CFSesion::encrypt() - Code Metrics - webcol/Calima - Measure and Improve Code Quality continuously with Scrutinizer

CFSesion::encrypt() A
last analyzed 2017-12-14 01:15 UTC

↳ Parent: CFSesion

Complexity

Conditions	1
Paths	1

Size

Total Lines	8
Code Lines	7

Duplication

Lines	8
Ratio	100 %

Importance

Changes

Metric	Value
cc	1
eloc	7
nc	1
nop	2
dl	8
loc	8
rs	9.4285
c	0
b	0
f	0

<?php
/*
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * This software consists of voluntary contributions made by many individuals
 * and is licensed under the MIT license. For more information, see
 * @category   
 * @package    sistema/nucleo
 * @copyright  Copyright (c) 2006 - 2014 webcol.net (http://www.webcol.net/calima)
 * @license	https://github.com/webcol/Calima/blob/master/LICENSE	MIT
 * @version	##BETA 1.0##, ##2014 - 2015##
 * <http://www.calimaframework.com>.
 */
/*
 * require('Cf_Sesion.php');
 * $sesion=new Cf_Sesion();
 * Set to true if using https
 * $sesion->iniciarSesion('_s',false);
 
 * $_SESSION['something']='A value.';
 * echo$_SESSION['something'];
 */
namespace Sistema\Nucleo;
class CFSesion
{   

    
    private $host       = CF_BD_HOST;
    private $usuario    = CF_BD_USUARIO;
    private $clave      = CF_BD_CLAVE;
    private $bdnombre   = CF_BD_NOMBRE;
    private $bdchar     = CF_BD_CHAR;

    private $bdconector = CF_BD_CONECTOR;

    
   public function __construct() {
       session_regenerate_id(true);
         // set our custom session functions.
      session_set_save_handler(array($this, 'abrir'), array($this, 'cerrar'), array($this, 'leer'), array($this, 'escribir'), array($this, 'destruir'), array($this, 'gc'));
      // This line prevents unexpected effects when using objects as save handlers.
      register_shutdown_function('session_write_close');      
   }   
  /* public function __destruct() {
      session_regenerate_id(true);
   }*/
           function iniciarSesion($session_name, $secure) {
      // Make sure the session cookie is not accessable via javascript.
      $httpunico = true;

      // Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
      $sesion_hash = 'sha512';

      // Check if hash is available
      if (in_array($sesion_hash, hash_algos())) {
        // Set the has function.
        ini_set('session.hash_function', $sesion_hash);
      }
      // How many bits per character of the hash.
      // The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
      ini_set('session.hash_bits_per_character', 5);

      // Force the session to only use cookies, not URL variables.
      ini_set('session.use_only_cookies', 1);

      // Get session cookie parameters 
      $cookieParams = session_get_cookie_params(); 
      // Set the parameters
      session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httpunico); 
      // Change the session name 
      session_name($session_name);
      // Now we cat start the session
      session_start();
     
      // This line regenerates the session and delete the old one. 
      // It also generates a new encryption key in the database. 
       
   }

// ingrese la informacion de conexion a su base de datos, debe ser igual a la que esta en CFConfiguracion.php
   function abrir() {
   $host = $this->host;
   $user = $this->usuario;
   $pass = $this->clave;
   $name = $this->bdnombre;
   
   $mysqli = new \mysqli($host, $user, $pass, $name);
   $this->db = $mysqli;
class MyClass { }

$x = new MyClass();
$x->foo = true;
   return true;
   }

   function cerrar() {
      $this->db->close();
      return true;
   }


   function leer($id) {
      if(!isset($this->read_stmt)) {
      $this->read_stmt = $this->db->prepare("SELECT data FROM sesiones WHERE id = ? LIMIT 1");
class MyClass { }

$x = new MyClass();
$x->foo = true;
   }
   $this->read_stmt->bind_param('s', $id);
   $this->read_stmt->execute();
   $this->read_stmt->store_result();
   $this->read_stmt->bind_result($data);
function someFunction() {
    $x = 5;
    echo $x;
}
   $this->read_stmt->fetch();
   $key = $this->getkey($id);
   $data = $this->decrypt($data, $key);
function someFunction() {
    $x = 5;
    echo $x;
}
   return $data;
   }





   function escribir($id, $data) {
      // Get unique key
   $key = $this->getkey($id);
   // Encrypt the data
   $data = $this->encrypt($data, $key);
 
   $time = time();
   if(!isset($this->w_stmt)) {
      $this->w_stmt = $this->db->prepare("REPLACE INTO sesiones (id, set_time, data, session_key) VALUES (?, ?, ?, ?)");
class MyClass { }

