openssl encrypt/decryption strict arg refactor

Ghostff · Ghostff · commit ba748777c086 · 2017-06-30T00:45:43.000Z
diff --git a/src/Session.php b/src/Session.php
@@ -52,6 +52,8 @@ class Session
     private static $ssl_enabled = true;
     
     public static $write = false;
+    
+    public static $id = '';
 
     private static function init()
     {
@@ -131,33 +133,34 @@ private static function init()
      *
      * @param string $id
      */
-    public static function id(string $id)
+    public static function id(string $id = ''): string
     {
         if (empty(self::$initialized))
         {
             self::init();
         }
 
-        if (self::$started)
-        {
-            throw new \RuntimeException('Session is active. The session id must be set before Session::start().');
-        }
-        elseif (strlen($id) > 250)
-        {
-            throw new \RuntimeException('Session id cant be above 250 characters long');
-        }
-        elseif (headers_sent($filename, $line_num))
+        if ($id != '')
         {
-            throw new \RuntimeException(sprintf('ID must be set before any output is sent to the browser (file: %s, line: %s)', $filename, $line_num));
-        }
-        elseif (preg_match('/^[\w-,]{1,128}$/', $id) < 1)
-        {
-            throw new \InvalidArgumentException('Invalid Session ID');
-        }
-        else
-        {
-            session_id($id);
+            if (self::$started)
+            {
+                throw new \RuntimeException('Session is active. The session id must be set before Session::start().');
+            }
+            elseif (headers_sent($filename, $line_num))
+            {
+                throw new \RuntimeException(sprintf('ID must be set before any output is sent to the browser (file: %s, line: %s)', $filename, $line_num));
+            }
+            elseif (preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $id) < 1)
+            {
+                throw new \InvalidArgumentException('Invalid Session ID.');
+            }
+            else
+            {
+                session_id($id);
+            }
         }
+        
+        return self::$id;
     }
 
 
@@ -222,18 +225,18 @@ public static function decrypt(string $data): string
         $ct = substr($data, 16);
 
         $rounds = 3; // depends on key length
-        $data00 = $password.$salt;
-        $hash = array();
+        $data00 = $password . $salt;
+        $hash = [];
         $hash[0] = hash('sha256', $data00, true);
         $result = $hash[0];
         for ($i = 1; $i < $rounds; $i++)
         {
-            $hash[$i] = hash('sha256', $hash[$i - 1].$data00, true);
+            $hash[$i] = hash('sha256', $hash[$i - 1] . $data00, true);
             $result .= $hash[$i];
         }
         $key = substr($result, 0, 32);
         $iv  = substr($result, 32,16);
-        $decrypted = openssl_decrypt($ct, 'AES-256-CBC', $key, true, $iv);
+        $decrypted = openssl_decrypt($ct, 'AES-256-CBC', $key, 1, $iv);
 
         return ( ! $decrypted) ? '' : $decrypted;
     }
@@ -259,14 +262,14 @@ public static function encrypt(string $data): string
         // Salt the key(32) and iv(16) = 48
         while (strlen($salted) < 48)
         {
-            $dx = hash('sha256', $dx.$password.$salt, true);
+            $dx = hash('sha256', $dx . $password . $salt, true);
             $salted .= $dx;
         }
 
         $key = substr($salted, 0, 32);
         $iv  = substr($salted, 32,16);
 
-        $encrypted_data = openssl_encrypt($data, 'AES-256-CBC', $key, true, $iv);
+        $encrypted_data = openssl_encrypt($data, 'AES-256-CBC', $key, 1, $iv);
         return base64_encode($salt . $encrypted_data);
     }
 }
diff --git a/src/Session/Save.php b/src/Session/Save.php
@@ -138,7 +138,9 @@ private function init()
         session_start();
 
         # store current session ID
-        $this->config['sess_id'] = session_id();
+        $id = session_id();
+        $this->config['sess_id'] = $id;
+        Session::$id = $id;
 
         $_ = session_get_cookie_params();
         setcookie($this->config['name'], $this->config['sess_id'], $_['lifetime'], $_['path'], $_['domain'], $_['secure'], $_['httponly']);
@@ -306,7 +308,9 @@ public function rotate(bool $delete_old = true, bool $write_nd_close = true)
 
         session_start();
         session_regenerate_id($delete_old);
-        $this->config['sess_id'] = session_id();
+        $id = session_id();
+        $this->config['sess_id'] = $id;
+        Session::$id = $id;
         if ($write_nd_close)
         {
             session_write_close();
@@ -340,7 +344,6 @@ public function clear(string $segment = '')
             }
         }
 
-        unset($this->config['session'][$this->config['namespace']]);
         $this->commit();
     }
 
@@ -349,10 +352,18 @@ public function clear(string $segment = '')
      * @param bool $in_flash
      * @return bool
      */
-    public function exists(string $name, bool $in_flash = false): bool
+    public function exist(string $name, string $segment = null, bool $in_flash = false): bool
     {
         $namespace = $this->config['namespace'];
-        $segment = $this->config['segment'];
+        
+        if ($segment != null)
+        {
+            $segment = 'segment:' . $segment;
+        }
+        else
+        {
+            $segment = $this->config['segment'];
+        }
         return isset($this->config['session'][$namespace][$segment][$in_flash ? 'flash' : 'set'][$name]);
     }
 
diff --git a/src/Session/config.php b/src/Session/config.php
@@ -38,12 +38,12 @@
  */
 
 return [
-    'driver'        => 'file',             # Name of session driver to use: [file|pdo|cookie|redis|memcached]
+    'driver'        => 'cookie',             # Name of session driver to use: [file|pdo|cookie|redis|memcached]
     'name'          => '_Bittr_SESSID',     # session name
     'cache_limiter' => 'none',              # http://php.net/manual/en/function.session-cache-limiter.php
 
     #[security]
-    'encrypt_data'  => false,               # Allow encryption of session data.
+    'encrypt_data'  => true,               # Allow encryption of session data.
     'key'           => 'secret_salt_key',   # Encryption key. ineffective if 'encrypt_data' = false
     'match_ip'      => false,               # If set to true, IP address will be stored and validated on each I/O.
     'match_browser' => false,               # If set to true, browser will be stored and validated on each I/O.
diff --git a/src/Session/tmp/sess_gor23cvvn2qmksags74mpurhnq b/src/Session/tmp/sess_gor23cvvn2qmksags74mpurhnq
@@ -0,0 +1 @@
+__GLOBAL|a:1:{s:14:"segment:static";a:2:{s:3:"set";a:1:{s:4:"name";s:5:"chrys";}s:5:"flash";a:0:{}}}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+__GLOBAL\|a:1:{s:14:"segment:static";a:2:{s:3:"set";a:1:{s:4:"name";s:5:"chrys";}s:5:"flash";a:0:{}}}`