26230827274

Committed 21 May 2026 02:01PM UTC coverage: 72.803% (-5.4%) from 78.201%

Build # 26230827274

Build Type

push

travis-ci

Committed by

web-flow

Commit Message

Merge pull request #1972 from IrAlfred/remove-duplicate-testdox-flag-in-coverage-report

fix(workflow): remove duplicate --testdox flag causing coverage job exit code 1

Coverage Stats

4797 of 6589 relevant lines covered (72.8%)

7.74 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

84.25

/lib/session_php.php

<?php

/**
 * Session handling
 * @package framework
 * @subpackage session
 */

trait Hm_Session_Auth {

    /**
     * Lazy loader for the auth mech so modules can define their own
     * overrides
     * @return void
     */
    abstract protected function load_auth_mech();

    /**
     * Call the configured authentication method to check user credentials
     * @param string $user username
     * @param string $pass password
     * @return bool true if the authentication was successful
     */
    public function auth($user, $pass) {
        $this->load_auth_mech();
        return $this->auth_mech->check_credentials($user, $pass);
    }

    /**
     * Save auth detail if it's needed (mech specific)
     * @return void
     */
    public function save_auth_detail() {
        $this->auth_mech->save_auth_detail($this);
    }

    /**
     * Call the configuration authentication method to change the user password
     * @param string $user username
     * @param string $pass password
     * @return bool true if the password was changed
     */
    public function change_pass($user, $pass) {
        $this->load_auth_mech();
        return $this->auth_mech->change_pass($user, $pass);
    }

    /**
     * Call the configuration authentication method to create an account
     * @param string $user username
     * @param string $pass password
     * @return bool true if the account was created
     */
    public function create($user, $pass) {
        $this->load_auth_mech();
        return $this->auth_mech->create($user, $pass);
    }
}

/**
 * PHP session data methods
 * @package framework
 * @subpackage session
 */
abstract class Hm_PHP_Session_Data extends Hm_Session {

    /**
     * @param Hm_Request $request request details
     * @return void
     */
    protected function validate_session_data($request) {
        if ($this->existing && count($this->data) == 0) {
            $this->destroy($request);
        } else {
            Hm_Debug::add('LOGGED IN', 'success');
            $this->active = true;
        }
    }

    /**
     * @param Hm_Request $request request details
     * @return void
     */
    protected function start_session_data($request) {
        if (array_key_exists('data', $_SESSION)) {
            $data = $this->plaintext($_SESSION['data']);
            if (is_array($data)) {
                $this->data = $data;
            } elseif (!$this->loaded) {
                $this->destroy($request);
                Hm_Debug::add('Mismatched session level encryption key', 'warning');
            }
        }
    }

    /**
     * Return a session value, or a user settings value stored in the session
     * @param string $name session value name to return
     * @param mixed $default value to return if $name is not found
     * @param bool $user if true, only search the user_data section of the session
     * @return mixed the value if found, otherwise $default
     */
    public function get($name, $default = false, $user = false) {
        if ($user) {
            return array_key_exists('user_data', $this->data) && array_key_exists($name, $this->data['user_data']) ? $this->data['user_data'][$name] : $default;
        } else {
            return array_key_exists($name, $this->data) ? $this->data[$name] : $default;
        }
    }

    /**
     * Save a value in the session
     * @param string $name the name to save
     * @param string $value the value to save
     * @param bool $user if true, save in the user_data section of the session
     * @return void
     */
    public function set($name, $value, $user = false) {
        if ($user) {
            $this->data['user_data'][$name] = $value;
        } else {
            $this->data[$name] = $value;
        }
    }

    /**
     * Delete a value from the session
     * @param string $name name of value to delete
     * @return void
     */
    public function del($name) {
        if (array_key_exists($name, $this->data)) {
            unset($this->data[$name]);
            return true;
        }
        return false;
    }

