XOOPS
2.6.0
Main Page
Related Pages
Classes
Files
Examples
File List
File Members
Security.php
Go to the documentation of this file.
1
<?php
2
/*
3
* You may not change or alter any portion of this comment or credits
4
* of supporting developers from this source code or any supporting source code
5
* which is considered copyrighted (c) material of the original comment or credit authors.
6
*
7
* This program is distributed in the hope that it will be useful,
8
* but WITHOUT ANY WARRANTY; without even the implied warranty of
9
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10
*/
11
12
namespace
Xoops\Core
;
13
26
class
Security
27
{
28
private
$errors
= array();
29
39
public
function
check
($clearIfValid =
true
, $token =
false
,
$name
=
'XOOPS_TOKEN'
)
40
{
41
return
$this->
validateToken
($token, $clearIfValid,
$name
);
42
}
43
52
public
function
createToken
($timeout = 300,
$name
=
'XOOPS_TOKEN'
)
53
{
54
$this->
garbageCollection
(
$name
);
55
$timeout = ($timeout <= 0) ? 300 : $timeout;
56
$token_id =
Random::generateOneTimeToken
();
57
// save token data on the server
58
if
(!isset(
$_SESSION
[
$name
.
'_SESSION'
])) {
59
$_SESSION
[$name .
'_SESSION'
] = array();
60
}
61
$token_data = array(
62
'id'
=> $token_id,
'expire'
=> time() + intval($timeout)
63
);
64
array_push(
$_SESSION
[$name .
'_SESSION'
], $token_data);
65
return
$token_id;
66
}
67
77
public
function
validateToken
($token =
false
, $clearIfValid =
true
,
$name
=
'XOOPS_TOKEN'
)
78
{
79
$ret =
false
;
80
$log = array();
81
$token = ($token !==
false
)
82
? $token
83
: (isset($_REQUEST[
$name
.
'_REQUEST'
]) ? $_REQUEST[$name .
'_REQUEST'
] :
''
);
84
if
(empty($token) || empty(
$_SESSION
[$name .
'_SESSION'
])) {
85
$str =
'No valid token found in request/session'
;
86
$this->
setErrors
($str);
87
$log[] = array(
'Token Validation'
, $str);
88
}
else
{
89
$token_data =&
$_SESSION
[$name .
'_SESSION'
];
90
if
(is_array($token_data)) {
91
foreach
(array_keys($token_data) as
$i
) {
92
if
($token === $token_data[$i][
'id'
]) {
93
if
($this->
filterToken
($token_data[$i])) {
94
if
($clearIfValid) {
95
// token should be valid once, so clear it once validated
96
unset($token_data[$i]);
97
}
98
$log[] = array(
'Token Validation'
,
'Valid token found'
);
99
$ret =
true
;
100
}
else
{
101
$str =
'Valid token expired'
;
102
$this->
setErrors
($str);
103
$log[] = array(
'Token Validation'
, $str);
104
}
105
}
106
}
107
}
108
if
(!$ret) {
109
$log[] = array(
'Token Validation'
,
'No valid token found'
);
110
}
111
$this->
garbageCollection
($name);
112
}
113
\Xoops::getInstance
()->preload()->triggerEvent(
'core.security.validatetoken.end'
, array($log));
114
return
$ret;
115
}
116
124
public
function
clearTokens
(
$name
=
'XOOPS_TOKEN'
)
125
{
126
$_SESSION
[
$name
.
'_SESSION'
] = array();
127
}
128
136
public
function
filterToken
($token)
137
{
138
return
(!empty($token[
'expire'
]) && $token[
'expire'
] >= time());
139
}
140
148
public
function
garbageCollection
(
$name
=
'XOOPS_TOKEN'
)
149
{
150
$sessionName =
$name
.