$x = new MyClass();
$x->foo = true;
   }
 
   $this->w_stmt->bind_param('siss', $id, $time, $data, $key);
   $this->w_stmt->execute();
   return true;
   }

   function destruir($id) {
      if(!isset($this->delete_stmt)) {
      $this->delete_stmt = $this->db->prepare("DELETE FROM sesiones WHERE id = ?");
class MyClass { }

$x = new MyClass();
$x->foo = true;
   }
   $this->delete_stmt->bind_param('s', $id);
   $this->delete_stmt->execute();
   return true;
   }

   function gc($max) {
      if(!isset($this->gc_stmt)) {
      $this->gc_stmt = $this->db->prepare("DELETE FROM sesiones WHERE set_time < ?");
class MyClass { }

$x = new MyClass();
$x->foo = true;
   }
   $old = time() - $max;
   $this->gc_stmt->bind_param('s', $old);
   $this->gc_stmt->execute();
   return true;
   }

   private function getkey($id) {
           
      
      if(!isset($this->key_stmt)) {
      $this->key_stmt = $this->db->prepare("SELECT session_key FROM sesiones WHERE id = ? LIMIT 1");
class MyClass { }

$x = new MyClass();
$x->foo = true;
   }
   $this->key_stmt->bind_param('s', $id);
   $this->key_stmt->execute();
   $this->key_stmt->store_result();
   if($this->key_stmt->num_rows == 1) { 
      $this->key_stmt->bind_result($key);

      $this->key_stmt->fetch();
      return $key;
   } else {
      $random_key = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
      return $random_key;
   }
   }

   private function encrypt($data, $key) {
      $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
      $key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
      $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
      $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
      $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv));
      return $encrypted;
   }
   private function decrypt($data, $key) {
      $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
      $key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
      $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
      $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
      $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($data), MCRYPT_MODE_ECB, $iv);
      return $decrypted;
   }
    
}

//estructura para bd

/*

CREATE TABLE IF NOT EXISTS `sesion` (
  `id` char(128) NOT NULL,
  `set_time` char(10) NOT NULL,
  `data` text NOT NULL,
  `session_key` char(128) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