    /**
     * Save session data
     * @return void
     */
    public function save_data() {
        $enc_data = $this->ciphertext($this->data);
        $_SESSION = array('data' => $enc_data);
        session_write_close();
        $_SESSION = array();
    }
}

/**
 * PHP Sessions that extend the base session class
 * @package framework
 * @subpackage session
 */
class Hm_PHP_Session extends Hm_PHP_Session_Data {

    use Hm_Session_Auth;

    /* data store connection used by classes that extend this */
    public $conn;

    /* flag to indicate an existing session */
    protected $existing = false;

    /**
     * Setup newly authenticated session
     * @param Hm_Request $request
     * @param boolean $fingerprint
     * @return null
     */
    protected function authed($request, $fingerprint) {
        $this->set_key($request);
        $this->loaded = true;
        $this->start($request);
        if ($fingerprint) {
            $this->set_fingerprint($request);
        }
        else {
            $this->set('fingerprint', '');
        }
        $this->save_auth_detail();
        $this->just_started();
    }

    /**
     * Check for an existing session or a new user/pass login request
     * @param object $request request details
     * @param string $user username
     * @param string $pass password
     * @return bool
     */
    public function check($request, $user = false, $pass = false, $fingerprint = true) {
        if ($user !== false && $pass !== false) {
            if ($this->auth($user, $pass)) {
                $this->authed($request, $fingerprint);
            }
        } elseif (array_key_exists($this->cname, $request->cookie)) {
            $this->get_key($request);
            $this->existing = true;
            $this->start($request);
            $this->check_fingerprint($request);
            $this->restore_long_session($request);
        }
        return $this->is_active();
    }

    /**
     * Start the session. This could be an existing session or a new login
     * @param Hm_Request $request request details
     * @return void
     */
    public function start($request) {
        if (array_key_exists($this->cname, $request->cookie)) {
            session_id($request->cookie[$this->cname]);
        }
        list($secure, $path, $domain) = $this->set_session_params($request);
        if (ini_get('session.use_cookies')) {
            session_set_cookie_params($this->lifetime, $path, $domain, $secure);
        }
        Hm_Functions::session_start();
        $this->session_key = session_id();
        $this->start_session_data($request);
        $this->validate_session_data($request);
    }

    /**
     * Setup the cookie params for a session cookie
     * @param Hm_Request $request request details
     * @return array list of cookie fields
     */
    public function set_session_params($request) {
        $path = false;
        if ($request->tls) {
            $secure = true;
        } else {
            $secure = false;
        }
        if (isset($request->path)) {
            $path = $request->path;
        }
        $domain = $this->site_config->get('cookie_domain', false);
        if (!$domain && array_key_exists('HTTP_HOST', $request->server)) {
            $host = parse_url($request->server['HTTP_HOST'],  PHP_URL_HOST);
            if (trim((string) $host)) {
                $domain = $host;
            } else {
                $domain = $request->server['HTTP_HOST'];
            }
        }
        if ($domain == 'none') {
            $domain = '';
        }
        return array($secure, $path, $domain);
    }

    /**
     * Restore long session settings for existing sessions
     * @param Hm_Request $request request details
     * @return void
     */
    protected function restore_long_session($request) {
        if ($this->get('long_session_enabled', false)) {
            $stored_lifetime = $this->get('long_session_lifetime', 0);
            if ($stored_lifetime > 0) {
                $this->lifetime = $stored_lifetime;
                $this->refresh_session_cookie($request);
            }
        }
    }

    /**
     * Refresh the session cookie with the current lifetime
     * @param Hm_Request $request request details
     * @return void
     */
    protected function refresh_session_cookie($request) {
        if ($this->active && $this->session_key) {
            list($secure, $path, $domain) = $this->set_session_params($request);
            $params = session_get_cookie_params();
            // Calculate expiration time: 0 for session-only, or timestamp for long session
            $expire = ($this->lifetime > 0) ? $this->lifetime : 0;
            Hm_Functions::setcookie(
                $this->cname,
                $this->session_key,
                $expire,
                $path,
                $domain,
                $secure,
                true
            );
        }
    }

