You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
96 lines
3.1 KiB
96 lines
3.1 KiB
<?php
|
|
|
|
declare(strict_types = 1);
|
|
|
|
/**
|
|
* @author Robert Strutts
|
|
* @copyright (c) 2026, Robert Strutts
|
|
* @license MIT
|
|
*/
|
|
namespace IOcornerstone\Framework;
|
|
|
|
use IOcornerstone\Framework\Services\Sessions\{
|
|
RedisSessionHandler as RedisSes,
|
|
FileSessionHandler as FileSes,
|
|
CookieSessionHandler as CookieSes
|
|
};
|
|
use IOcornerstone\Framework\{
|
|
Common,
|
|
Configure,
|
|
Registry
|
|
};
|
|
|
|
final class SessionManagement
|
|
{
|
|
public static function start(
|
|
array $options = [],
|
|
string $type = "",
|
|
$enc = false
|
|
): void {
|
|
if (empty($type)) {
|
|
$type = Configure::get('sessions', 'type');
|
|
}
|
|
if ($enc === false) {
|
|
$exists = Registry::get('di')->exists('session_encryption');
|
|
if ($exists) {
|
|
$enc = Registry::get('di')->get_service('session_encryption');
|
|
}
|
|
}
|
|
if ($type === "none" || $type === "php") {
|
|
self::makeSessionStarted();
|
|
return;
|
|
}
|
|
$handler = match($type) {
|
|
'redis' => new RedisSes($enc, $options),
|
|
'files' => new FileSes($enc, $options),
|
|
default => new CookieSes($enc, $options),
|
|
};
|
|
session_set_save_handler($handler);
|
|
self::makeSessionStarted();
|
|
}
|
|
|
|
private static function makeSessionStarted(bool $force_secure = false) {
|
|
if ((function_exists('session_status') && session_status() !== PHP_SESSION_ACTIVE) || !session_id()) {
|
|
$name = Configure::get('sessions', 'session_name');
|
|
if ($name !== null) {
|
|
session_name($name);
|
|
}
|
|
|
|
if (! headers_sent()) {
|
|
$use_secure = (USE_SECURE) ? 1 : 0;
|
|
$use_secure = ($force_secure) ? 1 : $use_secure;
|
|
session_start([
|
|
'cookie_lifetime' => 0, // until browser is closed
|
|
'cookie_secure' => $use_secure, // require secure cookies if HTTPS is used
|
|
'use_only_cookies' => 1, // should be 1 to prevent URL attacks
|
|
'cookie_httponly' => 1, // should be 1 to disable JavaScript access
|
|
'cookie_samesite' => 'Strict', // should be Strict to prevent XSS
|
|
// So you need it when you do not want to allow a user to pre-define the session ID value. You normally want to prevent that to reduce the attack surface.
|
|
'use_strict_mode' => 1, // Note: Enabling session.use_strict_mode is mandatory for general session security. All sites are advised to enable this.
|
|
'use_trans_sid' => 0, // should be kept at the default of 0: URL based session management has additional security risks
|
|
]);
|
|
}
|
|
}
|
|
}
|
|
|
|
public static function hasUserRight(string $right): bool {
|
|
$rights = (isset($_SESSION['users_rights'])) ? $_SESSION['users_rights'] : false;
|
|
if ($rights === false) {
|
|
return false;
|
|
}
|
|
if (! json_validate($right)) {
|
|
return false;
|
|
}
|
|
$assoc = true; // Use Array format
|
|
$a_rights = json_decode($rights, $assoc);
|
|
if (in_array($right, $a_rights)) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public static function getUserId(): int {
|
|
$sid = (isset($_SESSION['user_id'])) ? $_SESSION['user_id'] : 0;
|
|
return intval($sid);
|
|
}
|
|
}
|
|
|