Skip to content

Commit

Permalink
Update Session.php
Browse files Browse the repository at this point in the history
  • Loading branch information
@usernane
usernane committed Jan 15, 2024
1 parent db767c9 commit c00b18f
Showing 1 changed file with 12 additions and 7 deletions.
19 changes: 12 additions & 7 deletions webfiori/framework/session/Session.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,9 @@ public function close() {
*/
public function deserialize(string $serialized): bool {
$cipherMeth = 'aes-256-ctr';
$split = explode('_', $serialized);
$len = $split[0];
$serialized = $split[1];
// [Decrypt] => decode => deserialize

if (in_array($cipherMeth, openssl_get_cipher_methods())) {
Expand All @@ -220,14 +223,14 @@ public function deserialize(string $serialized): bool {
$key = $this->getId().$userAgent;

$iv = substr(hash('sha256', $key), 0,16);
$decrypted = openssl_decrypt($serialized, $cipherMeth, $key,0, $iv);
$decrypted = substr(openssl_decrypt(substr($serialized, 0, $len), $cipherMeth, $key,0, $iv), 0, $len);

if (strlen($decrypted) > 0) {
set_error_handler(function ($errNo, $errStr)
set_error_handler(function ($errNo, $errStr, $errFile, $errLine)
{
throw new SessionException($errStr, $errNo);
throw new SessionException($errStr.' at line '.$errLine, $errNo);

Check warning on line 231 in webfiori/framework/session/Session.php

View check run for this annotation

Codecov / codecov/patch

webfiori/framework/session/Session.php#L231 

Added line #L231 was not covered by tests
});
$sessionObj = unserialize(base64_decode($decrypted));
$sessionObj = unserialize(base64_decode(trim($decrypted)));
restore_error_handler();

if ($sessionObj instanceof Session) {
Expand Down Expand Up @@ -587,6 +590,8 @@ public function remove(string $varName) : bool {
public function serialize() : string {
// Serialize => Encode => [Encrypt]
$serializedSession = base64_encode(trim(serialize($this)));
$len = strlen($serializedSession);

$cipherMeth = 'aes-256-ctr';

if (in_array($cipherMeth, openssl_get_cipher_methods())) {
Expand All @@ -598,11 +603,11 @@ public function serialize() : string {
$key = $this->getId().$userAgent;

$iv = substr(hash('sha256', $key), 0,16);

return openssl_encrypt($serializedSession, $cipherMeth, $key,0, $iv);
$serializedSession = openssl_encrypt($serializedSession, $cipherMeth, $key,0, $iv);
$len = strlen($serializedSession);
}

return $serializedSession;
return $len.'_'.$serializedSession;
}
/**
* Sets session variable.
Expand Down

0 comments on commit c00b18f

Please sign in to comment.