajaxReturns[$element] = $contents;
		return isset($this->previousAjaxReturns[$element]) && $this->previousAjaxReturns[$element] == $contents;
	}

	public function saveAjaxReturns(): void {
		if (empty($this->ajaxReturns)) {
			return;
		}
		$this->db->write('UPDATE active_session SET ajax_returns=' . $this->db->escapeObject($this->ajaxReturns, true) .
				' WHERE session_id=' . $this->db->escapeString($this->sessionID));
	}

}


Scrutinizer GitHub App not installed

Push — main ( 623909...273242 )

src/lib/Smr/Session.php (1 issue)

Labels

Severity

Introduced By

1			<?php declare(strict_types=1);
2
3			namespace Smr;
4
5			use AbstractSmrPlayer;
6			use Page;
7			use Smr\Container\DiContainer;
8			use SmrAccount;
9			use SmrPlayer;
10
11			class Session {
12
13			private const TIME_BEFORE_EXPIRY = 172800; // 2 days
14
15			private const URL_LOAD_DELAY = [
16			'configure_hardware.php' => .4,
17			'forces_drop.php' => .4,
18			'forces_drop_processing.php' => .5,
19			'forces_refresh_processing.php' => .4,
20			'sector_jump_processing.php' => .4,
21			'sector_move_processing.php' => .4,
22			'sector_scan.php' => .4,
23			'shop_goods_processing.php' => .4,
24			'trader_attack_processing.php' => .75,
25			'trader_examine.php' => .75,
26			];
27
28			protected Database $db;
29
30			private string $sessionID;
31			private int $gameID;
32			/** @var array<string, Page> */
33			private array $links = [];
34			private ?Page $currentPage = null;
35			private bool $generate;
36			public readonly bool $ajax;
37			private string $SN;
38			private string $lastSN;
39			private int $accountID;
40			private float $lastAccessed;
41
42			/** @var ?array<string, string> */
43			protected ?array $previousAjaxReturns;
44			/** @var array<string, string> */
45			protected array $ajaxReturns = [];
46
47			/**
48			* Return the Smr\Session in the DI container.
49			* If one does not exist yet, it will be created.
50			* This is the intended way to construct this class.
51			*/
52			public static function getInstance(): self {
53			return DiContainer::get(self::class);
54			}
55
56			/**
57			* Smr\Session constructor.
58			* Not intended to be constructed by hand. Use Smr\Session::getInstance().
59			*/
60			public function __construct() {
61			// Initialize the db connector here
62			$this->db = Database::getInstance();
63
64			// now try the cookie
65			$idLength = 32;
66			if (isset($_COOKIE['session_id']) && strlen($_COOKIE['session_id']) === $idLength) {
67			$this->sessionID = $_COOKIE['session_id'];
68			} else {
69			// create a new session id
70			do {
71			$this->sessionID = random_string($idLength);
72			$dbResult = $this->db->read('SELECT 1 FROM active_session WHERE session_id = ' . $this->db->escapeString($this->sessionID));
73			} while ($dbResult->hasRecord()); //Make sure we haven't somehow clashed with someone else's session.
74
75			// This is a minor hack to make sure that setcookie is not called
76			// for CLI programs and tests (to avoid "headers already sent").
77			if (headers_sent() === false) {
78			setcookie('session_id', $this->sessionID);
79			}
80			}
81
82			// Delete any expired sessions
83			$this->db->write('DELETE FROM active_session WHERE last_accessed < ' . $this->db->escapeNumber(time() - self::TIME_BEFORE_EXPIRY));
84
85			// try to get current session
86			$this->ajax = Request::getInt('ajax', 0) === 1;
			0 ignored issues – show Bug introduced 2022-11-22 06:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `ajax` is declared read-only in `Smr\Session`. Loading history...
87			$this->SN = Request::get('sn', '');
88			$this->fetchVarInfo();
89
90			if (!$this->ajax && $this->hasCurrentVar()) {
91			$file = $this->getCurrentVar()->file;
92			$loadDelay = self::URL_LOAD_DELAY[$file] ?? 0;
93			$timeBetweenLoads = microtime(true) - $this->lastAccessed;
94			if ($timeBetweenLoads < $loadDelay) {
95			$sleepTime = IRound(($loadDelay - $timeBetweenLoads) * 1000000);
96			//echo 'Sleeping for: ' . $sleepTime . 'us';
97			usleep($sleepTime);
98			}
99			if (ENABLE_DEBUG) {
100			$this->db->insert('debug', [
101			'debug_type' => $this->db->escapeString('Delay: ' . $file),
102			'account_id' => $this->db->escapeNumber($this->accountID),
103			'value' => $this->db->escapeNumber($timeBetweenLoads),
