Example #1
0
 /**
  * Get value of HTTP cookie from the current HTTP request
  *
  * Return the value of a cookie from the current HTTP request,
  * or return NULL if cookie does not exist. Cookies created during
  * the current request will not be available until the next request.
  *
  * @param  string      $name
  * @return string|null
  */
 public function getCookie($name, $deleteIfInvalid = true)
 {
     // Get cookie value
     $value = $this->request->cookies->get($name);
     // Decode if encrypted
     if ($this->config('cookies.encrypt')) {
         $value = \Slim\Http\Util::decodeSecureCookie($value, $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode'));
         if ($value === false && $deleteIfInvalid) {
             $this->deleteCookie($name);
         }
     }
     return $value;
 }
Example #2
0
 /**
  * Test serializeCookies and decrypt with string expires
  *
  * In this test a cookie with a string typed value for 'expires' is set,
  * which should be parsed by `strtotime` to a timestamp when it's added to
  * the headers; this timestamp should then be correctly parsed, and the
  * value correctly decrypted, by `decodeSecureCookie`.
  */
 public function testSerializeCookiesAndDecryptWithStringExpires()
 {
     $value = 'bar';
     $headers = new \Slim\Http\Headers();
     $settings = array('cookies.encrypt' => true, 'cookies.secret_key' => 'secret', 'cookies.cipher' => MCRYPT_RIJNDAEL_256, 'cookies.cipher_mode' => MCRYPT_MODE_CBC);
     $cookies = new \Slim\Http\Cookies();
     $cookies->set('foo', array('value' => $value, 'expires' => '1 hour'));
     \Slim\Http\Util::serializeCookies($headers, $cookies, $settings);
     $encrypted = $headers->get('Set-Cookie');
     $encrypted = strstr($encrypted, ';', true);
     $encrypted = urldecode(substr(strstr($encrypted, '='), 1));
     $decrypted = \Slim\Http\Util::decodeSecureCookie($encrypted, $settings['cookies.secret_key'], $settings['cookies.cipher'], $settings['cookies.cipher_mode']);
     $this->assertEquals($value, $decrypted);
     $this->assertTrue($value !== $encrypted);
 }
Example #3
0
 /**
  * Get value of HTTP cookie from the current HTTP request
  *
  * Return the value of a cookie from the current HTTP request,
  * or return NULL if cookie does not exist. Cookies created during
  * the current request will not be available until the next request.
  *
  * @param  string      $name
  * @param  bool        $deleteIfInvalid
  * @return string|null
  */
 public function getCookie($name, $deleteIfInvalid = true)
 {
     // Get cookie value
     $value = $this->request->cookies->get($name);
     // Decode if encrypted
     if ($this->config('cookies.encrypt')) {
         $value = \Slim\Http\Util::decodeSecureCookie($value, $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode'));
         if ($value === false && $deleteIfInvalid) {
             $this->deleteCookie($name);
         }
     }
     /*
      * transform $value to @return doc requirement.
      * \Slim\Http\Util::decodeSecureCookie -  is able
      * to return false and we have to cast it to null.
      */
     return $value === false ? null : $value;
 }
Example #4
0
 /**
  * Get value of encrypted HTTP cookie
  *
  * Return the value of an encrypted cookie from the current HTTP request,
  * or return NULL if cookie does not exist. Encrypted cookies created during
  * the current request will not be available until the next request.
  *
  * @param  string       $name
  * @return string|false
  */
 public function getEncryptedCookie($name, $deleteIfInvalid = true)
 {
     $value = \Slim\Http\Util::decodeSecureCookie($this->request->cookies($name), $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode'));
     if ($value === false && $deleteIfInvalid) {
         $this->deleteCookie($name);
     }
     return $value;
 }
Example #5
0
 /**
  * Test encode/decode secure cookie with tampered data
  *
  * In this test, the encoded data is purposefully changed to simulate someone
  * tampering with the client-side cookie data. When decoding the encoded cookie value,
  * FALSE is returned since the verification key will not match.
  */
 public function testEncodeAndDecodeSecureCookieWithTamperedData()
 {
     $value = 'foo';
     $expires = time() + 86400;
     $secret = 'password';
     $algorithm = MCRYPT_RIJNDAEL_256;
     $mode = MCRYPT_MODE_CBC;
     $encodedValue = \Slim\Http\Util::encodeSecureCookie($value, $expires, $secret, $algorithm, $mode);
     $encodedValueParts = explode('|', $encodedValue);
     $encodedValueParts[1] = $encodedValueParts[1] . 'changed';
     $encodedValue = implode('|', $encodedValueParts);
     $decodedValue = \Slim\Http\Util::decodeSecureCookie($encodedValue, $secret, $algorithm, $mode);
     $this->assertFalse($decodedValue);
 }
Example #6
0
 /**
  * Load session
  */
 protected function loadSession()
 {
     if (session_id() === '') {
         session_start();
     }
     $value = \Slim\Http\Util::decodeSecureCookie($this->app->request()->cookies($this->settings['name']), $this->settings['secret'], $this->settings['cipher'], $this->settings['cipher_mode']);
     if ($value) {
         $_SESSION = unserialize($value);
     } else {
         $_SESSION = array();
     }
 }