Merge pull request #1086 from virtualtam/refactor/login

Refactor user login and session management
author: VirtualTam <virtualtam+github@flibidi.net> 2018-06-03 18:26:32 +0200
committer: GitHub <noreply@github.com> 2018-06-03 18:26:32 +0200
commit: d9cd27322a97e6ed3a8b11a380ef0080e3baf79c (patch)
tree: c4299a352b3f4c518f79eb7208f667f68f8e9388 /application/SessionManager.php
parent: 8f816d8ddfe9219e15580cef6e5c9037d1d4fd28 (diff)
parent: 8edd7f15886620b07064aa889aea05c5acbc0e58 (diff)
download: Shaarli-d9cd27322a97e6ed3a8b11a380ef0080e3baf79c.tar.gz
Shaarli-d9cd27322a97e6ed3a8b11a380ef0080e3baf79c.tar.zst
Shaarli-d9cd27322a97e6ed3a8b11a380ef0080e3baf79c.zip
1 files changed, 0 insertions, 83 deletions
diff --git a/application/SessionManager.php b/application/SessionManager.php
deleted file mode 100644
index 71f0b38d..00000000
--- a/application/SessionManager.php
+++ /dev/null
@@ -1,83 +0,0 @@
-<?php
-namespace Shaarli;
-/**
- * Manages the server-side session
- */
-class SessionManager
-{
-    protected $session = [];
-    /**
-     * Constructor
-     *
-     * @param array         $session The $_SESSION array (reference)
-     * @param ConfigManager $conf    ConfigManager instance
-     */
-    public function __construct(& $session, $conf)
-    {
-        $this->session = &$session;
-        $this->conf = $conf;
-    }
-    /**
-     * Generates a session token
-     *
-     * @return string token
-     */
-    public function generateToken()
-    {
-        $token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt'));
-        $this->session['tokens'][$token] = 1;
-        return $token;
-    }
-    /**
-     * Checks the validity of a session token, and destroys it afterwards
-     *
-     * @param string $token The token to check
-     *
-     * @return bool true if the token is valid, else false
-     */
-    public function checkToken($token)
-    {
-        if (! isset($this->session['tokens'][$token])) {
-            // the token is wrong, or has already been used
-            return false;
-        }
-        // destroy the token to prevent future use
-        unset($this->session['tokens'][$token]);
-        return true;
-    }
-    /**
-     * Validate session ID to prevent Full Path Disclosure.
-     *
-     * See #298.
-     * The session ID's format depends on the hash algorithm set in PHP settings
-     *
-     * @param string $sessionId Session ID
-     *
-     * @return true if valid, false otherwise.
-     *
-     * @see http://php.net/manual/en/function.hash-algos.php
-     * @see http://php.net/manual/en/session.configuration.php
-     */
-    public static function checkId($sessionId)
-    {
-        if (empty($sessionId)) {
-            return false;
-        }
-        if (!$sessionId) {
-            return false;
-        }
-        if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) {
-            return false;
-        }
-        return true;
-    }
-}
author	VirtualTam <virtualtam+github@flibidi.net>	2018-06-03 18:26:32 +0200
committer	GitHub <noreply@github.com>	2018-06-03 18:26:32 +0200
commit	d9cd27322a97e6ed3a8b11a380ef0080e3baf79c (patch)
tree	c4299a352b3f4c518f79eb7208f667f68f8e9388 /application/SessionManager.php
parent	8f816d8ddfe9219e15580cef6e5c9037d1d4fd28 (diff)
parent	8edd7f15886620b07064aa889aea05c5acbc0e58 (diff)
download	Shaarli-d9cd27322a97e6ed3a8b11a380ef0080e3baf79c.tar.gz Shaarli-d9cd27322a97e6ed3a8b11a380ef0080e3baf79c.tar.zst Shaarli-d9cd27322a97e6ed3a8b11a380ef0080e3baf79c.zip

diff --git a/application/SessionManager.php b/application/SessionManager.php deleted file mode 100644 index 71f0b38d..00000000 --- a/application/SessionManager.php +++ /dev/null
@@ -1,83 +0,0 @@
1	<?php
2	namespace Shaarli;
3
4	/**
5	* Manages the server-side session
6	*/
7	class SessionManager
8	{
9	protected $session = [];
10
11	/**
12	* Constructor
13	*
14	* @param array $session The $_SESSION array (reference)
15	* @param ConfigManager $conf ConfigManager instance
16	*/
17	public function __construct(& $session, $conf)
18	{
19	$this->session = &$session;
20	$this->conf = $conf;
21	}
22
23	/**
24	* Generates a session token
25	*
26	* @return string token
27	*/
28	public function generateToken()
29	{
30	$token = sha1(uniqid('', true) .'_'. mt_rand() . $this->conf->get('credentials.salt'));
31	$this->session['tokens'][$token] = 1;
32	return $token;
33	}
34
35	/**
36	* Checks the validity of a session token, and destroys it afterwards
37	*
38	* @param string $token The token to check
39	*
40	* @return bool true if the token is valid, else false
41	*/
42	public function checkToken($token)
43	{
44	if (! isset($this->session['tokens'][$token])) {
45	// the token is wrong, or has already been used
46	return false;
47	}
48
49	// destroy the token to prevent future use
50	unset($this->session['tokens'][$token]);
51	return true;
52	}
53
54	/**
55	* Validate session ID to prevent Full Path Disclosure.
56	*
57	* See #298.
58	* The session ID's format depends on the hash algorithm set in PHP settings
59	*
60	* @param string $sessionId Session ID
61	*
62	* @return true if valid, false otherwise.
63	*
64	* @see http://php.net/manual/en/function.hash-algos.php
65	* @see http://php.net/manual/en/session.configuration.php
66	*/
67	public static function checkId($sessionId)
68	{
69	if (empty($sessionId)) {
70	return false;
71	}
72
73	if (!$sessionId) {
74	return false;
75	}
76
77	if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) {
78	return false;
79	}
80
81	return true;
82	}
83	}