PHP Classes

File: examples/index.php

Recommend this page to a friend!
  Classes of Seth Carter   Secure Session Extended   examples/index.php   Download  
File: examples/index.php
Role: Example script
Content type: text/plain
Description: Checking a logged in user's fingerprint with error handling
Class: Secure Session Extended
Prevent session hijacking and fixation attacks
Author: By
Last change: Updated require file name
Date: 12 years ago
Size: 2,550 bytes


Class file image Download

// include either the PHP4 or PHP5 class

// Initialising this class calls session_start() for you and sets the session lifetime to an hour
// Example: $Session = new SecureSession;
// Start the class with all default parameters (1 hour session life, sha256 encryption for fingerprint (if possible),
// utilise 3 blocks of the IP address

// Alternatively, pass arguments to the constructor method to change the defaults:
// Example: $Session = new SecureSession(3600, "my secure words", true, 2);

// All arguments are optional, you may bypass the lifetime argument by passing null as the value, this will
// keep the script operating at the default lifetime of 1 hour
// Example: $Session = new SecureSession(null, "loremipsum", false);

$Session = new SecureSession;

if (isset(
$_SESSION['LoggedIn'])) { // If sensitive session info / login is claimed, begin checking

    // $Session->AnalyseFingerPrint() tests the finger print stored in the session against a new request
    // The function returns true if the prints match, false otherwise.
    // Optionally you can pass a variable name as the argument of the method, this will receive a copy
    // of the verification check results which you can examine to serve up different error messages

    //** IMPORTANT **//
    // This argument is passed by reference with a default value of null, in PHP5 this argument is optional
    // and can be ommitted, PHP4 however requires you to supply a variable name as the argument as it doesn't
    // like function arguments with a default value of null that are passed by reference.

if ($Session->AnalyseFingerPrint($Analysis) === true) {

"Fingerprints verified - You're logged in";

    } else {
// $Session->AnalyseFingerPrint() returned false, so kill the session and optionally throw error

$Session->Destroy(); // This method resets the $_SESSION array, removes the session cookies and destroys the session

        // Possible return values of $Analysis pass by reference var:

        // true - Fingerprint match OK, no problems.
        // false - A fingerprint was stored in the session, but doesnt match a new request
        // null - No fingerprint variable was stored in the user's session to check

        // Example of using $Analysis var to serve up different errors, redirects etc

echo "We kicked you out the site because you're an ";
        echo (
$Analysis === false) ? "Imposter - Your fingerprints don't match" : "Infiltrator - You have no finger prints";