From 6ae14fd5f021b8f6194a12e037010c1f35864828 Mon Sep 17 00:00:00 2001
From: "origami11@yandex.ru" <phedor@edu.yar.ru>
Date: Tue, 13 Feb 2024 15:33:25 +0300
Subject: [PATCH] =?UTF-8?q?fix:=20=D0=A0=D0=B0=D1=81=D1=87=D0=B5=D1=82=20?=
 =?UTF-8?q?=D1=85=D0=B5=D1=88=D0=B0=20=D0=B4=D0=BB=D1=8F=20=D0=B1=D1=80?=
 =?UTF-8?q?=D0=B0=D1=83=D0=B7=D0=B5=D1=80=D0=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Filter/Authorization.php | 12 ++++++++++--
 src/Filter/Login.php         | 15 ++-------------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/src/Filter/Authorization.php b/src/Filter/Authorization.php
index ffe3282..814418f 100644
--- a/src/Filter/Authorization.php
+++ b/src/Filter/Authorization.php
@@ -36,10 +36,11 @@ class Authorization {
 
         $_SESSION [$group] = $id;
         $_SESSION [self::SESSION_BROWSER_SIGN_KEYNAME] = self::getBrowserSign();
+        $_SESSION ["sign"] = self::getRawSign();
         $_SESSION ["time"] = time();
     }
 
-    static function getBrowserSign()
+    static function getRawSign()
     {
         $rawSign = self::SESSION_BROWSER_SIGN_SECRET;
         $signParts = ['HTTP_USER_AGENT'];
@@ -47,7 +48,14 @@ class Authorization {
         foreach ($signParts as $signPart) {
             $rawSign  .= '::' . (isset($_SERVER[$signPart]) ? $_SERVER[$signPart] : 'none');
         }
-        return md5($rawSign);
+        
+        return $rawSign;
+    }
+
+    static function getBrowserSign()
+    {
+        
+        return md5(self::getRawSign());
     }
 
     function logout() {
diff --git a/src/Filter/Login.php b/src/Filter/Login.php
index 61d20ec..a891d32 100644
--- a/src/Filter/Login.php
+++ b/src/Filter/Login.php
@@ -108,7 +108,7 @@ class Login extends Filter
                 break;
             */
             default:
-                $hash = $this->getBrowserSign();
+                $hash = Authorization::getBrowserSign();
                 // Если $hash не совпадает $_SESSION['hash'] то удаляем сессию
                 if (isset($_SESSION ['access']) && isset($_SESSION[self::SESSION_BROWSER_SIGN_KEYNAME])) {
                     if ($hash == $_SESSION[self::SESSION_BROWSER_SIGN_KEYNAME]) {
@@ -125,17 +125,6 @@ class Login extends Filter
         return false;
     }
 
-    private function getBrowserSign() {
-        $rawSign = self::SESSION_BROWSER_SIGN_SECRET;
-        //$signParts = array('HTTP_USER_AGENT', 'HTTP_ACCEPT_ENCODING');
-        $signParts = array();
-
-        foreach ($signParts as $signPart) {
-            $rawSign  .= '::' . (isset($_SERVER[$signPart]) ? $_SERVER[$signPart] : 'none');
-        }
-        return md5($rawSign);
-    }
-
     private function enter($result) 
     {
         $this->user = $result;
@@ -145,7 +134,7 @@ class Login extends Filter
         $_SESSION["group"]  = $result->getInt('access');
         $_SESSION["access"] = $result->getInt('id_user'); // id_user
         $_SESSION["random"] = $random; // id_user
-        $_SESSION[self::SESSION_BROWSER_SIGN_KEYNAME] = $this->getBrowserSign();
+        $_SESSION[self::SESSION_BROWSER_SIGN_KEYNAME] = Authorization::getBrowserSign();
         $_SESSION["time"]   = time();
     }