104			]);
105			}
106			}
107			}
108
109			public function fetchVarInfo(): void {
110			$dbResult = $this->db->read('SELECT * FROM active_session WHERE session_id = ' . $this->db->escapeString($this->sessionID));
111			if ($dbResult->hasRecord()) {
112			$dbRecord = $dbResult->record();
113			$this->generate = false;
114			$this->sessionID = $dbRecord->getString('session_id');
115			$this->accountID = $dbRecord->getInt('account_id');
116			$this->gameID = $dbRecord->getInt('game_id');
117			$this->lastAccessed = $dbRecord->getFloat('last_accessed');
118			$this->lastSN = $dbRecord->getString('last_sn');
119			// We may not have ajax_returns if ajax was disabled
120			$this->previousAjaxReturns = $dbRecord->getObject('ajax_returns', true, true);
121
122			[$this->links, $lastPage] = $dbRecord->getObject('session_var', true);
123
124			$ajaxRefresh = $this->ajax && !$this->hasChangedSN();
125			if ($ajaxRefresh) {
126			$this->currentPage = $lastPage;
127			} elseif (isset($this->links[$this->SN])) {
128			// If the current page is modified during page processing, we need
129			// to make sure the original link is unchanged. So we clone it here.
130			$this->currentPage = clone $this->links[$this->SN];
131			}
132
133			if (!$ajaxRefresh) { // since form pages don't ajax refresh properly
134			foreach ($this->links as $sn => $link) {
135			if (!$link->reusable) {
136			// This link is no longer valid
137			unset($this->links[$sn]);
138			}
139			}
140			}
141			} else {
142			$this->generate = true;
143			$this->accountID = 0;
144			$this->gameID = 0;
145			}
146			}
147
148			public function update(): void {
149			$sessionVar = [$this->links, $this->currentPage];
150			if (!$this->generate) {
151			$this->db->write('UPDATE active_session SET account_id=' . $this->db->escapeNumber($this->accountID) . ',game_id=' . $this->db->escapeNumber($this->gameID) . (!$this->ajax ? ',last_accessed=' . $this->db->escapeNumber(Epoch::microtime()) : '') . ',session_var=' . $this->db->escapeObject($sessionVar, true) .
152			',last_sn=' . $this->db->escapeString($this->SN) .
153			' WHERE session_id=' . $this->db->escapeString($this->sessionID) . ($this->ajax ? ' AND last_sn=' . $this->db->escapeString($this->lastSN) : ''));
154			} else {
155			$this->db->write('DELETE FROM active_session WHERE account_id = ' . $this->db->escapeNumber($this->accountID) . ' AND game_id = ' . $this->db->escapeNumber($this->gameID));
156			$this->db->insert('active_session', [
157			'session_id' => $this->db->escapeString($this->sessionID),
158			'account_id' => $this->db->escapeNumber($this->accountID),
159			'game_id' => $this->db->escapeNumber($this->gameID),
160			'last_accessed' => $this->db->escapeNumber(Epoch::microtime()),
161			'session_var' => $this->db->escapeObject($sessionVar, true),
162			]);
163			$this->generate = false;
164			}
165			}
166
167			/**
168			* Uniquely identifies the session in the database.
169			*/
170			public function getSessionID(): string {
171			return $this->sessionID;
172			}
173
174			/**
175			* Returns the Game ID associated with the session.
176			*/
177			public function getGameID(): int {
178			return $this->gameID;
179			}
180
181			/**
182			* Returns true if the session is inside a game, false otherwise.
183			*/
184			public function hasGame(): bool {
185			return $this->gameID != 0;
186			}
187
188			public function hasAccount(): bool {
189			return $this->accountID > 0;
190			}
191
192			public function getAccountID(): int {
193			return $this->accountID;
194			}
195
196			public function getAccount(): SmrAccount {
197			return SmrAccount::getAccount($this->accountID);
198			}
199
200			public function getPlayer(bool $forceUpdate = false): AbstractSmrPlayer {
201			return SmrPlayer::getPlayer($this->accountID, $this->gameID, $forceUpdate);
202			}
203
204			/**
205			* Sets the `accountID` attribute of this session.
206			*/
207			public function setAccount(SmrAccount $account): void {
208			$this->accountID = $account->getAccountID();
209			}
210
211			/**
212			* Updates the `gameID` attribute of the session and deletes any other
213			* active sessions in this game for this account.
214			*/
215			public function updateGame(int $gameID): void {
216			if ($this->gameID == $gameID) {
217			return;
