<?php require __DIR__ . "/../lib/halfmoon.php"; HalfMoon\Config::set_session_store("encrypted_cookie", array("encryption_key" => str_repeat("0", 32))); class EncryptedCookieTest extends PHPUnit_Framework_TestCase { static $str = "australia's darrell lea soft eating liquorice"; static $key = "3d737148b5d7c1a08e0e92d26f8d020b"; static $cookie = "test"; public function setupSS($key, $cookie) { $this->ss = new HalfMoon\EncryptedCookieSessionStore($key); $this->ss->open("", $cookie); } public function testCookieEncryptionAndDecryption() { for ($z = 0; $z < 5000; $z++) { $key = bin2hex(openssl_random_pseudo_bytes(16)); $this->setupSS($key, "test_" . $z); $ki = rand(20, 40); for ($k = "", $x = 0; $x++ < $ki; $k .= bin2hex(chr(mt_rand(0, 255)))) { } $vi = rand(20, 500); for ($v = "", $x = 0; $x++ < $vi; $v .= bin2hex(chr(mt_rand(0, 255)))) { } $data = var_export(array($k, $v), true); $this->ss->write("", $data); $this->setupSS($key, "test_" . $z); $dec_data = $this->ss->read(""); $this->assertEquals($data, $dec_data); }
<?php /* early initialization of site-wide settings, loaded after halfmoon framework but before activerecord is initialized. per-environment setup like logging, tweaking php settings, etc. can be done here. any code requiring activerecord or needing to be done after everything is initialized should be done in config/application.php. */ /* session settings, change according to your application requirements */ session_name("_%%APP_NAME%%_session"); session_set_cookie_params($lifetime = 0, $path = "/"); /* activate encrypted cookie storage; requires the mcrypt php extension */ HalfMoon\Config::set_session_store("encrypted_cookie", array("encryption_key" => "%%COOKIE_ENCRYPTION_KEY%%")); /* a timezone is required for DateTime functions */ date_default_timezone_set("UTC"); /* environment-specific settings */ if (HALFMOON_ENV == "development") { /* be open and verbose during development */ /* show errors in the browser */ ini_set("display_errors", 1); /* log all activerecord queries and values */ HalfMoon\Config::set_activerecord_log_level("full"); /* log all halfmoon activity */ HalfMoon\Config::set_log_level("full"); } elseif (HALFMOON_ENV == "production") { /* be quiet in production */ /* don't display actual php error messages to the user, just generic error * pages (see skel/500.html) */ ini_set("display_errors", 0);