fix: Расчет хеша для браузера

2024-02-13 15:33:25 +03:00 · 2024-02-13 15:33:25 +03:00 · 6ae14fd5f0
commit 6ae14fd5f0
parent 548d5daaa9
2 changed files with 12 additions and 15 deletions
--- a/src/Filter/Authorization.php
+++ b/src/Filter/Authorization.php
@ -36,10 +36,11 @@ class Authorization {

        $_SESSION [$group] = $id;
        $_SESSION [self::SESSION_BROWSER_SIGN_KEYNAME] = self::getBrowserSign();
+        $_SESSION ["sign"] = self::getRawSign();
        $_SESSION ["time"] = time();
    }

-    static function getBrowserSign()
+    static function getRawSign()
    {
        $rawSign = self::SESSION_BROWSER_SIGN_SECRET;
        $signParts = ['HTTP_USER_AGENT'];
@ -47,7 +48,14 @@ class Authorization {
        foreach ($signParts as $signPart) {
            $rawSign  .= '::' . (isset($_SERVER[$signPart]) ? $_SERVER[$signPart] : 'none');
        }
-        return md5($rawSign);
+        
+        return $rawSign;
+    }
+
+    static function getBrowserSign()
+    {
+        
+        return md5(self::getRawSign());
    }

    function logout() {
--- a/src/Filter/Login.php
+++ b/src/Filter/Login.php
@ -108,7 +108,7 @@ class Login extends Filter
                break;
            */
            default:
-                $hash = $this->getBrowserSign();
+                $hash = Authorization::getBrowserSign();
                // Если $hash не совпадает $_SESSION['hash'] то удаляем сессию
                if (isset($_SESSION ['access']) && isset($_SESSION[self::SESSION_BROWSER_SIGN_KEYNAME])) {
                    if ($hash == $_SESSION[self::SESSION_BROWSER_SIGN_KEYNAME]) {
@ -125,17 +125,6 @@ class Login extends Filter
        return false;
    }

-    private function getBrowserSign() {
-        $rawSign = self::SESSION_BROWSER_SIGN_SECRET;
-        //$signParts = array('HTTP_USER_AGENT', 'HTTP_ACCEPT_ENCODING');
-        $signParts = array();
-
-        foreach ($signParts as $signPart) {
-            $rawSign  .= '::' . (isset($_SERVER[$signPart]) ? $_SERVER[$signPart] : 'none');
-        }
-        return md5($rawSign);
-    }
-
    private function enter($result) 
    {
        $this->user = $result;
@ -145,7 +134,7 @@ class Login extends Filter
        $_SESSION["group"]  = $result->getInt('access');
        $_SESSION["access"] = $result->getInt('id_user'); // id_user
        $_SESSION["random"] = $random; // id_user
-        $_SESSION[self::SESSION_BROWSER_SIGN_KEYNAME] = $this->getBrowserSign();
+        $_SESSION[self::SESSION_BROWSER_SIGN_KEYNAME] = Authorization::getBrowserSign();
        $_SESSION["time"]   = time();
    }