*/


1		<?php
2		/*
3		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
4		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
5		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
6		* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
7		* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
8		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
9		* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
10		* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
11		* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
12		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
13		* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
14		*
15		* This software consists of voluntary contributions made by many individuals
16		* and is licensed under the MIT license. For more information, see
17		* @category
18		* @package sistema/nucleo
19		* @copyright Copyright (c) 2006 - 2014 webcol.net (http://www.webcol.net/calima)
20		* @license https://github.com/webcol/Calima/blob/master/LICENSE MIT
21		* @version ##BETA 1.0##, ##2014 - 2015##
22		* <http://www.calimaframework.com>.
23		*/
24		/*
25		* require('Cf_Sesion.php');
26		* $sesion=new Cf_Sesion();
27		* Set to true if using https
28		* $sesion->iniciarSesion('_s',false);
29
30		* $_SESSION['something']='A value.';
31		* echo$_SESSION['something'];
32		*/
33		namespace Sistema\Nucleo;
34		class CFSesion
35		{
		0 ignored issues – show Coding Style introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The opening class brace should be on a newline by itself. Loading history...
36
37		private $host = CF_BD_HOST;
38		private $usuario = CF_BD_USUARIO;
39		private $clave = CF_BD_CLAVE;
40		private $bdnombre = CF_BD_NOMBRE;
41		private $bdchar = CF_BD_CHAR;
		0 ignored issues – show Unused Code introduced 2016-03-13 00:59 UTC by Report Bug Copy Issue Report The property `$bdchar` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
42		private $bdconector = CF_BD_CONECTOR;
		0 ignored issues – show Unused Code introduced 2016-03-13 00:59 UTC by Report Bug Copy Issue Report The property `$bdconector` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
43
44		public function __construct() {
45		session_regenerate_id(true);
46		// set our custom session functions.
47		session_set_save_handler(array($this, 'abrir'), array($this, 'cerrar'), array($this, 'leer'), array($this, 'escribir'), array($this, 'destruir'), array($this, 'gc'));
48		// This line prevents unexpected effects when using objects as save handlers.
49		register_shutdown_function('session_write_close');
50		}
51		/* public function __destruct() {
52		session_regenerate_id(true);
53		}*/
54		function iniciarSesion($session_name, $secure) {
55		// Make sure the session cookie is not accessable via javascript.
56		$httpunico = true;
57
58		// Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
59		$sesion_hash = 'sha512';
60
61		// Check if hash is available
62		if (in_array($sesion_hash, hash_algos())) {
63		// Set the has function.
64		ini_set('session.hash_function', $sesion_hash);
65		}
66		// How many bits per character of the hash.
67		// The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
68		ini_set('session.hash_bits_per_character', 5);
69
70		// Force the session to only use cookies, not URL variables.
71		ini_set('session.use_only_cookies', 1);
72
73		// Get session cookie parameters
74		$cookieParams = session_get_cookie_params();
75		// Set the parameters
76		session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httpunico);
77		// Change the session name
78		session_name($session_name);
79		// Now we cat start the session
80		session_start();
81
82		// This line regenerates the session and delete the old one.
83		// It also generates a new encryption key in the database.
84
85		}
86
87		// ingrese la informacion de conexion a su base de datos, debe ser igual a la que esta en CFConfiguracion.php
88		function abrir() {
89		$host = $this->host;
90		$user = $this->usuario;
91		$pass = $this->clave;
92		$name = $this->bdnombre;
93
94		$mysqli = new \mysqli($host, $user, $pass, $name);
95		$this->db = $mysqli;
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The property `db` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
96		return true;
97		}
98
99		function cerrar() {
100		$this->db->close();
101		return true;
102		}
103
104
105		function leer($id) {
106		if(!isset($this->read_stmt)) {
107		$this->read_stmt = $this->db->prepare("SELECT data FROM sesiones WHERE id = ? LIMIT 1");
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The property `read_stmt` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
108		}
109		$this->read_stmt->bind_param('s', $id);
110		$this->read_stmt->execute();
111		$this->read_stmt->store_result();
112		$this->read_stmt->bind_result($data);
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The variable `$data` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
113		$this->read_stmt->fetch();
114		$key = $this->getkey($id);
115		$data = $this->decrypt($data, $key);
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The variable `$data` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
116		return $data;
117		}
118
119
120
121
122
123		function escribir($id, $data) {
124		// Get unique key
125		$key = $this->getkey($id);
126		// Encrypt the data
127		$data = $this->encrypt($data, $key);
128
129		$time = time();
130		if(!isset($this->w_stmt)) {
131		$this->w_stmt = $this->db->prepare("REPLACE INTO sesiones (id, set_time, data, session_key) VALUES (?, ?, ?, ?)");
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The property `w_stmt` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
132		}
133
134		$this->w_stmt->bind_param('siss', $id, $time, $data, $key);
135		$this->w_stmt->execute();
136		return true;
137		}
138
139	View Code Duplication	function destruir($id) {
140		if(!isset($this->delete_stmt)) {
141		$this->delete_stmt = $this->db->prepare("DELETE FROM sesiones WHERE id = ?");
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The property `delete_stmt` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
142		}
143		$this->delete_stmt->bind_param('s', $id);
144		$this->delete_stmt->execute();
145		return true;
146		}
147
148	View Code Duplication	function gc($max) {
149		if(!isset($this->gc_stmt)) {
150		$this->gc_stmt = $this->db->prepare("DELETE FROM sesiones WHERE set_time < ?");
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The property `gc_stmt` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
151		}
152		$old = time() - $max;
153		$this->gc_stmt->bind_param('s', $old);
154		$this->gc_stmt->execute();
155		return true;
156		}
157
158		private function getkey($id) {
159
160
161		if(!isset($this->key_stmt)) {
162		$this->key_stmt = $this->db->prepare("SELECT session_key FROM sesiones WHERE id = ? LIMIT 1");
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The property `key_stmt` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
163		}
164		$this->key_stmt->bind_param('s', $id);
165		$this->key_stmt->execute();
166		$this->key_stmt->store_result();
167		if($this->key_stmt->num_rows == 1) {
168		$this->key_stmt->bind_result($key);
		0 ignored issues – show Bug introduced 2016-02-17 21:17 UTC by Report Bug Copy Issue Report The variable `$key` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
169		$this->key_stmt->fetch();
170		return $key;
171		} else {
172		$random_key = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
173		return $random_key;
174		}
175		}
176
177	View Code Duplication	private function encrypt($data, $key) {
178		$salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
179		$key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
180		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
181		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
182		$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv));
183		return $encrypted;
184		}
185	View Code Duplication	private function decrypt($data, $key) {
186		$salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
187		$key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
188		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
189		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
190		$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($data), MCRYPT_MODE_ECB, $iv);
191		return $decrypted;
192		}
193
194		}
195
196		//estructura para bd
197
198		/*
199
200		CREATE TABLE IF NOT EXISTS `sesion` (
201		`id` char(128) NOT NULL,
202		`set_time` char(10) NOT NULL,
203		`data` text NOT NULL,
204		`session_key` char(128) NOT NULL,
205		PRIMARY KEY (`id`)
206		) ENGINE=InnoDB DEFAULT CHARSET=latin1;
207
208		*/
209

webcol / Calima

GitHub Access Token became invalid

CFSesion::encrypt() A last analyzed 2017-12-14 01:15 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

CFSesion::encrypt() A
last analyzed 2017-12-14 01:15 UTC