/** * Generates the csrf key and token and saves them * in the session data. * * @access public * @param \Zepi\Turbo\Request\WebRequest $request * @return array */ public function generateCsrfToken(WebRequest $request) { $key = 'csrf-' . $this->generateHash(32); $token = $this->generateHash(128); $request->setSessionData($key, $token); return array('key' => $key, 'token' => $token); }
/** * Regenerates the session. It makes the old session id obsolete and generates a new * session id. * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request */ protected function regenerateSession(WebRequest $request) { // Let the old session expire... $request->setSessionData('isObsolete', true); $request->setSessionData('maxLifetime', time() + 60); // Regenerate the session id but don't delete the old one session_regenerate_id(false); // Get the new session id $newSessionId = session_id(); // Close both sessions to free them for other requests session_write_close(); // Start the session with the new id session_id($newSessionId); session_start(); // Delete the temporary session data $request->deleteSessionData('isObsolete'); $request->deleteSessionData('maxLifetime'); }
/** * Generates a DataRequest object * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Web\UserInterface\Table\TableAbstract $table * @param false|integer $numberOfEntries * @return \Zepi\Web\UserInterface\Table\DataRequest */ protected function generateDataRequest(WebRequest $request, TableAbstract $table, $numberOfEntries) { $sortBy = 'name'; $sortByDirection = 'ASC'; // If the session has a data request object for the table, load it and refresh the data. $savedDataRequestKey = get_class($table) . '.DataRequest.Saved'; $dataRequest = false; if ($table->shouldSaveDataRequest() && $request->getSessionData($savedDataRequestKey) !== false) { $dataRequest = unserialize($request->getSessionData($savedDataRequestKey)); } // Check if the data request is valid if ($dataRequest === false) { $dataRequest = new DataRequest(1, $numberOfEntries, $sortBy, $sortByDirection); } // Save the data request to the session if needed if ($table->shouldSaveDataRequest()) { $request->setSessionData($savedDataRequestKey, serialize($dataRequest)); } return $dataRequest; }