    /**
     * Write session data to avoid locking, keep session active, but don't allow writing
     * @return void
     */
    public function close_early() {
        $this->session_closed = true;
        $this->save_data();
    }

    /**
     * Destroy a session for good
     * @param Hm_Request $request request details
     * @return void
     */
    public function destroy($request) {
        if (function_exists('delete_uploaded_files')) {
            delete_uploaded_files($this);
        }
        session_unset();
        Hm_Functions::session_destroy();
        $params = session_get_cookie_params();
        $this->delete_cookie($request, $this->cname, $params['path'], $params['domain']);
        $this->delete_cookie($request, 'hm_id');
        $this->delete_cookie($request, 'hm_reload_folders');
        $this->delete_cookie($request, 'hm_msgs');
        $this->active = false;
    }

    /**
     * End a session after a page request is complete. This only closes the session and
     * does not destroy it
     * @return void
     */
    public function end() {
        if ($this->active) {
            if (!$this->session_closed) {
                $this->save_data();
            }
            $this->active = false;
        }
    }
}

1	<?php
2
3	/**
4	* Session handling
5	* @package framework
6	* @subpackage session
7	*/
8
9	trait Hm_Session_Auth {
10
11	/**
12	* Lazy loader for the auth mech so modules can define their own
13	* overrides
14	* @return void
15	*/
16	abstract protected function load_auth_mech();
17
18	/**
19	* Call the configured authentication method to check user credentials
20	* @param string $user username
21	* @param string $pass password
22	* @return bool true if the authentication was successful
23	*/
24	public function auth($user, $pass) {	2✔
25	$this->load_auth_mech();	2✔
26	return $this->auth_mech->check_credentials($user, $pass);	2✔
27	}
28
29	/**
30	* Save auth detail if it's needed (mech specific)
31	* @return void
32	*/
33	public function save_auth_detail() {	2✔
34	$this->auth_mech->save_auth_detail($this);	2✔
35	}
36
37	/**
38	* Call the configuration authentication method to change the user password
39	* @param string $user username
40	* @param string $pass password
41	* @return bool true if the password was changed
42	*/
43	public function change_pass($user, $pass) {	1✔
44	$this->load_auth_mech();	1✔
45	return $this->auth_mech->change_pass($user, $pass);	1✔
46	}
47
48	/**
49	* Call the configuration authentication method to create an account
50	* @param string $user username
51	* @param string $pass password
52	* @return bool true if the account was created
53	*/
54	public function create($user, $pass) {	1✔
55	$this->load_auth_mech();	1✔
56	return $this->auth_mech->create($user, $pass);	1✔
57	}
58	}
59
60	/**
61	* PHP session data methods
62	* @package framework
63	* @subpackage session
64	*/
65	abstract class Hm_PHP_Session_Data extends Hm_Session {
66
67	/**
68	* @param Hm_Request $request request details
69	* @return void
70	*/
71	protected function validate_session_data($request) {	4✔
72	if ($this->existing && count($this->data) == 0) {	4✔
73	$this->destroy($request);	2✔
74	} else {
75	Hm_Debug::add('LOGGED IN', 'success');	4✔
76	$this->active = true;	4✔
77	}
78	}
79
80	/**
81	* @param Hm_Request $request request details
82	* @return void
83	*/
84	protected function start_session_data($request) {	4✔
85	if (array_key_exists('data', $_SESSION)) {	4✔
86	$data = $this->plaintext($_SESSION['data']);	4✔
87	if (is_array($data)) {	4✔
88	$this->data = $data;	1✔
89	} elseif (!$this->loaded) {	4✔
90	$this->destroy($request);	3✔
91	Hm_Debug::add('Mismatched session level encryption key', 'warning');	3✔
