19104101509

Committed 05 Nov 2025 01:47PM UTC coverage: 78.204% (-1.4%) from 79.595%

Build # 19104101509

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

Merge pull request #1773 from IrAlfred/fix-coverage-tests-issue

fix(other): fix coverage test issue

Run Details

4650 of 5946 relevant lines covered (78.2%)

6.42 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

98.11

/lib/session_php.php

<?php

/**
 * Session handling
 * @package framework
 * @subpackage session
 */

trait Hm_Session_Auth {

    /**
     * Lazy loader for the auth mech so modules can define their own
     * overrides
     * @return void
     */
    abstract protected function load_auth_mech();

    /**
     * Call the configured authentication method to check user credentials
     * @param string $user username
     * @param string $pass password
     * @return bool true if the authentication was successful
     */
    public function auth($user, $pass) {
        $this->load_auth_mech();
        return $this->auth_mech->check_credentials($user, $pass);
    }

    /**
     * Save auth detail if it's needed (mech specific)
     * @return void
     */
    public function save_auth_detail() {
        $this->auth_mech->save_auth_detail($this);
    }

    /**
     * Call the configuration authentication method to change the user password
     * @param string $user username
     * @param string $pass password
     * @return bool true if the password was changed
     */
    public function change_pass($user, $pass) {
        $this->load_auth_mech();
        return $this->auth_mech->change_pass($user, $pass);
    }

    /**
     * Call the configuration authentication method to create an account
     * @param string $user username
     * @param string $pass password
     * @return bool true if the account was created
     */
    public function create($user, $pass) {
        $this->load_auth_mech();
        return $this->auth_mech->create($user, $pass);
    }
}

/**
 * PHP session data methods
 * @package framework
 * @subpackage session
 */
abstract class Hm_PHP_Session_Data extends Hm_Session {

    /**
     * @param Hm_Request $request request details
     * @return void
     */
    protected function validate_session_data($request) {
        if ($this->existing && count($this->data) == 0) {
            $this->destroy($request);
        } else {
            Hm_Debug::add('LOGGED IN', 'success');
            $this->active = true;
        }
    }

    /**
     * @param Hm_Request $request request details
     * @return void
     */
    protected function start_session_data($request) {
        if (array_key_exists('data', $_SESSION)) {
            $data = $this->plaintext($_SESSION['data']);
            if (is_array($data)) {
                $this->data = $data;
            } elseif (!$this->loaded) {
                $this->destroy($request);
                Hm_Debug::add('Mismatched session level encryption key', 'warning');
            }
        }
    }

    /**
     * Return a session value, or a user settings value stored in the session
     * @param string $name session value name to return
     * @param mixed $default value to return if $name is not found
     * @param bool $user if true, only search the user_data section of the session
     * @return mixed the value if found, otherwise $default
     */
    public function get($name, $default = false, $user = false) {
        if ($user) {
            return array_key_exists('user_data', $this->data) && array_key_exists($name, $this->data['user_data']) ? $this->data['user_data'][$name] : $default;
        } else {
            return array_key_exists($name, $this->data) ? $this->data[$name] : $default;
        }
    }

    /**
     * Save a value in the session
     * @param string $name the name to save
     * @param string $value the value to save
     * @param bool $user if true, save in the user_data section of the session
     * @return void
     */
    public function set($name, $value, $user = false) {
        if ($user) {
            $this->data['user_data'][$name] = $value;
        } else {
            $this->data[$name] = $value;
        }
    }

    /**
     * Delete a value from the session
     * @param string $name name of value to delete
     * @return void
     */
    public function del($name) {
        if (array_key_exists($name, $this->data)) {
            unset($this->data[$name]);
            return true;
        }
        return false;
    }

    /**
     * Save session data
     * @return void
     */
    public function save_data() {
        $enc_data = $this->ciphertext($this->data);
        $_SESSION = array('data' => $enc_data);
        session_write_close();
        $_SESSION = array();
    }
}

/**
 * PHP Sessions that extend the base session class
 * @package framework
 * @subpackage session
 */
class Hm_PHP_Session extends Hm_PHP_Session_Data {

    use Hm_Session_Auth;

    /* data store connection used by classes that extend this */
    public $conn;

    /* flag to indicate an existing session */
    protected $existing = false;

