Skip to content
Permalink
Browse files

Merge branch 'develop'

  • Loading branch information...
parkerj committed Jun 18, 2018
2 parents 5cfdf45 + 2e93c9f commit 2983d045bb319e13e14159ce3d858075323b87ad

This file was deleted.

Oops, something went wrong.

This file was deleted.

Oops, something went wrong.
@@ -3,8 +3,8 @@
/**
* Liten - PHP 5 micro framework
*
* @link https://www.litenframework.com
* @since 1.0.0
* @link http://www.litenframework.com
* @version 1.0.0
* @package Liten
*
* The MIT License (MIT)
@@ -28,18 +28,19 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
class Cookies
{
/**
* Liten application object
* @var object|callable
*/
protected $_app;
public $app;
public function __construct(\Liten\Liten $liten = null)
{
$this->_app = !empty($liten) ? $liten : \Liten\Liten::getInstance();
$this->app = !empty($liten) ? $liten : \Liten\Liten::getInstance();
}
/**
@@ -56,7 +57,7 @@ public function token($length = 20)
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return hash($this->_app->config('cookies.crypt'), $randomString);
return hash($this->app->config('cookies.crypt'), $randomString);
}
/**
@@ -69,7 +70,13 @@ public function token($length = 20)
public function set($key, $value, $expires = null)
{
return setcookie(
$key, $value, ($expires == null ? time() + $this->_app->config('cookies.lifetime') : time() + $expires), $this->_app->config('cookies.path'), $this->_app->config('cookies.domain'), $this->_app->config('cookies.secure'), $this->_app->config('cookies.httponly')
$key,
$value,
($expires == null ? time() + $this->app->config('cookies.lifetime') : time() + $expires),
$this->app->config('cookies.path'),
$this->app->config('cookies.domain'),
$this->app->config('cookies.secure'),
$this->app->config('cookies.httponly')
);
}
@@ -95,31 +102,33 @@ public function get($key)
* @return mixed
*
*/
public function setSecureCookie($key, $data, $expires = null)
public function setSecureCookie(array $data)
{
$token = $this->token();
$value = $this->buildCookie($token, $expires);
$value = $this->buildCookie($token, $data['exp']);
file_put_contents(
$this->_app->config('cookies.savepath') . 'cookies.' . $token, $this->_app->hook->maybe_serialize(
[
$key => $data,
'exp' => ($expires == null ? time() + $this->_app->config('cookies.lifetime') : time() + $expires)
]
)
$this->app->config('cookies.savepath') . 'cookies.' . $token,
json_encode($data, JSON_PRETTY_PRINT)
);
return setcookie(
$key, $value, ($expires == null ? time() + $this->_app->config('cookies.lifetime') : time() + $expires), $this->_app->config('cookies.path'), $this->_app->config('cookies.domain'), $this->_app->config('cookies.secure'), $this->_app->config('cookies.httponly')
$data['key'],
$value,
$data['exp'],
$this->app->config('cookies.path'),
$this->app->config('cookies.domain'),
$this->app->config('cookies.secure'),
$this->app->config('cookies.httponly')
);
}
public function getSecureCookie($key)
{
$file = $this->_app->config('cookies.savepath') . 'cookies.' . $this->getCookieVars($key, 'data');
$file = $this->app->config('cookies.savepath') . 'cookies.' . $this->getCookieVars($key, 'data');
if (file_exists($file)) {
$data = $this->_app->hook->maybe_unserialize(file_get_contents($file));
return $data[$key];
$data = json_decode(file_get_contents($file));
return $data;
}
return false;
}
@@ -134,7 +143,13 @@ public function getSecureCookie($key)
public function remove($key)
{
return setcookie(
$key, '', time() - (432000 + $this->_app->config('cookies.lifetime')), $this->_app->config('cookies.path'), $this->_app->config('cookies.domain'), $this->_app->config('cookies.secure'), $this->_app->config('cookies.httponly')
$key,
'',
time() - (432000 + $this->app->config('cookies.lifetime')),
$this->app->config('cookies.path'),
$this->app->config('cookies.domain'),
$this->app->config('cookies.secure'),
$this->app->config('cookies.httponly')
);
}
@@ -143,12 +158,10 @@ public function remove($key)
*
* @param string $data Cookie value: e.g. random token or hash
*/
public function buildCookie($data, $expires = null)
public function buildCookie($data, $expires)
{
$time = ($expires == null ? time() + $this->_app->config('cookies.lifetime') : $expires + time());
$string = sprintf("exp=%s&data=%s", urlencode($time), urlencode($data));
$mac = hash_hmac($this->_app->config('cookies.crypt'), $string, $this->_app->config('cookies.secret.key'));
$string = sprintf("exp=%s&data=%s", urlencode($expires), urlencode($data));
$mac = hash_hmac($this->app->config('cookies.crypt'), $string, $this->app->config('cookies.secret.key'));
return $string . '&digest=' . urlencode($mac);
}
@@ -180,32 +193,28 @@ public function getCookieData($key)
/**
* Verifies the expiry and MAC for the cookie
*
* @param string $cookie String from the client
* @param string $key String from the client
* @return bool
*/
public function verifySecureCookie($key)
{
$cookieFile = glob($this->_app->config('cookies.savepath') . 'cookies.*');
foreach ($cookieFile as $file) {
if (file_exists($file)) {
$exp = $this->_app->hook->maybe_unserialize(file_get_contents($file));
}
}
$file = $this->app->config('cookies.savepath') . 'cookies.' . $this->getCookieVars($key, 'data');
$data = $this->getSecureCookie($key);
/**
* If the cookie exists and it is expired, delete it
* from the server side.
*/
if (file_exists($file) && $exp['exp'] < time()) {
if ($data && $data->exp < time()) {
unlink($file);
}
if ($this->getCookieVars($key, 'exp') === null || $this->getCookieVars($key, 'exp') < time()) {
// The cookie has expired
return false;
}
$mac = sprintf("exp=%s&data=%s", urlencode($this->getCookieVars($key, 'exp')), urlencode($this->getCookieVars($key, 'data')));
$hash = hash_hmac($this->_app->config('cookies.crypt'), $mac, $this->_app->config('cookies.secret.key'));
$hash = hash_hmac($this->app->config('cookies.crypt'), $mac, $this->app->config('cookies.secret.key'));
if (!hash_equals($this->getCookieVars($key, 'digest'), $hash)) {
// The cookie has been compromised
Oops, something went wrong.

0 comments on commit 2983d04

Please sign in to comment.
You can’t perform that action at this time.