src/Core/Authentication.php

   1 <?php
   2 /**
   3  * @file /src/Core/Authentication.php
   4  */
   5
   6 namespace Friendica\Core;
   7
   8 use Friendica\BaseObject;
   9 use Friendica\Util\BaseURL;
  10
  11 /**
  12 * Handle Authentification, Session and Cookies
  13 */
  14 class Authentication extends BaseObject
  15 {
  16         /**
  17          * @brief Calculate the hash that is needed for the "Friendica" cookie
  18          *
  19          * @param array $user Record from "user" table
  20          *
  21          * @return string Hashed data
  22          * @throws \Friendica\Network\HTTPException\InternalServerErrorException
  23          */
  24         public static function getCookieHashForUser($user)
  25         {
  26                 return(hash("sha256", Config::get("system", "site_prvkey") .
  27                                 $user["prvkey"] .
  28                                 $user["password"]));
  29         }
  30
  31         /**
  32          * @brief Set the "Friendica" cookie
  33          *
  34          * @param int   $time
  35          * @param array $user Record from "user" table
  36          * @throws \Friendica\Network\HTTPException\InternalServerErrorException
  37          */
  38         public static  function setCookie($time, $user = [])
  39         {
  40                 if ($time != 0) {
  41                         $time = $time + time();
  42                 }
  43
  44                 if ($user) {
  45                         $value = json_encode(["uid" => $user["uid"],
  46                                 "hash" => self::getCookieHashForUser($user),
  47                                 "ip" => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')]);
  48                 } else {
  49                         $value = "";
  50                 }
  51
  52                 setcookie("Friendica", $value, $time, "/", "", (Config::get('system', 'ssl_policy') == BaseUrl::SSL_POLICY_FULL), true);
  53         }
  54
  55         /**
  56          * @brief Kills the "Friendica" cookie and all session data
  57          */
  58         public static function deleteSession()
  59         {
  60                 self::setCookie(-3600); // make sure cookie is deleted on browser close, as a security measure
  61                 session_unset();
  62                 session_destroy();
  63         }
  64 }
  65