    /**
     * Setup newly authenticated session
     * @param Hm_Request $request
     * @param boolean $fingerprint
     * @return null
     */
    protected function authed($request, $fingerprint) {
        $this->set_key($request);
        $this->loaded = true;
        $this->start($request);
        if ($fingerprint) {
            $this->set_fingerprint($request);
        }
        else {
            $this->set('fingerprint', '');
        }
        $this->save_auth_detail();
        $this->just_started();
    }

    /**
     * Check for an existing session or a new user/pass login request
     * @param object $request request details
     * @param string $user username
     * @param string $pass password
     * @return bool
     */
    public function check($request, $user = false, $pass = false, $fingerprint = true) {
        if ($user !== false && $pass !== false) {
            if ($this->auth($user, $pass)) {
                $this->authed($request, $fingerprint);
            }
        } elseif (array_key_exists($this->cname, $request->cookie)) {
            $this->get_key($request);
            $this->existing = true;
            $this->start($request);
            $this->check_fingerprint($request);
        }
        return $this->is_active();
    }

    /**
     * Start the session. This could be an existing session or a new login
     * @param Hm_Request $request request details
     * @return void
     */
    public function start($request) {
        if (array_key_exists($this->cname, $request->cookie)) {
            session_id($request->cookie[$this->cname]);
        }
        list($secure, $path, $domain) = $this->set_session_params($request);
        if (ini_get('session.use_cookies')) {
            session_set_cookie_params($this->lifetime, $path, $domain, $secure);
        }
        Hm_Functions::session_start();
        $this->session_key = session_id();
        $this->start_session_data($request);
        $this->validate_session_data($request);
    }

    /**
     * Setup the cookie params for a session cookie
     * @param Hm_Request $request request details
     * @return array list of cookie fields
     */
    public function set_session_params($request) {
        $path = false;
        if ($request->tls) {
            $secure = true;
        } else {
            $secure = false;
        }
        if (isset($request->path)) {
            $path = $request->path;
        }
        $domain = $this->site_config->get('cookie_domain', false);
        if (!$domain && array_key_exists('HTTP_HOST', $request->server)) {
            $host = parse_url($request->server['HTTP_HOST'],  PHP_URL_HOST);
            if (trim((string) $host)) {
                $domain = $host;
            } else {
                $domain = $request->server['HTTP_HOST'];
            }
        }
        if ($domain == 'none') {
            $domain = '';
        }
        return array($secure, $path, $domain);
    }

    /**
     * Write session data to avoid locking, keep session active, but don't allow writing
     * @return void
     */
    public function close_early() {
        $this->session_closed = true;
        $this->save_data();
    }

    /**
     * Destroy a session for good
     * @param Hm_Request $request request details
     * @return void
     */
    public function destroy($request) {
        if (function_exists('delete_uploaded_files')) {
            delete_uploaded_files($this);
        }
        session_unset();
        Hm_Functions::session_destroy();
        $params = session_get_cookie_params();
        $this->delete_cookie($request, $this->cname, $params['path'], $params['domain']);
        $this->delete_cookie($request, 'hm_id');
        $this->delete_cookie($request, 'hm_reload_folders');
        $this->delete_cookie($request, 'hm_msgs');
        $this->active = false;
    }

    /**
     * End a session after a page request is complete. This only closes the session and
     * does not destroy it
     * @return void
     */
    public function end() {
        if ($this->active) {
            if (!$this->session_closed) {
                $this->save_data();
            }
            $this->active = false;
        }
    }
}

