/Vendor/PHPSecureSession/SecureSession.php

https://github.com/adrianodemoura/phpGridOld · PHP · 186 lines · 105 code · 1 blank · 80 comment · 9 complexity · 1a08ed615b4d9314d833ad1e107cab84 MD5 · raw file 

    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * ------------------------------------------------
    4. 

  4.  * Encrypt PHP session data using files
    5. 

  5.  * ------------------------------------------------
    6. 

  6.  * The encryption is built using mcrypt extension 
    7. 

  7.  * and the randomness is managed by openssl
    8. 

  8.  * 
    9. 

  9.  * @author Enrico Zimuel (enrico@zimuel.it)
    10. 

  10.  * @copyright GNU General Public License
    11. 

  11.  */
    12. 

  12. class SecureSession {
    13. 

  13. 	const CIPHER= MCRYPT_RIJNDAEL_256;
    14. 

  14. 	const CIPHER_MODE= MCRYPT_MODE_CBC;
    15. 

  15. 	/**
    16. 

  16. 	 * Key for encryption/decryption
    17. 

  17. 	 * 
    18. 

  18. 	 * @var string
    19. 

  19. 	 */
    20. 

  20. 	private static $_key;
    21. 

  21. 	/**
    22. 

  22. 	 * Path of the session file
    23. 

  23. 	 *
    24. 

  24. 	 * @var string
    25. 

  25. 	 */
    26. 

  26. 	private static $_path;
    27. 

  27. 	/**
    28. 

  28. 	 * Session name (optional)
    29. 

  29. 	 * 
    30. 

  30. 	 * @var string
    31. 

  31. 	 */
    32. 

  32. 	private static $_name;
    33. 

  33. 	/**
    34. 

  34. 	 * Size of the IV vector for encryption
    35. 

  35. 	 * 
    36. 

  36. 	 * @var integer
    37. 

  37. 	 */
    38. 

  38. 	private static $_ivSize;
    39. 

  39. 	/**
    40. 

  40. 	 * Cookie variable name of the key
    41. 

  41. 	 * 
    42. 

  42. 	 * @var string
    43. 

  43. 	 */
    44. 

  44. 	private static $_keyName;
    45. 

  45. 	/**
    46. 

  46. 	 * Generate a random key
    47. 

  47. 	 * fallback to mt_rand if PHP < 5.3 or no openssl available
    48. 

  48. 	 * 
    49. 

  49. 	 * @param integer $length
    50. 

  50. 	 * @return string
    51. 

  51. 	 */
    52. 

  52. 	private static function _randomKey($length=32) {
    53. 

  53. 	     if(function_exists('openssl_random_pseudo_bytes')) {
    54. 

  54.     	          $rnd = openssl_random_pseudo_bytes($length, $strong);
    55. 

  55.         	  if($strong === TRUE) 
    56. 

  56.         	       return $rnd;
    57. 

  57. 	     }
    58. 

  58. 	     for ($i=0;$i<$length;$i++) {
    59. 

  59. 	          $sha= sha1(mt_rand());
    60. 

  60. 		  $char= mt_rand(0,30);
    61. 

  61. 		  $rnd.= chr(hexdec($sha[$char].$sha[$char+1]));
    62. 

  62. 	     }	
    63. 

  63. 	     return $rnd;
    64. 

  64. 	}
    65. 

  65.     /**
    66. 

  66.      * Open the session
    67. 

  67.      * 
    68. 

  68.      * @param string $save_path
    69. 

  69.      * @param string $session_name
    70. 

  70.      * @return bool
    71. 

  71.      */
    72. 

  72.     public static function open($save_path, $session_name) {
    73. 

  73.         self::$_path= $save_path.'/';	
    74. 

  74. 	self::$_name= $session_name;
    75. 

  75. 	self::$_keyName= "KEY_$session_name";
    76. 

  76. 	self::$_ivSize= mcrypt_get_iv_size(self::CIPHER, self::CIPHER_MODE);
    77. 

  77. 

  78. 	if (empty($_COOKIE[self::$_keyName])) {
    79. 

  79. 	     $keyLength= mcrypt_get_key_size(self::CIPHER, self::CIPHER_MODE);
    80. 

  80. 	     self::$_key= self::_randomKey($keyLength);
    81. 

  81. 	     $cookie_param = session_get_cookie_params();
    82. 

  82.              setcookie(
    83. 

  83.                   self::$_keyName,
    84. 

  84.                   base64_encode(self::$_key),
    85. 

  85.                   $cookie_param['lifetime'],
    86. 

  86.                   $cookie_param['path'],
    87. 

  87.                   $cookie_param['domain'],
    88. 

