-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCookies.php
executable file
·179 lines (162 loc) · 4.35 KB
/
Cookies.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
<?php
declare(strict_types=1);
namespace MaplePHP\Http;
use MaplePHP\Http\Interfaces\CookiesInterface;
class Cookies implements CookiesInterface
{
//private $name;
//private $value;
//private $expires;
private $path;
private $domain;
private $secure;
private $httpOnly;
private $samesite;
/**
* Set Cookie
* @param string $path
* @param string $domain
* @param bool|boolean $secure
* @param bool|boolean $httpOnly
*/
public function __construct(
string $path = "/",
string $domain = "",
bool $secure = true,
bool $httpOnly = true
) {
$this->path = $path;
$this->domain = $domain;
$this->secure = $secure;
$this->httpOnly = $httpOnly;
}
/**
* Set cookie allowed path
* @param string $path URI Path
* @return self
*/
public function setPath(string $path): self
{
$this->path = $path;
return $this;
}
/**
* Set cookie allowed domain
* @param string $domain URI Path
* @return self
*/
public function setDomain(string $domain): self
{
$this->domain = $domain;
return $this;
}
/**
* Set cookie secure flag (HTTPS only: true)
* @param bool $secure URI Path true/false
* @return self
*/
public function setSecure(bool $secure): self
{
$this->secure = $secure;
return $this;
}
/**
* Set cookie http only flag. Cookie won't be accessible by scripting languages, such as JavaScript if true.
* Can effectively help to reduce identity theft through XSS attacks, Not supported in all browsers tho
* @param bool $httpOnly enable http only flag
* @return self
*/
public function sethttpOnly(bool $httpOnly): self
{
$this->httpOnly = $httpOnly;
return $this;
}
/**
* Set same site
* @param string $samesite
* @return self
*/
public function setSameSite(string $samesite): self
{
$samesite = ucfirst(strtolower($samesite));
if ($samesite !== "None" && $samesite !== "Lax" && $samesite !== "Strict") {
throw new \InvalidArgumentException("The argument needs to be one of (None, Lax or Strict)", 1);
}
$this->samesite = $samesite;
return $this;
}
/**
* Set cookie
* @param string $name
* @param mixed $value
* @param int $expires
* @return void
*/
public function set(string $name, string $value, int $expires, bool $force = false): void
{
if (version_compare(PHP_VERSION, '7.3.0') >= 0) {
setcookie($name, $value, $this->cookieOpt($expires));
} else {
setcookie($name, $value, $expires, $this->path, $this->domain, $this->secure, $this->httpOnly);
}
if ($force) {
$_COOKIE[$name] = $value;
}
}
/**
* Check is cookie exists
* @param string $name
* @return bool
*/
public function has(string $name): bool
{
return (isset($_COOKIE[$name]));
}
/**
* Get cookie
* @param string $name
* @param string|null $default
* @return string|null
*/
public function get(string $name, ?string $default = null): ?string
{
return ($_COOKIE[$name] ?? $default);
}
/**
* Delete Cookie
* @param string $name
* @return void
*/
public function delete(string $name): void
{
if ($this->has($name)) {
$this->set($name, "", time());
unset($_COOKIE[$name]);
}
}
/**
* Check if cookies settings in this instance has great enough security to save e.g. CSRF token.
* Can not be read or set in: frontend, cross domain or in http (only https)
* @return bool
*/
public function isSecure(): bool
{
return ($this->samesite === "Strict" && $this->secure && $this->httpOnly);
}
/**
* Set cookie options
* @param int $expires
* @return array
*/
private function cookieOpt(int $expires): array
{
return [
'expires' => $expires,
'path' => $this->path,
'domain' => $this->domain,
'secure' => $this->secure,
'httponly' => $this->httpOnly,
'samesite' => $this->samesite
];
}
}