Sessions

04e441ae · Alex Ne · eb8b61a5 · 04e441ae · 04e441ae · 04e441ae
Commit 04e441ae authored Jun 28, 2016 by Alex Ne
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 13 deletions

Session.php Accounting/Session.php +33 -8

IDEA.php Security/Crypto/IDEA.php +9 -4

Session.php Session.php +1 -1

No files found.
--- a/Accounting/Session.php
+++ b/Accounting/Session.php
@@ -16,14 +16,14 @@ class SessionHacked extends \X\ETrace\Notification {}
 *  	hs 	= is_https(bool)
 *
 * 	crypto cheksum:
- * 		cheksum = ((( a & ( ! s ) ) ^ cc ) & u ) >> (t ^ op1)
+ * 		cheksum = ((( a & ( ! s ) ) | cc ) ^ u ) >> (t ^ op1)
 *
 * 	crypto code:
 * 		code = rand(0,time());
 * 		next_code = (code >> op2) ^ op3
 * 		prev_code =	(code ^ op3) << op2
 */
-class Session extends X\Security\Crypto\IDEA {
+class Session extends \X\Security\Crypto\IDEA {
 	//protected function BitwiseCROR($v, $c)
 	//protected function BitwiseCROL($v, $c)
 	use \X\Tool\BitwiseCyclicShift;
@@ -59,10 +59,10 @@ class Session extends X\Security\Crypto\IDEA {
 	}

 	protected function read_session() {
-		$In            = \X_Input();
+		$In            = new \X_Input();
 		$this->session = $In->CookieValue($this->session_name, false) ?: $In->Request($this->session_name, "")->string();
 		if (strlen($this->session) > 0) {
-			if (is_array($session_data = $this->decrypt_b64($this->session))) {
+			if (is_array($session_data = $this->explode(gzuncompress($this->decrypt_b64($this->session))))) {
 				if (isset($session_data["cs"]) && $session_data["cs"] == $this->crypto_checksum($session_data)) {
 					$this->session_data = $session_data;
 					return true;
@@ -81,8 +81,9 @@ class Session extends X\Security\Crypto\IDEA {
 		if ( ! isset($session_data["cc"])) {
 			$session_data["cc"] = $this->crypto_code_new();
 		}
-		$session_data["cs"] = $this->crypto_checksum($session_data);
-		return $this->crypt_b64($session_data);
+		$session_data["cs"]   = $this->crypto_checksum($session_data);
+		$this->session_data   = $session_data;
+		return $this->session = $this->crypt_b64(gzcompress($this->implode($session_data)));
 	}

 	/**
@@ -134,11 +135,11 @@ class Session extends X\Security\Crypto\IDEA {
 	 */
 	protected function crypto_checksum($session_data) {
 		if (is_array($session_data)) {
-			if ( ! $this->check_data_colls($D)) {
+			if ( ! $this->check_data_colls($session_data)) {
 				throw new SessionHacked("Session data not full!", $session_data);
 			}
 			$D = array_map(function ($i) {return intval($i);}, $session_data);
-			return $this->BitwiseCROR(((($D["a"] & ( ! $D["s"])) ^ $D["cc"]) & $D["u"]), ($D["t"] ^ $this->param_crypto[0]));
+			return $this->BitwiseCROR(((($D["a"] & ( ! $D["s"])) | $D["cc"]) ^ $D["u"]), ($D["t"] ^ $this->param_crypto[0]));
 		}
 	}

@@ -152,6 +153,28 @@ class Session extends X\Security\Crypto\IDEA {
 			"/"
 		);
 	}
+
+	/**
+	 * @param $data
+	 */
+	protected function implode($data) {
+		array_walk($data, function (&$i, $k) {$i = implode(":", [$k, $i]);});
+		return implode(";", $data);
+	}
+
+	/**
+	 * @param  $string
+	 * @return mixed
+	 */
+	protected function explode($string) {
+		$data_t = explode(";", $string);
+		$data   = [];
+		foreach ($data_t as $value) {
+			list($k, $i) = explode(":", $value);
+			$data[$k]    = $i;
+		}
+		return $data;
+	}
 }
 /**
 * EXAMPLE:
@@ -163,5 +186,7 @@ class Session extends X\Security\Crypto\IDEA {
 * 		parent::__construct(Config::KEY, Config::NAME, Config::CRYPTO);
 * 	}
 * }
+ *
+ *
 */
 ?>
\ No newline at end of file
--- a/Security/Crypto/IDEA.php
+++ b/Security/Crypto/IDEA.php
@@ -13,11 +13,16 @@ class IDEA {
 	 */
 	protected $key, $IV;

+	/**
+	 * @var mixed
+	 */
+	private $crypt_algo;
 	/**
 	 * @param string $key
 	 */
-	public function __construct($key) {
+	public function __construct($key, $Algo = "idea-ecb") {
 		$this->setKey($key);
+		$this->setAlgo($Algo);
 	}

 	/**
@@ -39,7 +44,7 @@ class IDEA {
 	 */
 	public function setAlgo($Algo) {
 		if (in_array($Algo, openssl_get_cipher_methods())) {
-			$this->algo = $Algo;
+			$this->crypt_algo = $Algo;
 		} else {
 			throw new \X\ETrace\System("Crypt Algorithm not found: " . $Algo, 0, ["allow_algo" => openssl_get_cipher_methods()]);
 		}
@@ -50,7 +55,7 @@ class IDEA {
 	 */
 	protected function crypt_bin($Data) // : string // BIN
 	{
-		return openssl_encrypt(implode(":", $Data), $this->algo, $this->key, OPENSSL_RAW_DATA, $this->IV);
+		return openssl_encrypt($Data, $this->crypt_algo, $this->key, OPENSSL_RAW_DATA, $this->IV);
 	}

 	/**
@@ -58,7 +63,7 @@ class IDEA {
 	 */
 	protected function decrypt_bin($BIN) // : Array
 	{
-		return explode(":", openssl_decrypt($BIN, $this->algo, $this->key, OPENSSL_RAW_DATA, $this->IV));
+		return openssl_decrypt($BIN, $this->crypt_algo, $this->key, OPENSSL_RAW_DATA, $this->IV);
 	}

 	/**

--- a/Session.php
+++ b/Session.php
@@ -2,7 +2,7 @@
 class X_Session {
 	// protected function urlSafeB64Encode
 	// protected function urlSafeB64Decode
-	use \X\Tool\URL\B64Safe;
+	use X\Tool\URL\B64Safe;

 	/**
 	 * @var mixed