92	}
93	}
94	}
95
96	/**
97	* Return a session value, or a user settings value stored in the session
98	* @param string $name session value name to return
99	* @param mixed $default value to return if $name is not found
100	* @param bool $user if true, only search the user_data section of the session
101	* @return mixed the value if found, otherwise $default
102	*/
103	public function get($name, $default = false, $user = false) {	8✔
104	if ($user) {	8✔
105	return array_key_exists('user_data', $this->data) && array_key_exists($name, $this->data['user_data']) ? $this->data['user_data'][$name] : $default;	1✔
106	} else {
107	return array_key_exists($name, $this->data) ? $this->data[$name] : $default;	8✔
108	}
109	}
110
111	/**
112	* Save a value in the session
113	* @param string $name the name to save
114	* @param string $value the value to save
115	* @param bool $user if true, save in the user_data section of the session
116	* @return void
117	*/
118	public function set($name, $value, $user = false) {	21✔
119	if ($user) {	21✔
120	$this->data['user_data'][$name] = $value;	1✔
121	} else {
122	$this->data[$name] = $value;	21✔
123	}
124	}
125
126	/**
127	* Delete a value from the session
128	* @param string $name name of value to delete
129	* @return void
130	*/
131	public function del($name) {	1✔
132	if (array_key_exists($name, $this->data)) {	1✔
133	unset($this->data[$name]);	1✔
134	return true;	1✔
135	}
136	return false;	1✔
137	}
138
139	/**
140	* Save session data
141	* @return void
142	*/
143	public function save_data() {	3✔
144	$enc_data = $this->ciphertext($this->data);	3✔
145	$_SESSION = array('data' => $enc_data);	3✔
146	session_write_close();	3✔
147	$_SESSION = array();	3✔
148	}
149	}
150
151	/**
152	* PHP Sessions that extend the base session class
153	* @package framework
154	* @subpackage session
155	*/
156	class Hm_PHP_Session extends Hm_PHP_Session_Data {
157
158	use Hm_Session_Auth;
159
160	/* data store connection used by classes that extend this */
161	public $conn;
162
163	/* flag to indicate an existing session */
164	protected $existing = false;
165
166	/**
167	* Setup newly authenticated session
168	* @param Hm_Request $request
169	* @param boolean $fingerprint
170	* @return null
171	*/
172	protected function authed($request, $fingerprint) {	2✔
173	$this->set_key($request);	2✔
174	$this->loaded = true;	2✔
175	$this->start($request);	2✔
176	if ($fingerprint) {	2✔
177	$this->set_fingerprint($request);	2✔
178	}
179	else {
180	$this->set('fingerprint', '');	1✔
181	}
182	$this->save_auth_detail();	2✔
183	$this->just_started();	2✔
184	}
185
186	/**
187	* Check for an existing session or a new user/pass login request
188	* @param object $request request details
189	* @param string $user username
190	* @param string $pass password
191	* @return bool
192	*/
193	public function check($request, $user = false, $pass = false, $fingerprint = true) {	3✔
194	if ($user !== false && $pass !== false) {	3✔
195	if ($this->auth($user, $pass)) {	2✔
196	$this->authed($request, $fingerprint);	2✔
197	}
198	} elseif (array_key_exists($this->cname, $request->cookie)) {	2✔
199	$this->get_key($request);	2✔
200	$this->existing = true;	2✔
201	$this->start($request);	2✔
202	$this->check_fingerprint($request);	2✔
203	$this->restore_long_session($request);	2✔
204	}
205	return $this->is_active();	3✔
206	}
207
208	/**
209	* Start the session. This could be an existing session or a new login
210	* @param Hm_Request $request request details
211	* @return void
212	*/
213	public function start($request) {	4✔
214	if (array_key_exists($this->cname, $request->cookie)) {	4✔
215	session_id($request->cookie[$this->cname]);	2✔
216	}
