Update session class with checks, etc
Add a write close session call to end a session for AJAX calls Add error strings to session start method Add check call for session names that they are valid
This commit is contained in:
@@ -17,6 +17,7 @@ if ($DEBUG_ALL) {
|
|||||||
* @param int $status
|
* @param int $status
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
|
/** @phan-suppress-next-line PhanRedefineFunction */
|
||||||
function getSessionStatusString(int $status): string
|
function getSessionStatusString(int $status): string
|
||||||
{
|
{
|
||||||
switch ($status) {
|
switch ($status) {
|
||||||
@@ -82,7 +83,7 @@ echo "Global session name: " . ($GLOBALS['SET_SESSION_NAME'] ?? '-') . "<br>";
|
|||||||
|
|
||||||
print "[UNSET] Current session id: " . Session::getSessionId() . "<br>";
|
print "[UNSET] Current session id: " . Session::getSessionId() . "<br>";
|
||||||
print "[UNSET] Current session name: " . Session::getSessionName() . "<br>";
|
print "[UNSET] Current session name: " . Session::getSessionName() . "<br>";
|
||||||
print "[UNSET] Current session active: " . Session::checkActiveSession() . "<br>";
|
print "[UNSET] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
|
||||||
print "[UNSET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
print "[UNSET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
||||||
if (isset($_SESSION)) {
|
if (isset($_SESSION)) {
|
||||||
print "[UNSET] _SESSION is: set<br>";
|
print "[UNSET] _SESSION is: set<br>";
|
||||||
@@ -92,22 +93,20 @@ if (isset($_SESSION)) {
|
|||||||
#
|
#
|
||||||
print "[UNSET] To set session name valid: "
|
print "[UNSET] To set session name valid: "
|
||||||
. (Session::checkValidSessionName($session_name) ? 'Valid' : 'Invalid') . "<br>";
|
. (Session::checkValidSessionName($session_name) ? 'Valid' : 'Invalid') . "<br>";
|
||||||
$session = Session::startSession($session_name);
|
if (false === ($session = Session::startSession($session_name))) {
|
||||||
if ($session === false) {
|
|
||||||
print "[FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
print "[FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
||||||
} else {
|
} else {
|
||||||
print "[SET] Current session id: " . $session . "<br>";
|
print "[SET] Current session id: " . $session . "<br>";
|
||||||
}
|
}
|
||||||
// set again
|
// set again
|
||||||
$session = Session::startSession($session_name);
|
if (false === ($session = Session::startSession($session_name))) {
|
||||||
if ($session === false) {
|
|
||||||
print "[2 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
print "[2 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
||||||
} else {
|
} else {
|
||||||
print "[2 SET] Current session id: " . $session . "<br>";
|
print "[2 SET] Current session id: " . $session . "<br>";
|
||||||
}
|
}
|
||||||
print "[SET] Current session id: " . Session::getSessionId() . "<br>";
|
print "[SET] Current session id: " . Session::getSessionId() . "<br>";
|
||||||
print "[SET] Current session name: " . Session::getSessionName() . "<br>";
|
print "[SET] Current session name: " . Session::getSessionName() . "<br>";
|
||||||
print "[SET] Current session active: " . Session::checkActiveSession() . "<br>";
|
print "[SET] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
|
||||||
print "[SET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
print "[SET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
||||||
if (isset($_SESSION)) {
|
if (isset($_SESSION)) {
|
||||||
print "[SET] _SESSION is: set<br>";
|
print "[SET] _SESSION is: set<br>";
|
||||||
@@ -126,8 +125,7 @@ print "[READ] Confirm " . $var . " is " . $value . ": "
|
|||||||
|
|
||||||
// differnt session name
|
// differnt session name
|
||||||
$session_name = 'class-test-session-ALT';
|
$session_name = 'class-test-session-ALT';
|
||||||
$session = Session::startSession($session_name);
|
if (false === ($session = Session::startSession($session_name))) {
|
||||||
if ($session === false) {
|
|
||||||
print "[3 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
print "[3 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
||||||
} else {
|
} else {
|
||||||
print "[3 SET] Current session id: " . $session . "<br>";
|
print "[3 SET] Current session id: " . $session . "<br>";
|
||||||
@@ -143,8 +141,7 @@ $_SESSION['will_never_be_written'] = 'empty';
|
|||||||
|
|
||||||
// open again
|
// open again
|
||||||
$session_name = 'class-test-session';
|
$session_name = 'class-test-session';
|
||||||
$session = Session::startSession($session_name);
|
if (false === ($session = Session::startSession($session_name))) {
|
||||||
if ($session === false) {
|
|
||||||
