From df29b33c543e761460094947309963eda0b2bb4c Mon Sep 17 00:00:00 2001
From: "Bruno O. Notario" <bruno@exacti.com.br>
Date: Sun, 15 Aug 2021 03:49:45 -0300
Subject: [PATCH] Autoload, Controller and session changes

Autoload Phacil system classes, controller with auto registry on construct, login class changes, login interface, session redis key regenerated support for session ID, sessions improvement, System loadengine not need any more on glob autoload.php files.
---
 system/engine/autoload.php        | 20 +++++++-
 system/engine/controller.php      | 11 +++-
 system/login/autoload.php         | 68 ++++++++++++-------------
 system/login/interfaces/login.php | 24 +++++++++
 system/session/autoload.php       | 85 +++++++++++++++++++++++--------
 5 files changed, 151 insertions(+), 57 deletions(-)
 create mode 100644 system/login/interfaces/login.php

diff --git a/system/engine/autoload.php b/system/engine/autoload.php
index 571ca2a..cbbf3d2 100644
--- a/system/engine/autoload.php
+++ b/system/engine/autoload.php
@@ -97,9 +97,9 @@ spl_autoload_register(function ($class) {
 		}
 	}
 
-	$value = DIR_SYSTEM . $classNative.'/autoload.php';
+	$value = DIR_SYSTEM . str_replace('\\', "/", $classNative) .'/autoload.php';
 
-	if($namespace[0] == "Phacil" && in_array($value, $this->dirs)){
+	if($namespace[0] == "Phacil" && file_exists($value)){
 		try {
 			if(is_readable($value)) {
 				require_once $value;
@@ -114,6 +114,22 @@ spl_autoload_register(function ($class) {
 		}
 	}
 
+	$value = DIR_SYSTEM . str_replace('\\', "/", $classNative) . '.php';
+
+	if ($namespace[0] == "Phacil" && file_exists($value) ) {
+		try {
+			if (is_readable($value)) {
+				require_once $value;
+				return;
+			} else {
+				throw new \Exception("I can't load '$value' file! Please check system permissions.");
+			}
+		} catch (\Exception $e) {
+			$log = new \Phacil\Framework\Log("exception.log");
+			$log->write($class . ' not loaded!');
+			exit($e->getMessage());
+		}
+	}
 	
 	if(file_exists($tryMagicOne = DIR_APP_MODULAR. implode("/", $namespace).".php")){
 		try {
diff --git a/system/engine/controller.php b/system/engine/controller.php
index 31a778f..53469b5 100644
--- a/system/engine/controller.php
+++ b/system/engine/controller.php
@@ -108,7 +108,16 @@ abstract class Controller {
      * @param \Phacil\Framework\Registry $registry 
      * @return void 
      */
-    public function __construct(\Phacil\Framework\Registry $registry) {
+    public function __construct(\Phacil\Framework\Registry $registry = null) {
+        if (!$registry) {
+
+            /**
+             * @global \Phacil\Framework\startEngineExacTI $engine
+             */
+            global $engine;
+
+            $registry = $engine->registry;
+        }
         $this->registry = $registry;
     }
 
diff --git a/system/login/autoload.php b/system/login/autoload.php
index 450bf10..fa79b38 100644
--- a/system/login/autoload.php
+++ b/system/login/autoload.php
@@ -1,5 +1,4 @@
 <?php
-
 /*
  * Copyright © 2021 ExacTI Technology Solutions. All rights reserved.
  * GPLv3 General License.
@@ -10,7 +9,7 @@
 namespace Phacil\Framework;
 
 /** @package Phacil\Framework */
-class login {
+class Login implements \Phacil\Framework\Login\Interfaces\Login {
 	
 	/**
 	 * 
@@ -26,47 +25,45 @@ class login {
 
 	/**
 	 * 
-	 * @var Request
-	 */
-	private $request = '';
-
-	/**
-	 * 
-	 * @var Session
+	 * @var \Phacil\Framework\Registry|null
 	 */
-	private $session;
+	private $engine = null;
 	
 	/**
 	 * @param array $authorizedUsers 
 	 * @return void 
 	 */
-	public function __construct($authorizedUsers){
+	public function __construct($authorizedUsers, \Phacil\Framework\Registry $registry = null){
 		$this->MM_authorizedUsers = $authorizedUsers;
-		$this->request = new Request();
-		$this->session = new Session();
+		if(!$registry){
+			global $engine;
+			$registry =& $engine->registry;
+		}
+		$this->engine =& $registry;
 		
 	}
 
-	// *** Restrict Access To Page: Grant or deny access to this page
 	/**
-	 * @param mixed $strUsers 
-	 * @param mixed $strGroups 
-	 * @param mixed $UserName 
-	 * @param mixed $UserGroup 
+	 * Restrict Access To Page: Grant or deny access to this page
+	 * 
+	 * @param string $strUsers 
+	 * @param string $strGroups 
+	 * @param string $UserName 
+	 * @param string $UserGroup 
 	 * @return bool 
 	 */
 	public function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
 		
