PHP/Web
PHP/Web
2
0
Fork 0
Code

Compare commits

base: PHP:ce1d13e8626235a38dc540f7686a6b993d5d79c7
Branches Tags
PHP:main
..
compare: PHP:65bfec8078b8bd382b50b5d2e9ae236d23cecc1c
Branches Tags
PHP:main

No commits in common. "ce1d13e8626235a38dc540f7686a6b993d5d79c7" and "65bfec8078b8bd382b50b5d2e9ae236d23cecc1c" have entirely different histories.
ce1d13e862 ... 65bfec8078

7 changed files with 53 additions and 464 deletions
Show Stats Expand all files Collapse all files

6
Context.php
View File

@ -2,7 +2,6 @@
require_once __DIR__ . '/Session.php';
require_once __DIR__ . '/Validator.php';
require_once __DIR__ . '/Cookies.php';
/**
* Context holds the request, response, and shared state for a request
@ -12,20 +11,17 @@ class Context
public Request $request;
public Response $response;
public Session $session;
public Cookies $cookie;
public array $state = [];
/**
* __construct creates a new Context with request and response
*/
public function __construct(?Cookie $cookie = null)
public function __construct()
{
$this->request = new Request();
$this->response = new Response();
$this->session = new Session();
$this->session->start();
$this->cookie = $cookie ?: new Cookies();
$this->response->setCookieManager($this->cookie);
}
/**

240
Cookies.php
View File

@ -1,240 +0,0 @@
<?php
/**
* Cookie manager for consistent cookie handling
*/
class Cookies
{
private array $defaults;
public function __construct(array $defaults = [])
{
$this->defaults = array_merge([
'expires' => 0,
'path' => '/',
'domain' => '',
'secure' => false,
'httponly' => true,
'samesite' => 'Lax'
], $defaults);
}
/**
* Set a cookie
*/
public function set(string $name, string $value, array $options = []): bool
{
$options = array_merge($this->defaults, $options);
// Convert lifetime to expires timestamp if provided
if (isset($options['lifetime'])) {
$options['expires'] = time() + $options['lifetime'];
unset($options['lifetime']);
}
return setcookie($name, $value, $options);
}
/**
* Get a cookie value
*/
public function get(string $name, ?string $default = null): ?string
{
return $_COOKIE[$name] ?? $default;
}
/**
* Check if a cookie exists
*/
public function has(string $name): bool
{
return isset($_COOKIE[$name]);
}
/**
* Delete a cookie
*/
public function delete(string $name, array $options = []): bool
{
$options = array_merge($this->defaults, $options);
$options['expires'] = time() - 3600;
// Remove from $_COOKIE superglobal
unset($_COOKIE[$name]);
return setcookie($name, '', $options);
}
/**
* Set a cookie that expires when browser closes
*/
public function setSession(string $name, string $value, array $options = []): bool
{
$options['expires'] = 0;
return $this->set($name, $value, $options);
}
/**
* Set a cookie with specific lifetime in seconds
*/
public function setWithLifetime(string $name, string $value, int $lifetime, array $options = []): bool
{
$options['lifetime'] = $lifetime;
return $this->set($name, $value, $options);
}
/**
* Set a cookie that expires in specified days
*/
public function setForDays(string $name, string $value, int $days, array $options = []): bool
{
return $this->setWithLifetime($name, $value, $days * 86400, $options);
}
/**
* Set a cookie that expires in specified hours
*/
public function setForHours(string $name, string $value, int $hours, array $options = []): bool
{
return $this->setWithLifetime($name, $value, $hours * 3600, $options);
}
/**
* Set a cookie that expires in specified minutes
*/
public function setForMinutes(string $name, string $value, int $minutes, array $options = []): bool
{
return $this->setWithLifetime($name, $value, $minutes * 60, $options);
}
/**
* Set a forever cookie (5 years)
*/
public function forever(string $name, string $value, array $options = []): bool
{
return $this->setWithLifetime($name, $value, 157680000, $options); // 5 years
}
/**
* Get all cookies
*/
public function all(): array
{
return $_COOKIE;
}
/**
* Clear all cookies
*/
public function clear(): void
{
foreach ($_COOKIE as $name => $value) $this->delete($name);
}
/**
* Set default options
*/
public function setDefaults(array $defaults): void
{
$this->defaults = array_merge($this->defaults, $defaults);
}
/**
* Get default options
*/
public function getDefaults(): array
{
return $this->defaults;
}
/**
* Create a signed cookie value
*/
public function sign(string $value, string $secret): string
{
$signature = hash_hmac('sha256', $value, $secret);
return base64_encode($value . '|' . $signature);
}
/**
* Verify and extract signed cookie value
*/
public function verify(string $signedValue, string $secret): ?string
{
$decoded = base64_decode($signedValue);
if (!$decoded || !str_contains($decoded, '|')) return null;
[$value, $signature] = explode('|', $decoded, 2);
$expectedSignature = hash_hmac('sha256', $value, $secret);
if (!hash_equals($expectedSignature, $signature)) return null;
return $value;
}
/**
* Set a signed cookie
*/
public function setSigned(string $name, string $value, string $secret, array $options = []): bool
{
$signedValue = $this->sign($value, $secret);
return $this->set($name, $signedValue, $options);
}
/**
* Get and verify a signed cookie
*/
public function getSigned(string $name, string $secret, ?string $default = null): ?string
{
$signedValue = $this->get($name);
if ($signedValue === null) return $default;
$value = $this->verify($signedValue, $secret);
return $value !== null ? $value : $default;
}
/**
* Encrypt a cookie value
*/
public function encrypt(string $value, string $key): string
{
$iv = random_bytes(16);
$encrypted = openssl_encrypt($value, 'AES-256-CBC', $key, 0, $iv);
return base64_encode($iv . '|' . $encrypted);
}
/**
* Decrypt a cookie value
*/
public function decrypt(string $encryptedValue, string $key): ?string
{
$decoded = base64_decode($encryptedValue);
if (!$decoded || !str_contains($decoded, '|')) return null;
[$iv, $encrypted] = explode('|', $decoded, 2);
$decrypted = openssl_decrypt($encrypted, 'AES-256-CBC', $key, 0, $iv);
return $decrypted !== false ? $decrypted : null;
}
/**
* Set an encrypted cookie
*/
public function setEncrypted(string $name, string $value, string $key, array $options = []): bool
{
$encryptedValue = $this->encrypt($value, $key);
return $this->set($name, $encryptedValue, $options);
}
/**
* Get and decrypt a cookie
*/
public function getEncrypted(string $name, string $key, ?string $default = null): ?string
{
$encryptedValue = $this->get($name);
if ($encryptedValue === null) return $default;
$value = $this->decrypt($encryptedValue, $key);
return $value !== null ? $value : $default;
}
}

139
EXAMPLES.md
View File

@ -312,139 +312,6 @@ $session->clear(); // Clear data but keep session active
$all = $session->all(); // Get all session data
```
## Cookies Examples
```php
// Cookie management is automatically available through Context
$context->cookie; // Access the Cookies instance
// Basic cookie operations
$context->cookie->set('name', 'value'); // Session cookie
$context->cookie->get('name', 'default'); // Get cookie value
$context->cookie->has('name'); // Check if cookie exists
$context->cookie->delete('name'); // Delete cookie
// Cookie with specific lifetime
$context->cookie->setForDays('remember_me', 'token', 30); // 30 days
$context->cookie->setForHours('temp_data', 'value', 2); // 2 hours
$context->cookie->setForMinutes('flash', 'quick', 5); // 5 minutes
$context->cookie->forever('permanent', 'value'); // 5 years
// Session cookie (expires when browser closes)
$context->cookie->setSession('session_data', 'value');
// Custom lifetime in seconds
$context->cookie->setWithLifetime('custom', 'value', 7200); // 2 hours
// Cookie with options
$context->cookie->set('secure_cookie', 'value', [
'expires' => time() + 3600,
'path' => '/admin',
'domain' => '.example.com',
'secure' => true,
'httponly' => true,
'samesite' => 'Strict'
]);
// Signed cookies (integrity verification)
$secret = 'your-secret-key';
$context->cookie->setSigned('signed_data', 'sensitive', $secret);
$value = $context->cookie->getSigned('signed_data', $secret); // Returns null if tampered
// Encrypted cookies (for sensitive data)
$key = 'your-encryption-key-32-chars-long!!';
$context->cookie->setEncrypted('encrypted_data', 'very_sensitive', $key);
$value = $context->cookie->getEncrypted('encrypted_data', $key); // Returns null if corrupted
// Get all cookies
$allCookies = $context->cookie->all();
// Clear all cookies
$context->cookie->clear();
// Configure cookie defaults for the application
$app = new Web(debug: true, cookieDefaults: [
'path' => '/',
'domain' => '.example.com',
'secure' => true,
'httponly' => true,
'samesite' => 'Lax'
]);
// Or set defaults later
$context->cookie->setDefaults([
'secure' => true,
'httponly' => true
]);
// Using cookies in route handlers
$app->get('/set-preference', function(Context $context) {
$theme = $context->query('theme', 'light');
$context->cookie->setForDays('user_theme', $theme, 365);
return ['message' => 'Theme preference saved'];
});
$app->get('/get-preference', function(Context $context) {
$theme = $context->cookie->get('user_theme', 'light');
return ['theme' => $theme];
});
// Using cookies with authentication
$app->post('/login', function(Context $context) use ($auth) {
// ... validate credentials ...
if ($context->input('remember')) {
// Auth class uses Cookies internally for remember tokens
$auth->login($userData, true);
} else {
$auth->login($userData, false);
}
// Set additional preference cookies
$context->cookie->setForDays('last_login', date('Y-m-d'), 30);
return ['message' => 'Logged in successfully'];
});
// Tracking with signed cookies
$app->use(function(Context $context, callable $next) {
$secret = 'tracking-secret';
$visitCount = (int)$context->cookie->getSigned('visit_count', $secret, '0');
$visitCount++;
$context->cookie->setSigned('visit_count', (string)$visitCount, $secret);
$context->set('visit_count', $visitCount);
$next();
});
// Storing user preferences securely
$app->post('/preferences', function(Context $context) {
$preferences = $context->only(['theme', 'language', 'timezone']);
$key = 'encryption-key-must-be-32-chars!';
// Store encrypted preferences
$context->cookie->setEncrypted(
'user_prefs',
json_encode($preferences),
$key,
['expires' => time() + 31536000] // 1 year
);
return ['message' => 'Preferences saved securely'];
});
$app->get('/preferences', function(Context $context) {
$key = 'encryption-key-must-be-32-chars!';
$encrypted = $context->cookie->getEncrypted('user_prefs', $key);
if ($encrypted) {
$preferences = json_decode($encrypted, true);
return ['preferences' => $preferences];
}
return ['preferences' => null];
});
```
## Validation Examples
```php
@ -479,10 +346,10 @@ Validator::extend('custom', function($value, $parameters, $data) {
## Authentication Examples
```php
// Auth automatically uses Cookies for remember tokens
$auth = new Auth($session, $context->cookie, [
$auth = new Auth($session, [
'cookie_name' => 'remember_token',
'cookie_lifetime' => 2592000 // 30 days
'cookie_lifetime' => 2592000, // 30 days
'cookie_secure' => true
]);
// Authentication

34
README.md
View File

@ -68,15 +68,6 @@ Session management with security features.
- CSRF token generation and validation
- Session lifecycle management
### Cookies
Comprehensive cookie management with security features.
- Consistent cookie handling across the application
- Convenient lifetime methods (sessions, days, hours, minutes)
- Signed cookies for integrity verification
- Encrypted cookies for sensitive data
- Configurable defaults for all cookie operations
- Automatic integration with Context and Response
### Validator
Input validation with 20+ built-in rules.
- Chainable validation rules (`required|email|min:6`)
@ -109,7 +100,7 @@ Comprehensive error and exception handling.
### Web Class
```php
new Web(bool $debug = false, array $cookieDefaults = [])
new Web(bool $debug = false)
use(callable $middleware): self
get|post|put|patch|delete|head(string $route, callable $handler): self
group(string $prefix, callable $callback): self
@ -159,30 +150,9 @@ validateRequest(array $rules, array $messages = []): Validator
### Validator Rules
`required`, `email`, `url`, `alpha`, `alphaNum`, `numeric`, `integer`, `float`, `boolean`, `array`, `json`, `date`, `min:n`, `max:n`, `between:min,max`, `length:n`, `in:a,b,c`, `notIn:a,b,c`, `regex:/pattern/`, `confirmed`, `unique:table,column`, `exists:table,column`
### Cookies Class
```php
new Cookies(array $defaults = [])
set(string $name, string $value, array $options = []): bool
get(string $name, ?string $default = null): ?string
has(string $name): bool
delete(string $name, array $options = []): bool
setSession(string $name, string $value, array $options = []): bool
setWithLifetime(string $name, string $value, int $lifetime, array $options = []): bool
setForDays(string $name, string $value, int $days, array $options = []): bool
setForHours(string $name, string $value, int $hours, array $options = []): bool
setForMinutes(string $name, string $value, int $minutes, array $options = []): bool
forever(string $name, string $value, array $options = []): bool
all(): array
clear(): void
setSigned(string $name, string $value, string $secret, array $options = []): bool
getSigned(string $name, string $secret, ?string $default = null): ?string
setEncrypted(string $name, string $value, string $key, array $options = []): bool
getEncrypted(string $name, string $key, ?string $default = null): ?string
```
### Auth Class
```php
new Auth(Session $session, ?Cookies $cookies = null, array $config = [])
new Auth(Session $session, array $config = [])
login(array $userData, bool $remember = false): void
logout(): void
check(): bool

49
Response.php
View File

@ -1,7 +1,5 @@
<?php
require_once __DIR__ . '/Cookies.php';
/**
* Response class represents an HTTP response
*/
@ -11,16 +9,6 @@ class Response
private array $headers = [];
private string $body = '';
private bool $sent = false;
private ?Cookies $cookie = null;
/**
* Set the cookie manager for this response
*/
public function setCookieManager(Cookies $cookie): Response
{
$this->cookie = $cookie;
return $this;
}
/**
* Set the HTTP status code for the response
@ -88,28 +76,23 @@ class Response
*/
public function cookie(string $name, string $value, array $options = []): Response
{
if ($this->cookie) {
$this->cookie->set($name, $value, $options);
} else {
// Fallback to direct setcookie if no Cookie manager is set
$options = array_merge([
'expires' => 0,
'path' => '/',
'domain' => '',
'secure' => false,
'httponly' => true,
'samesite' => 'Lax'
], $options);
$options = array_merge([
'expires' => 0,
'path' => '/',
'domain' => '',
'secure' => false,
'httponly' => true,
'samesite' => 'Lax'
], $options);
setcookie($name, $value, [
'expires' => $options['expires'],
'path' => $options['path'],
'domain' => $options['domain'],
'secure' => $options['secure'],
'httponly' => $options['httponly'],
'samesite' => $options['samesite']
]);
}
setcookie($name, $value, [
'expires' => $options['expires'],
'path' => $options['path'],
'domain' => $options['domain'],
'secure' => $options['secure'],
'httponly' => $options['httponly'],
'samesite' => $options['samesite']
]);
return $this;
}

7
Web.php
View File

@ -6,7 +6,6 @@ require_once __DIR__ . '/Response.php';
require_once __DIR__ . '/Context.php';
require_once __DIR__ . '/Router.php';
require_once __DIR__ . '/ErrorHandler.php';
require_once __DIR__ . '/Cookies.php';
/**
* Web is the application controller itself
@ -17,13 +16,11 @@ class Web
private array $middleware = [];
private Context $context;
private ErrorHandler $errorHandler;
private Cookies $cookie;
public function __construct(bool $debug = false, array $cookieDefaults = [])
public function __construct(bool $debug = false)
{
$this->router = new Router();
$this->errorHandler = new ErrorHandler($debug);
$this->cookie = new Cookies($cookieDefaults);
}
public function use(callable $middleware): self
@ -121,7 +118,7 @@ class Web
public function run(): void
{
$this->context = new Context($this->cookie);
$this->context = new Context();
try {
$next = function() {

42
auth/Auth.php
View File

@ -2,7 +2,6 @@
require_once __DIR__ . '/User.php';
require_once __DIR__ . '/../Session.php';
require_once __DIR__ . '/../Cookies.php';
/**
* Simplified Auth handles user authentication with external verification
@ -10,7 +9,6 @@ require_once __DIR__ . '/../Cookies.php';
class Auth
{
private Session $session;
private Cookies $cookie;
private ?User $user = null;
private array $config;
@ -18,17 +16,17 @@ class Auth
const REMEMBER_COOKIE = 'remember_token';
const REMEMBER_DURATION = 2592000; // 30 days in seconds
public function __construct(Session $session, ?Cookie $cookie = null, array $config = [])
public function __construct(Session $session, array $config = [])
{
$this->session = $session;
$this->cookie = $cookie ?: new Cookies([
'path' => '/',
'httponly' => true,
'samesite' => 'Lax'
]);
$this->config = array_merge([
'cookie_name' => self::REMEMBER_COOKIE,
'cookie_lifetime' => self::REMEMBER_DURATION
'cookie_lifetime' => self::REMEMBER_DURATION,
'cookie_path' => '/',
'cookie_domain' => '',
'cookie_secure' => false,
'cookie_httponly' => true,
'cookie_samesite' => 'Lax'
], $config);
$this->initializeFromSession();
@ -178,10 +176,17 @@ class Auth
*/
private function setRememberCookie(string $value): void
{
$this->cookie->setWithLifetime(
setcookie(
$this->config['cookie_name'],
$value,
$this->config['cookie_lifetime']
[
'expires' => time() + $this->config['cookie_lifetime'],
'path' => $this->config['cookie_path'],
'domain' => $this->config['cookie_domain'],
'secure' => $this->config['cookie_secure'],
'httponly' => $this->config['cookie_httponly'],
'samesite' => $this->config['cookie_samesite']
]
);
}
@ -190,7 +195,18 @@ class Auth
*/
private function clearRememberCookie(): void
{
$this->cookie->delete($this->config['cookie_name']);
setcookie(
$this->config['cookie_name'],
'',
[
'expires' => time() - 3600,
'path' => $this->config['cookie_path'],
'domain' => $this->config['cookie_domain'],
'secure' => $this->config['cookie_secure'],
'httponly' => $this->config['cookie_httponly'],
'samesite' => $this->config['cookie_samesite']
]
);
}
/**
@ -198,7 +214,7 @@ class Auth
*/
private function getUserDataFromRememberCookie(): ?array
{
$cookie = $this->cookie->get($this->config['cookie_name']);
$cookie = $_COOKIE[$this->config['cookie_name']] ?? null;
if (!$cookie || !str_contains($cookie, '|')) return null;