Add improved hash support, phpunit 6 support

Chris Carlevato · Chris Carlevato · commit 382adc01cf88 · 2017-04-22T09:54:05.000-07:00
diff --git a/_examples/complete.php b/_examples/complete.php
@@ -11,7 +11,7 @@
         'path'		=>	'/',
         'domain'	=>	'localhost',
         'secure'	=>	false,
-        'hash'		=>	1,
+        'hash'		=>	'sha512',
         'decoy'		=>	true,
         'min'       =>	5,
         'max'       =>	10
@@ -26,6 +26,7 @@
 	$session->setValue('random', (string)rand(0, 5000));
 	$session->setValue('fixed','some value');
     $session->setValue('array', array('one thing', 'two thing', 'has_key' => 'red thing', 'blue_thing' => array('text', false, 50)));
+    $session->setValue('hashed', 'this is my string', true);
 	
 	// Session Variable Set Outside of Class
 	$_SESSION['Outside'] = 'a session value set the old fashioned way';
@@ -37,6 +38,7 @@
 	$random = $session->getValue('random');
 	$fixed = $session->getValue('fixed');
     $array = print_r($session->getValue('array'), true);
+    $hashed = $session->getValue('hashed');
 	
 	
 	//	Output Session Variables
@@ -59,6 +61,9 @@
         </p>
 	    <p>
 	        <b>array:</b> {$array}
+        </p>
+        <p>
+            <b>hashed:</b> {$hashed}        
         </p>
 	    <p>
 	       <b>Outside:</b> {$_SESSION['Outside']}
diff --git a/_tests/SessionTest.php b/_tests/SessionTest.php
@@ -17,7 +17,7 @@
 
 namespace ChristopherL;
 
-class SessionTest extends \PHPUnit_Framework_TestCase
+class SessionTest extends \PHPUnit\Framework\TestCase
 {
     /**
      * @runInSeparateProcess
@@ -216,7 +216,7 @@ public function testSessionHashValue()
         $session->setValue('my_hashed_variable', 'plain text value', true);
 
         // Verifiy creation of hashed session value
-        $this->assertEquals($session->getValue('my_hashed_variable'), sha1('plain text value'));
+        $this->assertEquals($session->getValue('my_hashed_variable'), hash($session->getHash(), 'plain text value'));
     }
 
     /**
diff --git a/cl_session.php b/cl_session.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright 2015- Chris Carlevato (https://github.com/chrislarrycarl)
+ * @copyright 2015-2017 Chris Carlevato (https://github.com/chrislarrycarl)
  * @license http://www.gnu.org/licenses/lgpl-2.1.html
  * 
  * This library is free software; you can redistribute it and/or
@@ -18,7 +18,7 @@
 
 class Session
 {
-    const VERSION = '0.2';
+    const VERSION = '0.3';
 
     protected $name, $domain, $hash, $key, $path, $secure, $decoy, $min_time, $max_time;
     protected $failmsg = 'Session generation failed.';
@@ -29,7 +29,7 @@ class Session
      * - path:      Server path the cookie is available on          (Default: /)
      * - domain:    Domain the cookie is available to               (Default: localhost)
      * - secure:    Only transmit the cookie over https             (Default: false)
-     * - hash:      0 = MD5(128 bits), 1 = SHA1(160 bits)           (Default: 1)
+     * - hash:      0 = MD5, 1 = SHA1, or supported hash name       (Default: 1)
      * - decoy:     True/False to generate fake PHPSESSID cookie    (Default: true)
      * - min:       Min time, in seconds, to regenerate session     (Default: 60)
      * - max:       Max time, in seconds, to regenerate session     (Default: 600).
@@ -38,7 +38,6 @@ class Session
      */
     public function __construct($config = array())
     {
-
         // Create session settings based on provided config
         $settings = array(
             'name'      => isset($config['name'])   ? $config['name']   : 'clsession',
@@ -160,19 +159,32 @@ protected function getSecure()
     /**
      * Set cookie id hash method.
      *
-     * @param int $hash 0 = MD5, 1 = SHA1 (Default: 1)
+     * @param int/string $hash 0 = MD5, 1 = SHA1, or supported hash name (Default: 1)
      */
     protected function setHash($hash = 1)
     {
+        if ($hash === 0) {
+            $hash = 'md5';
+        }
+        else if ($hash === 1) {
+            $hash = 'sha256';
+        }
+        else if (in_array($hash, hash_algos())) {
+            $hash = $hash;
+        }
+        else {
+            $this->Error('Invalid hash algorithm selected.');
+        }
+
         $this->hash = $hash;
     }
 
     /**
-     * Get cookie id hash setting.
+     * Get session hash setting.
      *
      * @return int Cookie Hash Setting
      */
-    protected function getHash()
+    public function getHash()
     {
         return $this->hash;
     }
@@ -316,7 +328,7 @@ public function setValue($key, $value, $hash = false)
     {
         // if requested, hash the value before saving it
         if ($hash) {
-            $value = sha1($value);
+            $value = hash($this->getHash(), $value);
         }
 
         $_SESSION['clValues'][$key] = $value;

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`
`18`	`18`	`namespace ChristopherL;`
`19`	`19`
`20`		`-class SessionTest extends \PHPUnit_Framework_TestCase`
	`20`	`+class SessionTest extends \PHPUnit\Framework\TestCase`
`21`	`21`	`{`
`22`	`22`	`/**`
`23`	`23`	`* @runInSeparateProcess`
`@@ -216,7 +216,7 @@ public function testSessionHashValue()`
`216`	`216`	`$session->setValue('my_hashed_variable', 'plain text value', true);`
`217`	`217`
`218`	`218`	`// Verifiy creation of hashed session value`
`219`		`- $this->assertEquals($session->getValue('my_hashed_variable'), sha1('plain text value'));`
	`219`	`+ $this->assertEquals($session->getValue('my_hashed_variable'), hash($session->getHash(), 'plain text value'));`
`220`	`220`	`}`
`221`	`221`
`222`	`222`	`/**`