print "[4 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
print "[4 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
||||||
} else {
|
} else {
|
||||||
print "[4 SET] Current session id: " . $session . "<br>";
|
print "[4 SET] Current session id: " . $session . "<br>";
|
||||||
@@ -152,6 +149,20 @@ if ($session === false) {
|
|||||||
print "[START AGAIN] Current session id: " . Session::getSessionId() . "<br>";
|
print "[START AGAIN] Current session id: " . Session::getSessionId() . "<br>";
|
||||||
$_SESSION['will_be_written_again'] = 'Full';
|
$_SESSION['will_be_written_again'] = 'Full';
|
||||||
|
|
||||||
|
// close session
|
||||||
|
Session::writeClose();
|
||||||
|
// invalid
|
||||||
|
$session_name = '123';
|
||||||
|
if (false === ($session = Session::startSession($session_name))) {
|
||||||
|
print "[5 FAILED] Session start failed: " . Session::getErrorStr() . "<br>";
|
||||||
|
} else {
|
||||||
|
print "[5 SET] Current session id: " . $session . "<br>";
|
||||||
|
}
|
||||||
|
print "[BAD NAME] Current session id: " . Session::getSessionId() . "<br>";
|
||||||
|
print "[BAD NAME] Current session name: " . Session::getSessionName() . "<br>";
|
||||||
|
print "[BAD NAME] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
|
||||||
|
print "[BAD NAME] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
||||||
|
|
||||||
// error message
|
// error message
|
||||||
print $log->printErrorMsg();
|
print $log->printErrorMsg();
|
||||||
|
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ if ($DEBUG_ALL) {
|
|||||||
* @param int $status
|
* @param int $status
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
|
/** @phan-suppress-next-line PhanRedefineFunction */
|
||||||
function getSessionStatusString(int $status): string
|
function getSessionStatusString(int $status): string
|
||||||
{
|
{
|
||||||
switch ($status) {
|
switch ($status) {
|
||||||
@@ -78,27 +79,25 @@ echo "Global session name: " . ($GLOBALS['SET_SESSION_NAME'] ?? '-') . "<br>";
|
|||||||
|
|
||||||
print "[UNSET] Current session id: " . Session::getSessionId() . "<br>";
|
print "[UNSET] Current session id: " . Session::getSessionId() . "<br>";
|
||||||
print "[UNSET] Current session name: " . Session::getSessionName() . "<br>";
|
print "[UNSET] Current session name: " . Session::getSessionName() . "<br>";
|
||||||
print "[UNSET] Current session active: " . Session::checkActiveSession() . "<br>";
|
print "[UNSET] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
|
||||||
print "[UNSET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
print "[UNSET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
||||||
|
|
||||||
print "[READ] " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>";
|
print "[READ] " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>";
|
||||||
// start
|
// start
|
||||||
$session = Session::startSession($session_name);
|
if (false === ($session = Session::startSession($session_name))) {
|
||||||
if ($session === false) {
|
|
||||||
print "Session start failed: " . Session::getErrorStr() . "<br>";
|
print "Session start failed: " . Session::getErrorStr() . "<br>";
|
||||||
} else {
|
} else {
|
||||||
print "Current session id: " . $session . "<br>";
|
print "Current session id: " . $session . "<br>";
|
||||||
}
|
}
|
||||||
// set again
|
// set again
|
||||||
$session = Session::startSession($session_name);
|
if (false === ($session = Session::startSession($session_name))) {
|
||||||
if ($session === false) {
|
|
||||||
print "[2] Session start failed<br>";
|
print "[2] Session start failed<br>";
|
||||||
} else {
|
} else {
|
||||||
print "[2] Current session id: " . $session . "<br>";
|
print "[2] Current session id: " . $session . "<br>";
|
||||||
}
|
}
|
||||||
print "[SET] Current session id: " . Session::getSessionId() . "<br>";
|
print "[SET] Current session id: " . Session::getSessionId() . "<br>";
|
||||||
print "[SET] Current session name: " . Session::getSessionName() . "<br>";
|
print "[SET] Current session name: " . Session::getSessionName() . "<br>";
|
||||||
print "[SET] Current session active: " . Session::checkActiveSession() . "<br>";
|
print "[SET] Current session active: " . (Session::checkActiveSession() ? 'Yes' : 'No') . "<br>";
|
||||||
print "[SET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
print "[SET] Current session status: " . getSessionStatusString(Session::getSessionStatus()) . "<br>";
|
||||||
print "[READ] " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>";
|
print "[READ] " . $var . ": " . ($_SESSION[$var] ?? '{UNSET}') . "<br>";
|
||||||
print "[READ] Confirm " . $var . " is " . $value . ": "
|
