This repository was archived by the owner on Dec 5, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSession.php
More file actions
166 lines (150 loc) · 3.22 KB
/
Session.php
File metadata and controls
166 lines (150 loc) · 3.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
<?php
/**
* Session.php
* Contains the THINKER_Session class
*
* @author Cory Gehr
*/
class THINKER_Session
{
private static $instance; // Instance variable
public $sessionID; // Session ID
/**
* __construct()
* Constructor for the THINKER_Session Class
*
* @author Cory Gehr
* @access protected
*/
protected function __construct()
{
global $_INFO;
// Start session
session_start();
// Get and store the Session ID
$this->sessionID = session_id();
// Create a CSRF token
$_SESSION['CSRF_TOKEN'] = base64_encode(openssl_random_pseudo_bytes(32));
}
/**
* __clone()
* Disables PHP5's cloning method for sessions
* Removes ability to make copies of a session
*
* @author Joe Stump <joe@joestump.net>
* @access public
*/
public function __clone()
{
trigger_error('Clone is not allowed for ' . __CLASS__, E_USER_ERROR);
}
/**
* __destruct()
* Destructor for the THINK_Session class
*
* @access public
*/
public function __destruct()
{
// Write a session closure to the PHP log
session_write_close();
}
/**
* __get()
* Returns a requested Session Variable
*
* @author Cory Gehr
* @access public
* @param $var: Index in $_SESSION (can be a Key ex: email)
* @return Session Details
*/
public function __get($var)
{
return $_SESSION[$var];
}
/**
* __set()
* Sets a session variable
*
* @access public
* @param $var: Session Variable Name
* @param $val: Value to set Variable to
* @return True if Successful, False if Failure
*/
public function __set($var, $val)
{
return ($_SESSION[$var] = $val);
}
/**
* auth()
* Checks user access to an object
*
* @author Cory Gehr
* @access public
* @param $objType: Object Type (default: section)
* @param $params: Object parameters (default: Empty Array)
* @return True if Granted, False if Denied
*/
public function auth($objType = 'section', $params = array())
{
return true;
}
/**
* destroy()
* Destroys a session
*
* @author Cory Gehr
* @access public
*/
public function destroy()
{
// Clear all session variables
foreach($_SESSION as $var => $val)
{
$_SESSION[$var] = null;
}
// Destroy the session
session_destroy();
}
/**
* singleton()
* Returns a single instance of the session class
*
* @author Joe Stump <joe@joestump.net>
* @access public
* @return mixed Instance of Session
*/
public static function singleton()
{
if(!isset(self::$instance))
{
$className = SESSION_CLASS;
self::$instance = new $className;
}
return self::$instance;
}
/**
* varExists()
* Checks for the existence of a Session Variable
*
* @access public
* @param $var: Session Variable Name
* @return True if Exists, False if Nonexistent
*/
public function varExists($var)
{
return isset($_SESSION[$var]);
}
/**
* verifyCsrfToken()
* Verifies that a csrfToken input matches that for the session
*
* @access public
* @param $inputVarName: Name of the CSRF Token Parameter (default: csrfToken)
* @return True if Valid Token, False if Invalid
*/
public function verifyCsrfToken($inputVarName = 'csrfToken')
{
return (getPageVar($inputVarName, 'str', 'REQUEST', true, false) == $_SESSION['CSRF_TOKEN']);
}
}