 		// For security, start by assuming the visitor is NOT authorized. 
-		$isValid = False; 
+		$isValid = false; 
 		
 		// When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
 		// Therefore, we know that a user is NOT logged in if that Session variable is blank. 
 		if (!empty($UserName)) { 
 			// Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
 			// Parse the strings into arrays. 
-			$arrUsers = Explode(",", $strUsers); 
-			$arrGroups = Explode(",", $strGroups); 
+			$arrUsers = explode(",", $strUsers); 
+			$arrGroups = explode(",", $strGroups); 
 			if (in_array($UserName, $arrUsers)) {
 				$isValid = true; 
 			} 
@@ -74,27 +71,27 @@ class login {
 			if (in_array($UserGroup, $arrGroups)) { 
 				$isValid = true; 
 			} 
-			if (($strUsers == "") && false) { 
+			/* if (($strUsers == "") && false) { 
 				$isValid = true; 
-			} 
+			}  */
 		} 
 		return $isValid; 
 	}
 
 	/**
-	 * @param mixed $restrictGoTo 
+	 * @param string $restrictGoTo 
 	 * @return void 
 	 */
 	public function check($restrictGoTo) {
 				
 		$MM_restrictGoTo = $restrictGoTo;
 		
-		if (!((isset($this->session->data['MM_Username'])) && ($this->isAuthorized("",$this->MM_authorizedUsers, $this->session->data['MM_Username'], $this->session->data['MM_UserGroup'])))) {
+		if (!((isset($this->engine->session->data['MM_Username'])) && ($this->isAuthorized("",$this->MM_authorizedUsers, $this->engine->session->data['MM_Username'], $this->engine->session->data['MM_UserGroup'])))) {
 			$MM_qsChar = "?";
-			$MM_referrer = $this->request->server['PHP_SELF'];
+			$MM_referrer = $this->engine->request->server['PHP_SELF'];
 			if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
-			if (isset($this->request->server['QUERY_STRING']) && strlen($this->request->server['QUERY_STRING']) > 0) 
-				$MM_referrer .= "?" . $this->request->server['QUERY_STRING'];
+			if (isset($this->engine->request->server['QUERY_STRING']) && strlen($this->engine->request->server['QUERY_STRING']) > 0) 
+				$MM_referrer .= "?" . $this->engine->request->server['QUERY_STRING'];
 			$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
 			header("Location: ". $MM_restrictGoTo); 
 			exit;
@@ -103,24 +100,27 @@ class login {
 	
 	/** @return bool  */
 	public function isLogged () {
-		$lgged = $this->isAuthorized("",$this->MM_authorizedUsers, $this->session->data['MM_Username'], $this->session->data['MM_UserGroup']);
+		$lgged = $this->isAuthorized("",$this->MM_authorizedUsers, $this->engine->session->data['MM_Username'], $this->engine->session->data['MM_UserGroup']);
 		
 		return($lgged);
 	}
 	
 	/** @return void  */
 	public function logout() {
-		unset($this->session->data['user_id']);
-	
-		$this->user_id = '';
-		$this->username = '';
+		unset($this->engine->session->data['MM_Username']);
+		unset($this->engine->session->data['MM_UserGroup']);
 		
 		session_destroy();
   	}
 	
 	/** @return string  */
 	public function getUserName() {
-    	return $this->session->data['MM_Username'];
+    	return $this->engine->session->data['MM_Username'];
+  	}
+
+	/** @return string  */
+	public function getUserGroup() {
+    	return $this->engine->session->data['MM_UserGroup'];
   	}
 	
 }
\ No newline at end of file
diff --git a/system/login/interfaces/login.php b/system/login/interfaces/login.php
new file mode 100644
index 0000000..c6a3681
--- /dev/null
+++ b/system/login/interfaces/login.php
@@ -0,0 +1,24 @@
+<?php
+/*
+ * Copyright © 2021 ExacTI Technology Solutions. All rights reserved.
+ * GPLv3 General License.
+ * https://exacti.com.br
+ * Phacil PHP Framework - https://github.com/exacti/phacil-framework
+ */
+
+namespace Phacil\Framework\Login\Interfaces;
+
+interface Login
+{
+	public function __construct($authorizedUsers, \Phacil\Framework\Registry $registry = null);
+
+	public function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup);
+
+	public function check($restrictGoTo);
+
+	public function isLogged();
+
+	public function logout();
+
+	public function getUserName();
+}
\ No newline at end of file
diff --git a/system/session/autoload.php b/system/session/autoload.php
index d9bee73..1baffda 100644
--- a/system/session/autoload.php
+++ b/system/session/autoload.php
@@ -25,7 +25,8 @@ use Phacil\Framework\Credis;
  * @since 1.0.0
  * @package Phacil\Framework 
  */
-final class Session {
+final class Session
+{
     /**
      * 
      * @var array
@@ -71,7 +72,7 @@ final class Session {
      */
     public function __construct($redis = false, $redisDSN = null, $redisPort = null, $redisPass = null, $redis_expire = null, $redis_prefix = 'phacil_')
     {
-        $this->name = ((defined('SESSION_PREFIX')) ? SESSION_PREFIX : 'SESS').(isset($_SERVER['REMOTE_ADDR']) ? md5($_SERVER['REMOTE_ADDR']) : md5(date("dmY")));
+        $this->name = ((defined('SESSION_PREFIX')) ? SESSION_PREFIX : 'SESS') . (isset($_SERVER['REMOTE_ADDR']) ? md5($_SERVER['REMOTE_ADDR']) : md5(date("dmY")));
 