217	list($secure, $path, $domain) = $this->set_session_params($request);	4✔
218	if (ini_get('session.use_cookies')) {	4✔
219	session_set_cookie_params($this->lifetime, $path, $domain, $secure);	×
220	}
221	Hm_Functions::session_start();	4✔
222	$this->session_key = session_id();	4✔
223	$this->start_session_data($request);	4✔
224	$this->validate_session_data($request);	4✔
225	}
226
227	/**
228	* Setup the cookie params for a session cookie
229	* @param Hm_Request $request request details
230	* @return array list of cookie fields
231	*/
232	public function set_session_params($request) {	5✔
233	$path = false;	5✔
234	if ($request->tls) {	5✔
235	$secure = true;	1✔
236	} else {
237	$secure = false;	5✔
238	}
239	if (isset($request->path)) {	5✔
240	$path = $request->path;	5✔
241	}
242	$domain = $this->site_config->get('cookie_domain', false);	5✔
243	if (!$domain && array_key_exists('HTTP_HOST', $request->server)) {	5✔
244	$host = parse_url($request->server['HTTP_HOST'], PHP_URL_HOST);	1✔
245	if (trim((string) $host)) {	1✔
246	$domain = $host;	×
247	} else {
248	$domain = $request->server['HTTP_HOST'];	1✔
249	}
250	}
251	if ($domain == 'none') {	5✔
252	$domain = '';	1✔
253	}
254	return array($secure, $path, $domain);	5✔
255	}
256
257	/**
258	* Restore long session settings for existing sessions
259	* @param Hm_Request $request request details
260	* @return void
261	*/
262	protected function restore_long_session($request) {	2✔
263	if ($this->get('long_session_enabled', false)) {	2✔
264	$stored_lifetime = $this->get('long_session_lifetime', 0);	×
265	if ($stored_lifetime > 0) {	×
266	$this->lifetime = $stored_lifetime;	×
267	$this->refresh_session_cookie($request);	×
268	}
269	}
270	}
271
272	/**
273	* Refresh the session cookie with the current lifetime
274	* @param Hm_Request $request request details
275	* @return void
276	*/
277	protected function refresh_session_cookie($request) {	×
278	if ($this->active && $this->session_key) {	×
279	list($secure, $path, $domain) = $this->set_session_params($request);	×
280	$params = session_get_cookie_params();	×
281	// Calculate expiration time: 0 for session-only, or timestamp for long session
282	$expire = ($this->lifetime > 0) ? $this->lifetime : 0;	×
283	Hm_Functions::setcookie(	×
284	$this->cname,	×
285	$this->session_key,	×
286	$expire,	×
287	$path,	×
288	$domain,	×
289	$secure,	×
290	true	×
291	);	×
292	}
293	}
294
295	/**
296	* Write session data to avoid locking, keep session active, but don't allow writing
297	* @return void
298	*/
299	public function close_early() {	1✔
300	$this->session_closed = true;	1✔
301	$this->save_data();	1✔
302	}
303
304	/**
305	* Destroy a session for good
306	* @param Hm_Request $request request details
307	* @return void
308	*/
309	public function destroy($request) {	15✔
310	if (function_exists('delete_uploaded_files')) {	15✔
311	delete_uploaded_files($this);	15✔
312	}
313	session_unset();	15✔
314	Hm_Functions::session_destroy();	15✔
315	$params = session_get_cookie_params();	15✔
316	$this->delete_cookie($request, $this->cname, $params['path'], $params['domain']);	15✔
317	$this->delete_cookie($request, 'hm_id');	15✔
318	$this->delete_cookie($request, 'hm_reload_folders');	15✔
319	$this->delete_cookie($request, 'hm_msgs');	15✔
320	$this->active = false;	15✔
321	}
322
323	/**
324	* End a session after a page request is complete. This only closes the session and
325	* does not destroy it
326	* @return void
327	*/
328	public function end() {	7✔
329	if ($this->active) {	7✔
330	if (!$this->session_closed) {	1✔
331	$this->save_data();	1✔
332	}
333	$this->active = false;	1✔
334	}
335	}
336	}

cypht-org / cypht / 26230827274

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous