is a web application for booking meeting rooms or other resources (using PHP and MySQL/pgsql).
| SessionCookie.php (mrbs-1.9.4) | : | SessionCookie.php (mrbs-1.10.0) |
|---|
| | |
| skipping to change at line 26 | | skipping to change at line 26 |
|---|
| | |
| self::$cookie_path = \MRBS\get_cookie_path(); | | self::$cookie_path = \MRBS\get_cookie_path(); |
| | |
| // Delete old-style cookies | | // Delete old-style cookies |
| if (!empty($_COOKIE) && isset($_COOKIE["UserName"])) | | if (!empty($_COOKIE) && isset($_COOKIE["UserName"])) |
| { | | { |
| setcookie('UserName', '', time()-42000, self::$cookie_path); | | setcookie('UserName', '', time()-42000, self::$cookie_path); |
| } | | } |
| } | | } |
| | |
|
| public function getCurrentUser() | | public function getCurrentUser() : ?User |
| { | | { |
| global $auth; | | global $auth; |
| | |
| static $cached_user = null; | | static $cached_user = null; |
| static $have_checked_cookie = false; | | static $have_checked_cookie = false; |
| | |
| if (!$have_checked_cookie) | | if (!$have_checked_cookie) |
| { | | { |
| $data = self::getCookie('SessionToken', | | $data = self::getCookie('SessionToken', |
| $auth['session_cookie']['hash_algorithm'], | | $auth['session_cookie']['hash_algorithm'], |
| $auth['session_cookie']['secret']); | | $auth['session_cookie']['secret']); |
| | |
| $cached_user = (isset($data['user'])) ? $data['user'] : null; | | $cached_user = (isset($data['user'])) ? $data['user'] : null; |
| $have_checked_cookie = true; | | $have_checked_cookie = true; |
| } | | } |
| | |
| return $cached_user; | | return $cached_user; |
| } | | } |
| | |
|
| protected function logonUser($username) | | protected function logonUser(string $username) : void |
| { | | { |
| global $auth; | | global $auth; |
| | |
| if ($auth['session_cookie']['session_expire_time'] == 0) | | if ($auth['session_cookie']['session_expire_time'] == 0) |
| { | | { |
| $expiry_time = 0; | | $expiry_time = 0; |
| } | | } |
| else | | else |
| { | | { |
| $expiry_time = time() + $auth['session_cookie']['session_expire_time']; | | $expiry_time = time() + $auth['session_cookie']['session_expire_time']; |
| | |
| skipping to change at line 69 | | skipping to change at line 69 |
|---|
| $user = \MRBS\auth()->getUser($username); | | $user = \MRBS\auth()->getUser($username); |
| | |
| self::setCookie('SessionToken', | | self::setCookie('SessionToken', |
| $auth['session_cookie']['hash_algorithm'], | | $auth['session_cookie']['hash_algorithm'], |
| $auth['session_cookie']['secret'], | | $auth['session_cookie']['secret'], |
| array('user' => $user, | | array('user' => $user, |
| 'username' => $username), | | 'username' => $username), |
| $expiry_time); | | $expiry_time); |
| } | | } |
| | |
|
| public function logoffUser() | | public function logoffUser() : void |
| { | | { |
| // Delete cookie | | // Delete cookie |
| setcookie('SessionToken', '', time()-42000, self::$cookie_path); | | setcookie('SessionToken', '', time()-42000, self::$cookie_path); |
| } | | } |
| | |
| // Wrapper for setting cookies | | // Wrapper for setting cookies |
|
| public static function setCookie($name, $hash_algorithm, $secret, array $data,
$expiry=0) | | public static function setCookie(string $name, string $hash_algorithm, string
$secret, array $data, int $expiry=0) : void |
| { | | { |
| global $auth, $server; | | global $auth, $server; |
| | |
| assert(!isset($data['expiry']), "'expiry' is a reserved data key"); | | assert(!isset($data['expiry']), "'expiry' is a reserved data key"); |
| assert(!isset($data['ip']), "'ip' is a reserved data key"); | | assert(!isset($data['ip']), "'ip' is a reserved data key"); |
| | |
| $data['expiry'] = $expiry; | | $data['expiry'] = $expiry; |
| | |
| if ($auth['session_cookie']['include_ip']) | | if ($auth['session_cookie']['include_ip']) |
| { | | { |
| | |
| skipping to change at line 100 | | skipping to change at line 100 |
|---|
| $json_data = json_encode($data); | | $json_data = json_encode($data); |
| | |
| $hash = self::getHash($hash_algorithm, $json_data, $secret); | | $hash = self::getHash($hash_algorithm, $json_data, $secret); |
| | |
| setcookie($name, | | setcookie($name, |
| "${hash}_" . base64_encode($json_data), | | "${hash}_" . base64_encode($json_data), |
| $expiry, | | $expiry, |
| self::$cookie_path); | | self::$cookie_path); |
| } | | } |
| | |
|
| public static function getCookie($name, $hash_algorithm, $secret) | | public static function getCookie(string $name, string $hash_algorithm, string
$secret) : array |
| { | | { |
| global $auth, $server; | | global $auth, $server; |
| | |
| if (empty($_COOKIE) || !isset($_COOKIE[$name])) | | if (empty($_COOKIE) || !isset($_COOKIE[$name])) |
| { | | { |
| return array(); | | return array(); |
| } | | } |
| | |
| $token = $_COOKIE[$name]; | | $token = $_COOKIE[$name]; |
| | |
| | |
| skipping to change at line 170 | | skipping to change at line 170 |
|---|
| if (isset($data['user'])) | | if (isset($data['user'])) |
| { | | { |
| $tmp = $data['user']; | | $tmp = $data['user']; |
| $data['user'] = new User(); | | $data['user'] = new User(); |
| $data['user']->load($tmp); | | $data['user']->load($tmp); |
| } | | } |
| | |
| return $data; | | return $data; |
| } | | } |
| | |
|
| private static function getHash($algo, $data, $key) | | private static function getHash(string $algo, string $data, string $key) |
| { | | { |
| if (!function_exists('hash_hmac')) | | if (!function_exists('hash_hmac')) |
| { | | { |
| \MRBS\fatal_error("It appears that your PHP has the hash functions " . | | \MRBS\fatal_error("It appears that your PHP has the hash functions " . |
| "disabled, which are required for the 'cookie' " . | | "disabled, which are required for the 'cookie' " . |
| "session scheme."); | | "session scheme."); |
| } | | } |
| | |
| return hash_hmac($algo, $data, $key); | | return hash_hmac($algo, $data, $key); |
| } | | } |
| | | |
| End of changes. 6 change blocks. |
|---|
| 6 lines changed or deleted | | 6 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 