Created
December 1, 2019 12:28
-
-
Save jamalhassouni/fc66e6eb16e7e809ba35026f9e2d28ec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('DS', DIRECTORY_SEPARATOR); // | |
// privileges/verifying_session/check_session | |
// /opt/lamp/htDocs/folder name | |
//define('Save_Path', __DIR__ . DS . '../session'); | |
define('Save_Path',dirname(realpath(__FILE__)).DS.'../ee399e457eae2ef36adabc2ad78d8064'); | |
class Session extends SessionHandler | |
{ | |
// All website in same root | |
private $Path = '/'; | |
// For HTTPS | |
private $SSL = false; | |
// Session Name // Default ( PHPSESSID ) | |
private $Session_name = "$2y$10xwdgum3WrlAGhJgOQfG9tujGzUI6HZR99jwZGQxDuFatM7YEzwXj2"; | |
// Max Life time For Session | |
private $Lifetime = 0; | |
// Path of the session | |
private $Save_Path = Save_Path; | |
// ALLow Only For http Not access for javascript example : ( document.cookie ) | |
private $HTTP_ONLY = true; | |
// ( .domain.com ) For All Sub Domain ( domain.com ) For Only ( domain.com) | |
private $Domain = '.tubo.com'; | |
// Key encryption or ( password ) | |
private $Key = '2y$12$Ds72DgfWvYqYL74GAfLI7.0lvChR2yUMUtWRiHLQcMesJUTfZJiC'; | |
// private $code = '!@#$%^&+()_?+-.>$2y$12$Ds72DgfWvYqYL74GAfLI7.0lvChR2yUM.UtWRiHLQcMesJUTfZJiC'; | |
// Crypt method Mode CBC | |
private $Cipher = "AES-256-CBC"; | |
// time Session to Live for renew session | |
private $timeToLive = 30; // 30 min | |
public function __construct() | |
{ | |
ini_set('session.use_cookies', 1); | |
ini_set('session.use_trans_sid', 0); | |
ini_set('session.use_strict_mode', 1); | |
ini_set('session.use_only_cookies', 1); | |
// save session on files | |
ini_set('session.save_handler', 'files'); | |
// not cache for session | |
ini_set('session.cache_limiter', 'nocache'); | |
session_name($this->Session_name); | |
session_save_path($this->Save_Path); | |
session_set_cookie_params($this->Lifetime, | |
$this->Path, | |
$this->Domain, | |
$this->SSL, | |
$this->HTTP_ONLY | |
); | |
session_set_save_handler($this, true); | |
} | |
public function __get($key) | |
{ | |
// TODO: Implement __get() method. | |
// return false if session name not found ! | |
return false !== $_SESSION[$key] ? $_SESSION[$key] : false; | |
} | |
public function __set($key, $value) | |
{ | |
// TODO: Implement __set() method. | |
$_SESSION[$key] = $value; | |
// echo $session->username ='data'; | |
} | |
public function __isset($key) | |
{ | |
// TODO: Implement __isset() method. | |
return isset($_SESSION[$key]) ? true : false; | |
} | |
public function read($id) | |
{ | |
$data = parent::read($id); | |
if (!$data) { | |
return ""; | |
} else { | |
return $this->decrypt($data, $this->Key); | |
} | |
} | |
public function write($id, $data) | |
{ | |
$data = $this->encrypt($data, $this->Key); | |
return parent::write($id, $data); | |
} | |
public function start() | |
{ | |
if (session_id() === '') { | |
if (session_start()) { | |
$this->SetSessionStartTime(); | |
$this->checkSessionValidity(); | |
} | |
} | |
} | |
private function SetSessionStartTime() | |
{ | |
if (!isset($this->SessionStartTime)) { | |
$this->SessionStartTime = time(); | |
} | |
return true; | |
} | |
private function checkSessionValidity() | |
{ | |
// TODO : check if session > 30 min | |
if ((time() - $this->SessionStartTime) > ($this->timeToLive * 60 )) { | |
$this->renewSession(); | |
$this->generateFingerPrint(); | |
} | |
return true; | |
} | |
private function renewSession() | |
{ | |
// TODO : generate new session And delete old session When login OR submit form | |
$this->SessionStartTime = time(); | |
// true for delete old session false keep the current session | |
return session_regenerate_id(true); | |
} | |
public function Kill_session() | |
{ | |
// TODO : Kill session | |
session_unset(); | |
setcookie($this->Session_name, '', time() - 3600, $this->Path, $this->Domain, $this->SSL, $this->HTTP_ONLY); | |
setcookie('SID', '1', time()-3600); | |
session_destroy(); | |
} | |
private function generateFingerPrint() | |
{ | |
// TODO : Generate Finger Print | |
$userAgentId = $_SERVER['HTTP_USER_AGENT']; | |
// session code | |
$this->CipherKey = openssl_random_pseudo_bytes(16); | |
$session_ID = session_id(); | |
// session fingerPrint | |
$this->fingerPrint = sha1($userAgentId . $this->CipherKey . $session_ID); | |
} | |
public function isValidFingerPrint() | |
{ | |
// TODO : check if isset Finger Print or not and generate them of not | |
if (!isset($this->fingerPrint)) { | |
$this->generateFingerPrint(); | |
} | |
$fingerPrint = sha1($_SERVER['HTTP_USER_AGENT'] . $this->CipherKey . session_id()); | |
// if user in the same ip (some browser ) | |
if ($fingerPrint === $this->fingerPrint) { | |
return true; | |
} | |
return false; | |
} | |
private function decrypt($edata, $password) { | |
// TODO : decrypt AES 256 | |
$data = base64_decode($edata); | |
$salt = substr($data, 0, 16); | |
$ct = substr($data, 16); | |
$rounds = 3; // depends on key length | |
$data00 = $password.$salt; | |
$hash = array(); | |
$hash[0] = hash('sha256', $data00, true); | |
$result = $hash[0]; | |
for ($i = 1; $i < $rounds; $i++) { | |
$hash[$i] = hash('sha256', $hash[$i - 1].$data00, true); | |
$result .= $hash[$i]; | |
} | |
$key = substr($result, 0, 32); | |
$iv = substr($result, 32,16); | |
return openssl_decrypt($ct, $this->Cipher, $key, true, $iv); | |
} | |
private function encrypt($data, $password) { | |
// TODO : crypt AES 256 | |
// Set a random salt | |
$salt = openssl_random_pseudo_bytes(16); | |
$salted = ''; | |
$dx = ''; | |
// Salt the key(32) and iv(16) = 48 | |
while (strlen($salted) < 48) { | |
$dx = hash('sha256', $dx.$password.$salt, true); | |
$salted .= $dx; | |
} | |
$key = substr($salted, 0, 32); | |
$iv = substr($salted, 32,16); | |
$encrypted_data = openssl_encrypt($data, $this->Cipher, $key, true, $iv); | |
return base64_encode($salt . $encrypted_data); | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment