You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
zabbix/ui/include/classes/core/CEncryptedCookieSession.php

90 lines
2.2 KiB

1 year ago
<?php declare(strict_types = 0);
/*
** Zabbix
** Copyright (C) 2001-2023 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
/**
* Session wrapper uses cookie for session store.
*/
class CEncryptedCookieSession extends CCookieSession {
/**
* @inheritDoc
*
* @return string|null
*/
public function extractSessionId(): ?string {
if (CSettingsHelper::getGlobal(CSettingsHelper::SESSION_KEY) === '') {
CEncryptHelper::updateKey(CEncryptHelper::generateKey());
}
$session_data = $this->parseData();
if (!$this->checkSign($session_data)) {
return null;
}
$session_data = json_decode($session_data, true);
if (!array_key_exists('sessionid', $session_data)) {
return null;
}
return $session_data['sessionid'];
}
/**
* Prepare session data.
*
* @param array $data
*
* @return string
*/
protected function prepareData(array $data): string {
if (array_key_exists('sign', $data)) {
unset($data['sign']);
}
$data['sign'] = CEncryptHelper::sign(json_encode($data));
return base64_encode(json_encode($data));
}
/**
* Prepare data and check sign.
*
* @param string $data
*
* @return boolean
*/
protected function checkSign(string $data): bool {
$data = json_decode($data, true);
if (!is_array($data) || !array_key_exists('sign', $data)) {
return false;
}
$session_sign = $data['sign'];
unset($data['sign']);
$sign = CEncryptHelper::sign(json_encode($data));
return $session_sign && $sign && CEncryptHelper::checkSign($session_sign, $sign);
}
}