print "[READ] Confirm " . $var . " is " . $value . ": "
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ namespace CoreLibs\Create;
|
|||||||
|
|
||||||
class Session
|
class Session
|
||||||
{
|
{
|
||||||
|
/** @var string list for errors*/
|
||||||
|
private static $error_str = '';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* init a session
|
* init a session
|
||||||
*/
|
*/
|
||||||
@@ -25,6 +28,41 @@ class Session
|
|||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return set error string, empty if none set
|
||||||
|
*
|
||||||
|
* @return string Last error string
|
||||||
|
*/
|
||||||
|
public static function getErrorStr(): string
|
||||||
|
{
|
||||||
|
return self::$error_str;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* check if session name is valid
|
||||||
|
*
|
||||||
|
* As from PHP 8.1/8.0/7.4 error
|
||||||
|
* INVALID CHARS: =,; \t\r\n\013\014
|
||||||
|
* NOTE: using . will fail even thought valid
|
||||||
|
* we allow only alphanumeric with - (dash) and 1 to 128 characters
|
||||||
|
*
|
||||||
|
* @param string $session_name any string, not null
|
||||||
|
* @return bool True for valid, False for invalid
|
||||||
|
*/
|
||||||
|
public static function checkValidSessionName(string $session_name): bool
|
||||||
|
{
|
||||||
|
// check
|
||||||
|
if (
|
||||||
|
// must only have those
|
||||||
|
!preg_match('/^[-a-zA-Z0-9]{1,128}$/', $session_name) ||
|
||||||
|
// cannot be only numbers
|
||||||
|
preg_match('/^[0-9]+$/', $session_name)
|
||||||
|
) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Undocumented function
|
* Undocumented function
|
||||||
*
|
*
|
||||||
@@ -35,10 +73,12 @@ class Session
|
|||||||
{
|
{
|
||||||
// we can't start sessions on command line
|
// we can't start sessions on command line
|
||||||
if (php_sapi_name() === 'cli') {
|
if (php_sapi_name() === 'cli') {
|
||||||
|
self::$error_str = '[SESSION] No sessions in php cli';
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// if session are OFF
|
// if session are OFF
|
||||||
if (self::getSessionStatus() === PHP_SESSION_DISABLED) {
|
if (self::getSessionStatus() === PHP_SESSION_DISABLED) {
|
||||||
|
self::$error_str = '[SESSION] Sessions are disabled';
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// session_status
|
// session_status
|
||||||
@@ -59,6 +99,11 @@ class Session
|
|||||||
}
|
}
|
||||||
// if set, set special session name
|
// if set, set special session name
|
||||||
if (!empty($session_name)) {
|
if (!empty($session_name)) {
|
||||||
|
// invalid session name, abort
|
||||||
|
if (!self::checkValidSessionName($session_name)) {
|
||||||
|
self::$error_str = '[SESSION] Invalid session name: ' . $session_name;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
session_name($session_name);
|
session_name($session_name);
|
||||||
}
|
}
|
||||||
// start session
|
// start session
|
||||||
@@ -66,6 +111,7 @@ class Session
|
|||||||
}
|
}
|
||||||
// if we still have no active session
|
// if we still have no active session
|
||||||
if (!self::checkActiveSession()) {
|
if (!self::checkActiveSession()) {
|
||||||
|
self::$error_str = '[SESSION] Failed to activate session';
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return self::getSessionId();
|
return self::getSessionId();
|
||||||
@@ -95,7 +141,7 @@ class Session
|
|||||||
* Checks if there is an active session.
|
* Checks if there is an active session.
|
||||||
* Does not check if we can have a session
|
* Does not check if we can have a session
|
||||||
*
|
*
|
||||||
* @return boolean True if there is an active session, else false
|
* @return bool True if there is an active session, else false
|
||||||
*/
|
*/
|
||||||
public static function checkActiveSession(): bool
|
public static function checkActiveSession(): bool
|
||||||
{
|
{
|
||||||
@@ -106,6 +152,19 @@ class Session
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* unlock the session file, so concurrent AJAX requests can be done
|
||||||
|
* NOTE: after this has been called, no changes in _SESSION will be stored
|
||||||
|
* NOTE: a new session with a different name can be started after this one is called
|
||||||
|
* if problem, run ob_flush() and flush() too
|
||||||
|
*
|
||||||
|
* @return bool True und sucess, false on failure
|
||||||
|
*/
|
||||||
|
public static function writeClose(): bool
|
||||||
|
{
|
||||||
|
return session_write_close();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* get session status
|
* get session status
|
||||||
* PHP_SESSION_DISABLED if sessions are disabled.
|
* PHP_SESSION_DISABLED if sessions are disabled.
|
||||||
|
|||||||
Reference in New Issue
Block a user