Rev 974 | Rev 1086 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
557 | daniel-mar | 1 | <?php |
2 | |||
3 | /* |
||
4 | * OIDplus 2.0 |
||
5 | * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft |
||
6 | * |
||
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
8 | * you may not use this file except in compliance with the License. |
||
9 | * You may obtain a copy of the License at |
||
10 | * |
||
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
12 | * |
||
13 | * Unless required by applicable law or agreed to in writing, software |
||
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
16 | * See the License for the specific language governing permissions and |
||
17 | * limitations under the License. |
||
18 | */ |
||
19 | |||
1050 | daniel-mar | 20 | namespace ViaThinkSoft\OIDplus; |
557 | daniel-mar | 21 | |
730 | daniel-mar | 22 | class OIDplusCookieUtils extends OIDplusBaseClass { |
557 | daniel-mar | 23 | |
24 | public function unsetcookie($name) { |
||
25 | $this->setcookie($name, '', time()-9999, true); |
||
26 | } |
||
27 | |||
812 | daniel-mar | 28 | private function getCookieDomain() { |
29 | $default_domain = ''; // ini_get('session.cookie_domain'); |
||
30 | $domain = OIDplus::baseConfig()->getValue('COOKIE_DOMAIN', $default_domain); |
||
31 | if ($domain === '(auto)') { |
||
816 | daniel-mar | 32 | $tmp = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE/*_CANONICAL*/); |
812 | daniel-mar | 33 | if ($tmp === false) return $default_domain; |
34 | $tmp = parse_url($tmp); |
||
35 | if ($tmp === false) return $default_domain; |
||
36 | if (!isset($tmp['host'])) return $default_domain; |
||
37 | $domain = $tmp['host']; |
||
38 | } |
||
39 | return $domain; |
||
40 | } |
||
806 | daniel-mar | 41 | |
812 | daniel-mar | 42 | private function getCookiePath() { |
43 | $default_path = '/'; // ini_get('session.cookie_path'); |
||
44 | $path = OIDplus::baseConfig()->getValue('COOKIE_PATH', $default_path); |
||
45 | if ($path === '(auto)') { |
||
816 | daniel-mar | 46 | $tmp = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE/*_CANONICAL*/); |
812 | daniel-mar | 47 | if ($tmp === false) return $default_path; |
48 | $tmp = parse_url($tmp); |
||
49 | if ($tmp === false) return $default_path; |
||
50 | if (!isset($tmp['path'])) return $default_path; |
||
51 | $path = $tmp['path']; |
||
808 | daniel-mar | 52 | |
812 | daniel-mar | 53 | // Alternatively: |
54 | //$path = OIDplus::webpath(null,OIDplus::PATH_RELATIVE_TO_ROOT_CANONICAL); |
||
55 | //if ($path === false) return $default_path; |
||
56 | } |
||
57 | return $path; |
||
58 | } |
||
557 | daniel-mar | 59 | |
847 | daniel-mar | 60 | // TODO: There are several PHPSESSID cookies set. That's not very nice. We should collect the cookies and then at script ending only send the last definition one time. |
974 | daniel-mar | 61 | public function setcookie($name, $value, $expires=0, $allowJS=false, $samesite=null, $forceInsecure=false) { |
812 | daniel-mar | 62 | $domain = $this->getCookieDomain(); |
63 | $path = $this->getCookiePath(); |
||
974 | daniel-mar | 64 | $secure = $forceInsecure ? false : OIDplus::isSSL(); |
557 | daniel-mar | 65 | $httponly = !$allowJS; |
564 | daniel-mar | 66 | if (is_null($samesite)) { |
67 | $samesite = OIDplus::baseConfig()->getValue('COOKIE_SAMESITE_POLICY', 'Strict'); |
||
68 | } |
||
557 | daniel-mar | 69 | |
70 | if (strnatcmp(phpversion(),'7.3.0') >= 0) { |
||
71 | $options = array( |
||
72 | "expires" => $expires, |
||
73 | "path" => $path, |
||
74 | "domain" => $domain, |
||
75 | "secure" => $secure, |
||
76 | "httponly" => $httponly, |
||
77 | "samesite" => $samesite |
||
78 | ); |
||
79 | setcookie($name, $value, $options); |
||
80 | } else { |
||
81 | setcookie($name, $value, $expires, $path.'; samesite='.$samesite, $domain, $secure, $httponly); |
||
82 | } |
||
83 | } |
||
84 | |||
85 | } |