         if (!session_id()) {
             $this->openSession();
@@ -79,13 +80,12 @@ final class Session {
 
         $this->redis($redis, $redisDSN, $redisPort, $redisPass, $redis_expire, $redis_prefix);
 
-        if(session_name() === $this->name) {
+        if (session_name() === $this->name) {
             $this->data =& $_SESSION;
-        }else {
+        } else {
             $this->openSession();
             $this->data =& $_SESSION;
         }
-
     }
 
     /** 
@@ -93,21 +93,21 @@ final class Session {
      * 
      * @return void  
      */
-    private function openSession() {
+    private function openSession()
+    {
 
         $this->closeSession();
 
         ini_set('session.use_cookies', 'On');
         ini_set('session.use_trans_sid', 'Off');
         ini_set('session.cookie_httponly', 1);
-        if($this->isSecure())
+        if ($this->isSecure())
             ini_set('session.cookie_secure', 1);
 
         session_set_cookie_params(0, '/');
         //session_id(md5());
         session_name($this->name);
         session_start();
-
     }
 
     /**
@@ -123,14 +123,15 @@ final class Session {
      * @since 2.0.0
      * @return false|Credis 
      */
-    private function redis($redis = false, $redisDSN = null, $redisPort = null, $redisPass = null, $redis_expire = null, $redis_prefix = 'phacil_'){
+    private function redis($redis = false, $redisDSN = null, $redisPort = null, $redisPass = null, $redis_expire = null, $redis_prefix = 'phacil_')
+    {
 
-        if(!$redis)
+        if (!$redis)
             return false;
-        
-        $this->redisExpire = ($redis_expire) ?: session_cache_expire()*60;
+
+        $this->redisExpire = ($redis_expire) ?: session_cache_expire() * 60;
         $this->redisPrefix = ($redis_prefix) ?: 'phacil_';
-        $this->redisKey = $this->redisPrefix.session_name().session_id();
+        $this->generateRedisKey();
 
         /**
          * Instanciate the Credis object
@@ -144,18 +145,32 @@ final class Session {
         return $this->redis;
     }
 
+    /** 
+     * Generate the Redis Session KEY
+     * 
+     * @return void  
+     */
+    private function generateRedisKey()
+    {
+        if (session_id())
+            $this->redisKey = $this->redisPrefix . session_name() . session_id();
+
+        return $this->redisKey;
+    }
+
     /**
      * Close sessions
      * 
      * @param bool $force 
      * @return void 
      */
-    private function closeSession($force = false) {
+    private function closeSession($force = false)
+    {
         if (session_status() == PHP_SESSION_ACTIVE || $force) {
             session_unset();
             session_destroy();
         }
-        if($this->redis && $force){
+        if ($this->redis && $force) {
             $this->redis->close();
             unset($this->redis);
         }
@@ -165,7 +180,8 @@ final class Session {
      * Check if is secure (SSL) connection
      * @return bool  
      */
-    private function isSecure() {
+    private function isSecure()
+    {
         return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443;
     }
 
@@ -176,9 +192,11 @@ final class Session {
      */
     public function __destruct()
     {
-        if($this->redis){
+        if ($this->redis) {
+            $this->generateRedisKey();
+
             $this->redis->set($this->redisKey, serialize($_SESSION));
-            
+
             $this->redis->expire($this->redisKey, ($this->redisExpire));
         }
     }
@@ -188,10 +206,37 @@ final class Session {
      * @return void 
      * @since 2.0.0
      */
-    public function flushAll(){
-        if($this->redis){
+    public function flushAll()
+    {
+        $this->data = [];
+        if ($this->redis) {
             ($this->redis->flushAll());
         }
         $this->closeSession(true);
     }
+
+    /**
+     * Flush current session data
+     * @return void 
+     * @since 2.0.0
+     */
+    public function flush()
+    {
+        $this->data = [];
+        if ($this->redis) {
+            ($this->redis->del($this->generateRedisKey()));
+        }
+        $this->closeSession(true);
+    }
+
+    /**
+     * Return the current session ID
+     * 
+     * @since 2.0.0
+     * @return string|false 
+     */
+    public function getSessionId()
+    {
+        return session_id();
+    }
 }