  88.                   $cookie_param['secure'],
    89. 

  89.                   $cookie_param['httponly']
    90. 

  90.              );
    91. 

  91. 	} else {
    92. 

  92. 	     self::$_key= base64_decode($_COOKIE[self::$_keyName]);
    93. 

  93. 	} 
    94. 

  94. 	return true;
    95. 

  95.     }
    96. 

  96.     /**
    97. 

  97.      * Close the session
    98. 

  98.      * 
    99. 

  99.      * @return bool
    100. 

  100.      */
    101. 

  101.     public static function close() {
    102. 

  102.         return true;
    103. 

  103.     }
    104. 

  104.     /**
    105. 

  105.      * Read and decrypt the session
    106. 

  106.      * 
    107. 

  107.      * @param integer $id
    108. 

  108.      * @return string 
    109. 

  109.      */
    110. 

  110.     public static function read($id) {
    111. 

  111.         $sess_file = self::$_path.self::$_name."_$id";
    112. 

  112.   	$data= @file_get_contents($sess_file);
    113. 

  113.   	if (empty($data)) {
    114. 

  114.   		return false;
    115. 

  115.   	}
    116. 

  116.   	$iv= substr($data,0,self::$_ivSize);
    117. 

  117.   	$encrypted= substr($data,self::$_ivSize);
    118. 

  118.   	$decrypt = mcrypt_decrypt(
    119. 

  119.              self::CIPHER,
    120. 

  120.              self::$_key,
    121. 

  121.              $encrypted,
    122. 

  122.              self::CIPHER_MODE,
    123. 

  123.              $iv
    124. 

  124.         );
    125. 

  125.         return rtrim($decrypt, ""); 
    126. 

  126.     }
    127. 

  127.     /**
    128. 

  128.      * Encrypt and write the session
    129. 

  129.      * 
    130. 

  130.      * @param integer $id
    131. 

  131.      * @param string $data
    132. 

  132.      * @return bool
    133. 

  133.      */
    134. 

  134.     public static function write($id, $data) {
    135. 

  135.         $sess_file = self::$_path.self::$_name."_$id";
    136. 

  136. 	$iv= mcrypt_create_iv(self::$_ivSize, MCRYPT_RAND);
    137. 

  137. 	if ($fp = @fopen($sess_file, "w")) {
    138. 

  138. 	     $encrypted= mcrypt_encrypt(
    139. 

  139.                   self::CIPHER,
    140. 

  140.                   self::$_key,
    141. 

  141.                   $data,
    142. 

  142.                   self::CIPHER_MODE,
    143. 

  143.                   $iv
    144. 

  144.               );
    145. 

  145. 	      $return = fwrite($fp, $iv.$encrypted);
    146. 

  146. 	      fclose($fp);
    147. 

  147. 	      return $return;
    148. 

  148. 	 } else {
    149. 

  149. 	      return false;
    150. 

  150. 	 }
    151. 

  151.     }
    152. 

  152.     /**
    153. 

  153.      * Destroy the session
    154. 

  154.      * 
    155. 

  155.      * @param int $id
    156. 

  156.      * @return bool
    157. 

  157.      */
    158. 

  158.     public static function destroy($id) {
    159. 

  159.         $sess_file = self::$_path.self::$_name."_$id";
    160. 

  160.         setcookie (self::$_keyName, '', time() - 3600);
    161. 

  161. 	return(@unlink($sess_file));
    162. 

  162.     }
    163. 

  163.     /**
    164. 

  164.      * Garbage Collector
    165. 

  165.      * 
    166. 

  166.      * @param int $max 
    167. 

  167.      * @return bool
    168. 

  168.      */
    169. 

  169.     public static function gc($max) {
    170. 

  170.     	foreach (glob(self::$_path.self::$_name.'_*') as $filename) {
    171. 

  171.     	     if (filemtime($filename) + $max < time()) {
    172. 

  172.       	          @unlink($filename);
    173. 

  173.     	     }
    174. 

  174.   	}
    175. 

  175.   	return true;
    176. 

  176.     }
    177. 

  177. }
    178. 

  178. // Set the custom PHP session handler
    179. 

  179. ini_set('session.save_handler', 'user');
    180. 

  180. session_set_save_handler(array('SecureSession', 'open'),
    181. 

  181.                          array('SecureSession', 'close'),
    182. 

  182.                          array('SecureSession', 'read'),
    183. 

  183.                          array('SecureSession', 'write'),
    184. 

  184.                          array('SecureSession', 'destroy'),
    185. 

  185.                          array('SecureSession', 'gc')
    186. 

  186. );
    187.