Skip to content

X
X Lib
Commit 04e441ae authored by Alex Ne's avatar Alex Ne
Browse files
Options

Sessions

parent eb8b61a5
Hide whitespace changes
Inline Side-by-side
Showing with 43 additions and 13 deletions
Accounting/Session.php
View file @ 04e441ae
...@@ -16,14 +16,14 @@ class SessionHacked extends \X\ETrace\Notification {} ...@@ -16,14 +16,14 @@ class SessionHacked extends \X\ETrace\Notification {}
* hs = is_https(bool) * hs = is_https(bool)
* *
* crypto cheksum: * crypto cheksum:
* cheksum = ((( a & ( ! s ) ) ^ cc ) & u ) >> (t ^ op1) * cheksum = ((( a & ( ! s ) ) | cc ) ^ u ) >> (t ^ op1)
* *
* crypto code: * crypto code:
* code = rand(0,time()); * code = rand(0,time());
* next_code = (code >> op2) ^ op3 * next_code = (code >> op2) ^ op3
* prev_code = (code ^ op3) << op2 * prev_code = (code ^ op3) << op2
*/ */
class Session extends X\Security\Crypto\IDEA { class Session extends \X\Security\Crypto\IDEA {
//protected function BitwiseCROR($v, $c) //protected function BitwiseCROR($v, $c)
//protected function BitwiseCROL($v, $c) //protected function BitwiseCROL($v, $c)
use \X\Tool\BitwiseCyclicShift; use \X\Tool\BitwiseCyclicShift;
...@@ -59,10 +59,10 @@ class Session extends X\Security\Crypto\IDEA { ...@@ -59,10 +59,10 @@ class Session extends X\Security\Crypto\IDEA {
} }
protected function read_session() { protected function read_session() {
$In = \X_Input(); $In = new \X_Input();
$this->session = $In->CookieValue($this->session_name, false) ?: $In->Request($this->session_name, "")->string(); $this->session = $In->CookieValue($this->session_name, false) ?: $In->Request($this->session_name, "")->string();
if (strlen($this->session) > 0) { if (strlen($this->session) > 0) {
if (is_array($session_data = $this->decrypt_b64($this->session))) { if (is_array($session_data = $this->explode(gzuncompress($this->decrypt_b64($this->session))))) {
if (isset($session_data["cs"]) && $session_data["cs"] == $this->crypto_checksum($session_data)) { if (isset($session_data["cs"]) && $session_data["cs"] == $this->crypto_checksum($session_data)) {
$this->session_data = $session_data; $this->session_data = $session_data;
return true; return true;
...@@ -81,8 +81,9 @@ class Session extends X\Security\Crypto\IDEA { ...@@ -81,8 +81,9 @@ class Session extends X\Security\Crypto\IDEA {
if ( ! isset($session_data["cc"])) { if ( ! isset($session_data["cc"])) {
$session_data["cc"] = $this->crypto_code_new(); $session_data["cc"] = $this->crypto_code_new();
} }
$session_data["cs"] = $this->crypto_checksum($session_data); $session_data["cs"] = $this->crypto_checksum($session_data);
return $this->crypt_b64($session_data); $this->session_data = $session_data;
return $this->session = $this->crypt_b64(gzcompress($this->implode($session_data)));
} }
/** /**
...@@ -134,11 +135,11 @@ class Session extends X\Security\Crypto\IDEA { ...@@ -134,11 +135,11 @@ class Session extends X\Security\Crypto\IDEA {
*/ */
protected function crypto_checksum($session_data) { protected function crypto_checksum($session_data) {
if (is_array($session_data)) { if (is_array($session_data)) {
if ( ! $this->check_data_colls($D)) { if ( ! $this->check_data_colls($session_data)) {
throw new SessionHacked("Session data not full!", $session_data); throw new SessionHacked("Session data not full!", $session_data);
} }
$D = array_map(function ($i) {return intval($i);}, $session_data); $D = array_map(function ($i) {return intval($i);}, $session_data);
