Programming Help

Web Development



What's Here?

  • Members: 117,290
  • Replies: 431,130
  • Topics: 66,544
  • Snippets: 2,391
  • Tutorials: 630
  • Total Online: 2,507
  • Members: 63
  • Guests: 2,444

Who's Online?
 

Code Snippets

  

PHP Source Code
Welcome to Dream.In.Code
Getting PHP Help is Easy!

Join 117,290 PHP Programmers for FREE! Ask your question and get quick answers from experts. There are 2,507 online right now! We've got more than 500 tutorials and 2,000 snippets. Join and find out why Dream.In.Code is the #1 programming help community on the internet! Registration is fast and FREE... Join Now!




Session Security

Keep your Sessions on lockdown and prevent Fixation, and Hijacking with this snippet.

Submitted By: joeyadms
Actions:
Rating:
Views: 621

Language: PHP
Last Modified: May 8, 2008
Instructions: Use at the top of your pages, script will start sessions in constructor.

Usage::::

Initialize SessionSecurity, Which will also issue session_start() , also if user's session is open, make sure it belongs to them, if not, make them login again.


Whenever someone logs in, and is authorized, open their session


Snippet


  1. <?php
  2.  
  3. /**
  4. * Handles Sessions and Security
  5. * @name SessionControl
  6. * @author Joey Adams
  7. *
  8. */
  9.  
  10. class SessionControl
  11. {
  12.  
  13.  
  14. // Configuration
  15. private $use_user_agent = true; // Use Users' User-Agent in fingerprint.
  16. private $num_ip_digits = 3; // Number of Users' IP digits to include in fingerprint.
  17. private $regenerate_id = true; // Constantly regenerate ID's to prevent attacks.
  18. private $salt; // Randomly Generated String to include in fingerprint.
  19. private $control_word = '_SALT_'// Control Word to add to Fingerprint.
  20.  
  21.  
  22. // Call Start Functions to create salt, and start the session.
  23. function __construct()
  24.     {
  25.         @session_start();
  26.     }
  27.  
  28. // Initialize Session and Create Fingerprint
  29. public function Open()
  30.     {
  31.         $this->_intSalt();
  32.         $_SESSION['fprint'] = $this->_Fingerprint();
  33.         $this->_RegenerateId();
  34.     }
  35.  
  36. // Check to see if Fingerprint is set
  37. public function Check()
  38.     {
  39.             $this->_RegenerateId();
  40.                    return (isset($_SESSION['fprint']) && $_SESSION['fprint'] == $this->_Fingerprint('check'));
  41.     }
  42.  
  43. // Create Randomly Generated Salt
  44. private function _intSalt()
  45.     {
  46.         for($i=0;$i<10;$i++)
  47.         {
  48.             $grains[$i] = chr(rand(33,126));   
  49.         }
  50.         $this->salt = implode($grains);
  51.         $_SESSION['salt_'] = $this->salt;
  52.     }
  53.  
  54. // Create Unique Fingerprint based on configuration   
  55. private function _Fingerprint($mode=null)
  56.     {
  57.         if  ($mode == 'check')
  58.         {
  59.             $fingerprint = $_SESSION['salt_'];
  60.         }
  61.         else
  62.         {
  63.             $fingerprint = $this->salt;
  64.         }
  65.         $fingerprint .= $this->control_word;
  66.         if ($this->use_user_agent)
  67.         {
  68.             $fingerprint .= $_SERVER['HTTP_USER_AGENT'];
  69.         }
  70.         if ($this->num_ip_digits)
  71.         {
  72.             $ip_digits = abs(intval($this->num_ip_digits));
  73.             if ($ip_digits > 4)
  74.             {
  75.                 $ip_digits = 3;
  76.             }
  77.             $digits = explode('.', $_SERVER['REMOTE_ADDR']);
  78.             for ($i=0; $i<$ip_digits; $i++)
  79.             {
  80.                 $fingerprint .= $digits[$i] . '.';
  81.             }
  82.         }
  83.         return md5($fingerprint);
  84.     }
  85.  
  86. // Regenerate Session ID If Possible
  87. private function _RegenerateId()
  88.     {
  89.         if ($this->regenerate_id && function_exists('session_regenerate_id'))
  90.         {
  91.             session_regenerate_id();
  92.         }
  93.     }
  94.    
  95. }

Copy & Paste

Comments


There are currently no comments for this snippet. Be the first to comment!

Add comment


You must be registered and logged on to </dream.in.code> to leave comments.





Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

Bye Bye Ads

Free DIC T-Shirt

T-Shirt Example

Related Sites

Monthly Drawing

Thumb Drive

Partners

Top Contributors

Top 10 Kudos This Month