From d3f0c90272304d7621f7846fb2b2940f9e97bb89 Mon Sep 17 00:00:00 2001 From: Yasen Pramatarov Date: Sun, 13 Apr 2025 19:11:52 +0300 Subject: [PATCH] Removes code duplicating with session class --- app/includes/session_middleware.php | 99 +++++------------------------ 1 file changed, 17 insertions(+), 82 deletions(-) diff --git a/app/includes/session_middleware.php b/app/includes/session_middleware.php index 339484a..52ba92a 100644 --- a/app/includes/session_middleware.php +++ b/app/includes/session_middleware.php @@ -4,94 +4,29 @@ * Session Middleware * * Validates session status and handles session timeout. - * This middleware should be included in all protected pages. + * If session is invalid, redirects to login page. */ -function applySessionMiddleware($config, $app_root) { - $isTest = defined('PHPUNIT_RUNNING'); +function applySessionMiddleware($config, $app_root, $isTest = false) { + // Start session if not already started + if (session_status() !== PHP_SESSION_ACTIVE) { + Session::startSession(); + } - // Access $_SESSION directly in test mode - if (!$isTest) { - // Start session if not already started - if (session_status() !== PHP_SESSION_ACTIVE && !headers_sent()) { - session_start([ - 'cookie_httponly' => 1, - 'cookie_secure' => 1, - 'cookie_samesite' => 'Strict', - 'gc_maxlifetime' => 7200 // 2 hours - ]); + // Check session validity + if (!Session::isValidSession()) { + // Session invalid, clean up and redirect + Session::cleanup($config); + + // Flash session timeout message + Feedback::flash('LOGIN', 'SESSION_TIMEOUT'); + + if (!$isTest) { + header('Location: ' . $app_root . '?page=login'); + exit(); } - } - - // Check if user is logged in with all required session variables - if (!isset($_SESSION['user_id']) || !isset($_SESSION['username'])) { - cleanupSession($config, $app_root, $isTest); return false; } - // Check session timeout - $session_timeout = isset($_SESSION['REMEMBER_ME']) ? (30 * 24 * 60 * 60) : 7200; // 30 days or 2 hours - if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $session_timeout)) { - // Session has expired - cleanupSession($config, $app_root, $isTest); - return false; - } - - // Update last activity time - $_SESSION['LAST_ACTIVITY'] = time(); - - // Regenerate session ID periodically (every 30 minutes) - if (!isset($_SESSION['CREATED'])) { - $_SESSION['CREATED'] = time(); - } else if (time() - $_SESSION['CREATED'] > 1800) { - // Regenerate session ID and update creation time - if (!$isTest && !headers_sent() && session_status() === PHP_SESSION_ACTIVE) { - $oldData = $_SESSION; - session_regenerate_id(true); - $_SESSION = $oldData; - $_SESSION['CREATED'] = time(); - } - } - return true; } - -/** - * Helper function to clean up session data and redirect - */ -function cleanupSession($config, $app_root, $isTest) { - // Always clear session data - $_SESSION = array(); - - if (!$isTest) { - if (session_status() === PHP_SESSION_ACTIVE) { - session_unset(); - session_destroy(); - - // Start a new session to prevent errors - if (!headers_sent()) { - session_start([ - 'cookie_httponly' => 1, - 'cookie_secure' => 1, - 'cookie_samesite' => 'Strict', - 'gc_maxlifetime' => 7200 - ]); - } - } - - // Clear cookies - if (!headers_sent()) { - setcookie('username', '', [ - 'expires' => time() - 3600, - 'path' => $config['folder'], - 'domain' => $config['domain'], - 'secure' => isset($_SERVER['HTTPS']), - 'httponly' => true, - 'samesite' => 'Strict' - ]); - } - - header('Location: ' . $app_root . '?page=login&timeout=1'); - exit(); - } -}