'_SESSION'
;
151
if
(!empty(
$_SESSION
[$sessionName]) && is_array(
$_SESSION
[$sessionName])) {
152
$_SESSION
[$sessionName] = array_filter(
$_SESSION
[$sessionName], array($this,
'filterToken'
));
153
}
154
}
155
163
public
function
checkReferer
($docheck = 1)
164
{
165
$ref =
\Xoops::getInstance
()->getEnv(
'HTTP_REFERER'
);
166
if
($docheck == 0) {
167
return
true
;
168
}
169
if
($ref ==
''
) {
170
return
false
;
171
}
172
if
(strpos($ref, \
XoopsBaseConfig::get
(
'url'
)) !== 0) {
173
return
false
;
174
}
175
return
true
;
176
}
177
184
public
function
checkBadips
()
185
{
186
$xoops
=
\Xoops::getInstance
();
187
if
(
$xoops
->getConfig(
'enable_badips'
) == 1
188
&& isset(
$_SERVER
[
'REMOTE_ADDR'
])
189
&&
$_SERVER
[
'REMOTE_ADDR'
] !=
''
190
) {
191
foreach
(
$xoops
->getConfig(
'bad_ips'
) as $bi) {
192
if
(!empty($bi) && preg_match(
'/'
. $bi .
'/'
,
$_SERVER
[
'REMOTE_ADDR'
])) {
193
exit
();
194
}
195
}
196
}
197
}
198
207
public
function
getTokenHTML
(
$name
=
'XOOPS_TOKEN'
)
208
{
209
$token = new \Xoops\Form\Token(
$name
);
210
return
$token->render();
211
}
212
220
public
function
setErrors
(
$error
)
221
{
222
$this->errors[] = trim(
$error
);
223
}
224
232
public
function
getErrors
($ashtml =
false
)
233
{
234
if
(!$ashtml) {
235
return
$this->errors
;
236
}
else
{
237
$ret =
''
;
238
if
(is_array($this->errors)) {
239
$ret = implode(
'<br />'
, $this->errors) .
'<br />'
;
240
}
241
return
$ret;
242
}
243
}
244
}
$_SESSION
$_SESSION['RF']["verify"]
Definition:
dialog.php:4
$error
if(empty($settings['ROOT_PATH'])) elseif(empty($settings['DB_PARAMETERS'])) $error
Definition:
page_configsave.php:41
Xoops\Core
Definition:
Assets.php:12
Xoops\Core\Security\$errors
$errors
Definition:
Security.php:28
$i
$i
Definition:
dialog.php:68
Xoops\getInstance
static getInstance()
Definition:
Xoops.php:160
$_SERVER
$_SERVER['REQUEST_URI']
Definition:
comment_delete.php:23
Xoops\Core\Random\generateOneTimeToken
static generateOneTimeToken($hash= 'sha512', $bytes=64)
Definition:
Random.php:41
exit
exit
Definition:
browse.php:104
Xoops\Core\Security\clearTokens
clearTokens($name= 'XOOPS_TOKEN')
Definition:
Security.php:124
$xoops
$xoops
Definition:
admin.php:25
Xoops\Core\Security\filterToken
filterToken($token)
Definition:
Security.php:136
Xoops\Core\Security\createToken
createToken($timeout=300, $name= 'XOOPS_TOKEN')
Definition:
Security.php:52
Xoops\Core\Security\checkBadips
checkBadips()
Definition:
Security.php:184
XoopsBaseConfig\get
static get($name)
Definition:
XoopsBaseConfig.php:117
Xoops\Core\Security\checkReferer
checkReferer($docheck=1)
Definition:
Security.php:163
Xoops\Core\Security\getErrors
getErrors($ashtml=false)
Definition:
Security.php:232
Xoops\Core\Security\setErrors
setErrors($error)
Definition:
Security.php:220
Xoops\Core\Security\getTokenHTML
getTokenHTML($name= 'XOOPS_TOKEN')
Definition:
Security.php:207
$name
$name
Definition:
force_download.php:15
Xoops\Core\Security\check
check($clearIfValid=true, $token=false, $name= 'XOOPS_TOKEN')
Definition:
Security.php:39
Xoops\Core\Security\garbageCollection
garbageCollection($name= 'XOOPS_TOKEN')
Definition:
Security.php:148
Security
Xoops\Core\Security\validateToken
validateToken($token=false, $clearIfValid=true, $name= 'XOOPS_TOKEN')
Definition:
Security.php:77
usr64
htdocs
xoops_lib
Xoops
Core
Security.php
Generated on Fri May 22 2015 03:07:05 for XOOPS by
1.8.9.1