218			}
219			$this->gameID = $gameID;
220			$this->db->write('DELETE FROM active_session WHERE account_id = ' . $this->db->escapeNumber($this->accountID) . ' AND game_id = ' . $this->gameID);
221			$this->db->write('UPDATE active_session SET game_id=' . $this->db->escapeNumber($this->gameID) . ' WHERE session_id=' . $this->db->escapeString($this->sessionID));
222			}
223
224			/**
225			* The SN is the URL parameter that defines the page being requested.
226			*/
227			public function getSN(): string {
228			return $this->SN;
229			}
230
231			/**
232			* Returns true if the current SN is different than the previous SN.
233			*/
234			public function hasChangedSN(): bool {
235			return $this->SN != $this->lastSN;
236			}
237
238			public function destroy(): void {
239			$this->db->write('DELETE FROM active_session WHERE session_id = ' . $this->db->escapeString($this->sessionID));
240			unset($this->sessionID);
241			unset($this->accountID);
242			unset($this->gameID);
243			}
244
245			public function getLastAccessed(): float {
246			return $this->lastAccessed;
247			}
248
249			/**
250			* Check if the session has a var associated with the current SN.
251			*/
252			public function hasCurrentVar(): bool {
253			return $this->currentPage !== null;
254			}
255
256			/**
257			* Returns the session var associated with the current SN.
258			*/
259			public function getCurrentVar(): Page {
260			return $this->currentPage;
261			}
262
263			/**
264			* Gets a var from $var, $_REQUEST, or $default. Then stores it in the
265			* session so that it can still be retrieved when the page auto-refreshes.
266			* This is the recommended way to get $_REQUEST data for display pages.
267			* For processing pages, see the Request class.
268			*/
269			public function getRequestVar(string $varName, string $default = null): string {
270			$result = Request::getVar($varName, $default);
271			$var = $this->getCurrentVar();
272			$var[$varName] = $result;
273			return $result;
274			}
275
276			public function getRequestVarInt(string $varName, int $default = null): int {
277			$result = Request::getVarInt($varName, $default);
278			$var = $this->getCurrentVar();
279			$var[$varName] = $result;
280			return $result;
281			}
282
283			/**
284			* @param ?array<int> $default
285			* @return array<int>
286			*/
287			public function getRequestVarIntArray(string $varName, array $default = null): array {
288			$result = Request::getVarIntArray($varName, $default);
289			$var = $this->getCurrentVar();
290			$var[$varName] = $result;
291			return $result;
292			}
293
294			/**
295			* Replace the global $var with the given $container.
296			*/
297			public function setCurrentVar(Page $container): void {
298			$this->currentPage = $container;
299			}
300
301			public function clearLinks(): void {
302			$this->links = [];
303			}
304
305			/**
306			* Add a page to the session so that it can be used on next page load.
307			* It will be associated with an SN that will be used for linking.
308			*/
309			public function addLink(Page $container): string {
310			// If we already had a link to this exact page, use the existing SN for it.
311			foreach ($this->links as $sn => $link) {
312			if ($container == $link) { // loose equality to compare contents
313			return $sn;
314			}
315			}
316			// This page isn't an existing link, so give it a new SN.
317			do {
318			$sn = random_alphabetic_string(6);
319			} while (isset($this->links[$sn]));
320			$this->links[$sn] = $container;
321			return $sn;
322			}
323
324			public function addAjaxReturns(string $element, string $contents): bool {
325			$this->ajaxReturns[$element] = $contents;
326			return isset($this->previousAjaxReturns[$element]) && $this->previousAjaxReturns[$element] == $contents;
327			}
328
329			public function saveAjaxReturns(): void {
330			if (empty($this->ajaxReturns)) {
331			return;
332			}
333			$this->db->write('UPDATE active_session SET ajax_returns=' . $this->db->escapeObject($this->ajaxReturns, true) .
334			' WHERE session_id=' . $this->db->escapeString($this->sessionID));
335			}
336
337			}
338

smrealms / smr

Scrutinizer GitHub App not installed

Push — main ( 623909...273242 )

src/lib/Smr/Session.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like