1	<?php
2
3	/**
4	* Session handling
5	* @package framework
6	* @subpackage session
7	*/
8
9	trait Hm_Session_Auth {
10
11	/**
12	* Lazy loader for the auth mech so modules can define their own
13	* overrides
14	* @return void
15	*/
16	abstract protected function load_auth_mech();
17
18	/**
19	* Call the configured authentication method to check user credentials
20	* @param string $user username
21	* @param string $pass password
22	* @return bool true if the authentication was successful
23	*/
24	public function auth($user, $pass) {	2✔
25	$this->load_auth_mech();	2✔
26	return $this->auth_mech->check_credentials($user, $pass);	2✔
27	}
28
29	/**
30	* Save auth detail if it's needed (mech specific)
31	* @return void
32	*/
33	public function save_auth_detail() {	2✔
34	$this->auth_mech->save_auth_detail($this);	2✔
35	}
36
37	/**
38	* Call the configuration authentication method to change the user password
39	* @param string $user username
40	* @param string $pass password
41	* @return bool true if the password was changed
42	*/
43	public function change_pass($user, $pass) {	1✔
44	$this->load_auth_mech();	1✔
45	return $this->auth_mech->change_pass($user, $pass);	1✔
46	}
47
48	/**
49	* Call the configuration authentication method to create an account
50	* @param string $user username
51	* @param string $pass password
52	* @return bool true if the account was created
53	*/
54	public function create($user, $pass) {	1✔
55	$this->load_auth_mech();	1✔
56	return $this->auth_mech->create($user, $pass);	1✔
57	}
58	}
59
60	/**
61	* PHP session data methods
62	* @package framework
63	* @subpackage session
64	*/
65	abstract class Hm_PHP_Session_Data extends Hm_Session {
66
67	/**
68	* @param Hm_Request $request request details
69	* @return void
70	*/
71	protected function validate_session_data($request) {	4✔
72	if ($this->existing && count($this->data) == 0) {	4✔
73	$this->destroy($request);	2✔
74	} else {
75	Hm_Debug::add('LOGGED IN', 'success');	4✔
76	$this->active = true;	4✔
77	}
78	}
79
80	/**
81	* @param Hm_Request $request request details
82	* @return void
83	*/
84	protected function start_session_data($request) {	4✔
85	if (array_key_exists('data', $_SESSION)) {	4✔
86	$data = $this->plaintext($_SESSION['data']);	4✔
87	if (is_array($data)) {	4✔
88	$this->data = $data;	1✔
89	} elseif (!$this->loaded) {	4✔
90	$this->destroy($request);	3✔
91	Hm_Debug::add('Mismatched session level encryption key', 'warning');	3✔
92	}
93	}
94	}
95
96	/**
97	* Return a session value, or a user settings value stored in the session
98	* @param string $name session value name to return
99	* @param mixed $default value to return if $name is not found
100	* @param bool $user if true, only search the user_data section of the session
101	* @return mixed the value if found, otherwise $default
102	*/
103	public function get($name, $default = false, $user = false) {	8✔
104	if ($user) {	8✔
105	return array_key_exists('user_data', $this->data) && array_key_exists($name, $this->data['user_data']) ? $this->data['user_data'][$name] : $default;	1✔
106	} else {
107	return array_key_exists($name, $this->data) ? $this->data[$name] : $default;	8✔
108	}
109	}
110
111	/**
112	* Save a value in the session
113	* @param string $name the name to save
114	* @param string $value the value to save
115	* @param bool $user if true, save in the user_data section of the session
116	* @return void
117	*/
118	public function set($name, $value, $user = false) {	21✔
119	if ($user) {	21✔
120	$this->data['user_data'][$name] = $value;	1✔
121	} else {
122	$this->data[$name] = $value;	21✔
123	}
124	}
125
126	/**
127	* Delete a value from the session
128	* @param string $name name of value to delete
129	* @return void
130	*/
131	public function del($name) {	1✔
132	if (array_key_exists($name, $this->data)) {	1✔
133	unset($this->data[$name]);	1✔
134	return true;	1✔
135	}
136	return false;	1✔
137	}
138
139	/**
140	* Save session data
141	* @return void
142	*/
143	public function save_data() {	3✔
144	$enc_data = $this->ciphertext($this->data);	3✔
145	$_SESSION = array('data' => $enc_data);	3✔
146	session_write_close();	3✔
147	$_SESSION = array();	3✔
148	}
149	}
150
151	/**
152	* PHP Sessions that extend the base session class
153	* @package framework
154	* @subpackage session
155	*/