return $this->BitwiseCROR(((($D["a"] & ( ! $D["s"])) ^ $D["cc"]) & $D["u"]), ($D["t"] ^ $this->param_crypto[0])); return $this->BitwiseCROR(((($D["a"] & ( ! $D["s"])) | $D["cc"]) ^ $D["u"]), ($D["t"] ^ $this->param_crypto[0]));
} }
} }
...@@ -152,6 +153,28 @@ class Session extends X\Security\Crypto\IDEA { ...@@ -152,6 +153,28 @@ class Session extends X\Security\Crypto\IDEA {
"/" "/"
); );
} }
/**
* @param $data
*/
protected function implode($data) {
array_walk($data, function (&$i, $k) {$i = implode(":", [$k, $i]);});
return implode(";", $data);
}
/**
* @param $string
* @return mixed
*/
protected function explode($string) {
$data_t = explode(";", $string);
$data = [];
foreach ($data_t as $value) {
list($k, $i) = explode(":", $value);
$data[$k] = $i;
}
return $data;
}
} }
/** /**
* EXAMPLE: * EXAMPLE:
...@@ -163,5 +186,7 @@ class Session extends X\Security\Crypto\IDEA { ...@@ -163,5 +186,7 @@ class Session extends X\Security\Crypto\IDEA {
* parent::__construct(Config::KEY, Config::NAME, Config::CRYPTO); * parent::__construct(Config::KEY, Config::NAME, Config::CRYPTO);
* } * }
* } * }
*
*
*/ */
?> ?>
\ No newline at end of file
Security/Crypto/IDEA.php
View file @ 04e441ae
...@@ -13,11 +13,16 @@ class IDEA { ...@@ -13,11 +13,16 @@ class IDEA {
*/ */
protected $key, $IV; protected $key, $IV;
/**
* @var mixed
*/
private $crypt_algo;
/** /**
* @param string $key * @param string $key
*/ */
public function __construct($key) { public function __construct($key, $Algo = "idea-ecb") {
$this->setKey($key); $this->setKey($key);
$this->setAlgo($Algo);
} }
/** /**
...@@ -39,7 +44,7 @@ class IDEA { ...@@ -39,7 +44,7 @@ class IDEA {
*/ */
public function setAlgo($Algo) { public function setAlgo($Algo) {
if (in_array($Algo, openssl_get_cipher_methods())) { if (in_array($Algo, openssl_get_cipher_methods())) {
$this->algo = $Algo; $this->crypt_algo = $Algo;
} else { } else {
throw new \X\ETrace\System("Crypt Algorithm not found: " . $Algo, 0, ["allow_algo" => openssl_get_cipher_methods()]); throw new \X\ETrace\System("Crypt Algorithm not found: " . $Algo, 0, ["allow_algo" => openssl_get_cipher_methods()]);
} }
...@@ -50,7 +55,7 @@ class IDEA { ...@@ -50,7 +55,7 @@ class IDEA {
*/ */
protected function crypt_bin($Data) // : string // BIN protected function crypt_bin($Data) // : string // BIN
{ {
return openssl_encrypt(implode(":", $Data), $this->algo, $this->key, OPENSSL_RAW_DATA, $this->IV); return openssl_encrypt($Data, $this->crypt_algo, $this->key, OPENSSL_RAW_DATA, $this->IV);
} }
/** /**
...@@ -58,7 +63,7 @@ class IDEA { ...@@ -58,7 +63,7 @@ class IDEA {
*/ */
protected function decrypt_bin($BIN) // : Array protected function decrypt_bin($BIN) // : Array
{ {
return explode(":", openssl_decrypt($BIN, $this->algo, $this->key, OPENSSL_RAW_DATA, $this->IV)); return openssl_decrypt($BIN, $this->crypt_algo, $this->key, OPENSSL_RAW_DATA, $this->IV);
} }
/** /**
......
Session.php
View file @ 04e441ae
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
class X_Session { class X_Session {
// protected function urlSafeB64Encode // protected function urlSafeB64Encode
// protected function urlSafeB64Decode // protected function urlSafeB64Decode
use \X\Tool\URL\B64Safe; use X\Tool\URL\B64Safe;
/** /**
* @var mixed * @var mixed
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment