From 425cf9b6f6bb9de59744d8fd041caafe832fcd94 Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 3 Nov 2017 08:33:41 +0100 Subject: [PATCH] Write to session fields directly instead of using accessor methods --- src/Auth.php | 81 ++++++---------------------------------------------- 1 file changed, 9 insertions(+), 72 deletions(-) diff --git a/src/Auth.php b/src/Auth.php index dfa1442..05c7658 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -484,14 +484,14 @@ final class Auth extends UserManager { // re-generate the session ID to prevent session fixation attacks (requests a cookie to be written on the client) Session::regenerate(true); - // save the user data in the session - $this->setLoggedIn(true); - $this->setUserId($userId); - $this->setEmail($email); - $this->setUsername($username); - $this->setStatus($status); - $this->setRoles($roles); - $this->setRemembered($remembered); + // save the user data in the session variables maintained by this library + $_SESSION[self::SESSION_FIELD_LOGGED_IN] = true; + $_SESSION[self::SESSION_FIELD_USER_ID] = (int) $userId; + $_SESSION[self::SESSION_FIELD_EMAIL] = $email; + $_SESSION[self::SESSION_FIELD_USERNAME] = $username; + $_SESSION[self::SESSION_FIELD_STATUS] = (int) $status; + $_SESSION[self::SESSION_FIELD_ROLES] = (int) $roles; + $_SESSION[self::SESSION_FIELD_REMEMBERED] = $remembered; } /** @@ -591,7 +591,7 @@ final class Auth extends UserManager { // if the user has just confirmed an email address for their own account if ($this->getUserId() === $confirmationData['user_id']) { // immediately update the email address in the current session as well - $this->setEmail($confirmationData['email']); + $_SESSION[self::SESSION_FIELD_EMAIL] = $confirmationData['email']; } } @@ -1318,15 +1318,6 @@ final class Auth extends UserManager { } } - /** - * Sets whether the user is currently logged in and updates the session - * - * @param bool $loggedIn whether the user is logged in or not - */ - private function setLoggedIn($loggedIn) { - $_SESSION[self::SESSION_FIELD_LOGGED_IN] = $loggedIn; - } - /** * Returns whether the user is currently logged in by reading from the session * @@ -1345,15 +1336,6 @@ final class Auth extends UserManager { return $this->isLoggedIn(); } - /** - * Sets the currently signed-in user's ID and updates the session - * - * @param int $userId the user's ID - */ - private function setUserId($userId) { - $_SESSION[self::SESSION_FIELD_USER_ID] = (int) $userId; - } - /** * Returns the currently signed-in user's ID by reading from the session * @@ -1377,15 +1359,6 @@ final class Auth extends UserManager { return $this->getUserId(); } - /** - * Sets the currently signed-in user's email address and updates the session - * - * @param string $email the email address - */ - private function setEmail($email) { - $_SESSION[self::SESSION_FIELD_EMAIL] = $email; - } - /** * Returns the currently signed-in user's email address by reading from the session * @@ -1400,15 +1373,6 @@ final class Auth extends UserManager { } } - /** - * Sets the currently signed-in user's display name and updates the session - * - * @param string $username the display name - */ - private function setUsername($username) { - $_SESSION[self::SESSION_FIELD_USERNAME] = $username; - } - /** * Returns the currently signed-in user's display name by reading from the session * @@ -1423,24 +1387,6 @@ final class Auth extends UserManager { } } - /** - * Sets the currently signed-in user's status and updates the session - * - * @param int $status the status as one of the constants from the {@see Status} class - */ - private function setStatus($status) { - $_SESSION[self::SESSION_FIELD_STATUS] = (int) $status; - } - - /** - * Sets the currently signed-in user's roles and updates the session - * - * @param int $roles the bitmask containing the roles - */ - private function setRoles($roles) { - $_SESSION[self::SESSION_FIELD_ROLES] = (int) $roles; - } - /** * Returns the currently signed-in user's status by reading from the session * @@ -1582,15 +1528,6 @@ final class Auth extends UserManager { return true; } - /** - * Sets whether the currently signed-in user has been remembered by a long-lived cookie - * - * @param bool $remembered whether the user was remembered - */ - private function setRemembered($remembered) { - $_SESSION[self::SESSION_FIELD_REMEMBERED] = $remembered; - } - /** * Returns whether the currently signed-in user has been remembered by a long-lived cookie *