156	class Hm_PHP_Session extends Hm_PHP_Session_Data {
157
158	use Hm_Session_Auth;
159
160	/* data store connection used by classes that extend this */
161	public $conn;
162
163	/* flag to indicate an existing session */
164	protected $existing = false;
165
166	/**
167	* Setup newly authenticated session
168	* @param Hm_Request $request
169	* @param boolean $fingerprint
170	* @return null
171	*/
172	protected function authed($request, $fingerprint) {	2✔
173	$this->set_key($request);	2✔
174	$this->loaded = true;	2✔
175	$this->start($request);	2✔
176	if ($fingerprint) {	2✔
177	$this->set_fingerprint($request);	2✔
178	}
179	else {
180	$this->set('fingerprint', '');	1✔
181	}
182	$this->save_auth_detail();	2✔
183	$this->just_started();	2✔
184	}
185
186	/**
187	* Check for an existing session or a new user/pass login request
188	* @param object $request request details
189	* @param string $user username
190	* @param string $pass password
191	* @return bool
192	*/
193	public function check($request, $user = false, $pass = false, $fingerprint = true) {	3✔
194	if ($user !== false && $pass !== false) {	3✔
195	if ($this->auth($user, $pass)) {	2✔
196	$this->authed($request, $fingerprint);	2✔
197	}
198	} elseif (array_key_exists($this->cname, $request->cookie)) {	2✔
199	$this->get_key($request);	2✔
200	$this->existing = true;	2✔
201	$this->start($request);	2✔
202	$this->check_fingerprint($request);	2✔
203	}
204	return $this->is_active();	3✔
205	}
206
207	/**
208	* Start the session. This could be an existing session or a new login
209	* @param Hm_Request $request request details
210	* @return void
211	*/
212	public function start($request) {	4✔
213	if (array_key_exists($this->cname, $request->cookie)) {	4✔
214	session_id($request->cookie[$this->cname]);	2✔
215	}
216	list($secure, $path, $domain) = $this->set_session_params($request);	4✔
217	if (ini_get('session.use_cookies')) {	4✔
218	session_set_cookie_params($this->lifetime, $path, $domain, $secure);	×
219	}
220	Hm_Functions::session_start();	4✔
221	$this->session_key = session_id();	4✔
222	$this->start_session_data($request);	4✔
223	$this->validate_session_data($request);	4✔
224	}
225
226	/**
227	* Setup the cookie params for a session cookie
228	* @param Hm_Request $request request details
229	* @return array list of cookie fields
230	*/
231	public function set_session_params($request) {	5✔
232	$path = false;	5✔
233	if ($request->tls) {	5✔
234	$secure = true;	1✔
235	} else {
236	$secure = false;	5✔
237	}
238	if (isset($request->path)) {	5✔
239	$path = $request->path;	5✔
240	}
241	$domain = $this->site_config->get('cookie_domain', false);	5✔
242	if (!$domain && array_key_exists('HTTP_HOST', $request->server)) {	5✔
243	$host = parse_url($request->server['HTTP_HOST'], PHP_URL_HOST);	1✔
244	if (trim((string) $host)) {	1✔
245	$domain = $host;	×
246	} else {
247	$domain = $request->server['HTTP_HOST'];	1✔
248	}
249	}
250	if ($domain == 'none') {	5✔
251	$domain = '';	1✔
252	}
253	return array($secure, $path, $domain);	5✔
254	}
255
256	/**
257	* Write session data to avoid locking, keep session active, but don't allow writing
258	* @return void
259	*/
260	public function close_early() {	1✔
261	$this->session_closed = true;	1✔
262	$this->save_data();	1✔
263	}
264
265	/**
266	* Destroy a session for good
267	* @param Hm_Request $request request details
268	* @return void
269	*/
270	public function destroy($request) {	15✔
271	if (function_exists('delete_uploaded_files')) {	15✔
272	delete_uploaded_files($this);	15✔
273	}
274	session_unset();	15✔
275	Hm_Functions::session_destroy();	15✔
276	$params = session_get_cookie_params();	15✔
277	$this->delete_cookie($request, $this->cname, $params['path'], $params['domain']);	15✔
278	$this->delete_cookie($request, 'hm_id');	15✔
279	$this->delete_cookie($request, 'hm_reload_folders');	15✔
280	$this->delete_cookie($request, 'hm_msgs');	15✔
281	$this->active = false;	15✔
282	}
283
284	/**
285	* End a session after a page request is complete. This only closes the session and
286	* does not destroy it
287	* @return void
288	*/
289	public function end() {	7✔
290	if ($this->active) {	7✔
291	if (!$this->session_closed) {	1✔
292	$this->save_data();	1✔
293	}
294	$this->active = false;	1✔
295	}
296	}
297	}

cypht-org / cypht / 19104101509

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous