Jump to content

How do you use 'Classes' in your code?


Go to solution Solved by rocky48,

Recommended Posts

I am trying to get to grips with secure sessions on a login page I am writting.

Doing some research on Google I found an article called 'How to Create Bulletproof Sessions.

The first thing the article was to write a class called SessionManager, which I called SessionManage.php

I include this file like so: 'include('includes/SessionManage.php');'

The class file:

class SessionManager
{
   static function sessionStart($name, $limit = 0, $path = '/', $domain = null, $secure = null)
   {
      // Set the cookie name before we start.
      session_name($name . '_Session');
      // Set the domain to default to the current domain.
      $domain = isset($domain) ? $domain : isset($_SERVER['SERVER_NAME']);
      // Set the default secure value to whether the site is being accessed with SSL
      $https = isset($secure) ? $secure : isset($_SERVER['HTTPS']);
      // Set the cookie settings and start the session
      session_set_cookie_params($limit, $path, $domain, $secure, true);
      session_start();
   }
}

The article says to use this in your code you type one of the following:

 

SessionManage::sessionStart('InstallationName');
SessionManage::sessionStart('Blog_myBlog', 0, '/myBlog/', 'www.site.com');
SessionManage::sessionStart('Accounts_Bank', 0, '/', 'accounts.bank.com', true);

I just used login as the installation name.

When I now run the code I get the following Fatal Error:

 

Fatal error: Uncaught Error: Class 'SessionManager' not found in D:\wamp\www\MFC1066\login.php on line 4

Error: Class 'SessionManager' not found in D:\wamp\www\MFC1066\login.php on line 4

Above the error information the complete code for the class file is printed.

I am obviously have not got the syntax correct, but searching the internet has not helped.

Can anybody point out where I am going wrong?

Link to comment
https://forums.phpfreaks.com/topic/302590-how-do-you-use-classes-in-your-code/
Share on other sites

I did wonder about that, so I tried it with the 'r' on the end.

Still gave an error!

 

Fatal error: Uncaught Error: Class 'SessionManager' not found in

Error: Class 'SessionManage' not found in D:\wamp\www\MFC1066\login.php on line 4

I assumed that it should have been SessionManager, as that was the name that was declared as the class.

 

These are the lines in login that call the class file:

include('includes/SessionManage.php');
SessionManager::sessionStart('login');
Edited by rocky48
  • Solution

I feel a right twit!

Such a basic mistake.

 

I didn't put the php tags around the class file.

The fact that the contents of the class file where printed out above the error should have made realise that it was not being parsed.

I'm not sure if those “bulletproof sessions” are worth the trouble. The class misses fundamental aspects of secure sessions, performs a lot of questionable checks and has some features that are downright user-hostile.

  • The author mentions the risk of an attacker guessing the ID, but for some reason he doesn't manage to actually fix that with strong randomness.
  • Session fixation is also mentioned, but again a crucial feature to prevent this (cookie-only sessions) just doesn't exist in the code.
  • It's sufficient to regenerate the session ID right after the log-in, yet large parts of the text and code deal with changing the ID on random requests and the problems that arise from that. This could be made a lot simpler.
  • Binding the session to an IP address and user agent may be well-meant, but it's extremely annoying for users who change those often (e. g. due to tools like Tor). You just cannot assume that everybody uses the Internet in the same way you do.
  • Nothing about secure log-outs. No code, no explaination.

Like many times, you'll probably get a lot more security through proper configuration rather than installing some third-party class. And maybe one day the PHP core developers will manage to design a session system that is secure by default and doesn't require us to write entire tutorials on fixing the current one.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.