XCL Web Application Platform 2.5.0
The XoopsCube Legacy Project
Loading...
Searching...
No Matches
token.php
1<?php
12
13define('XOOPS_TOKEN_TIMEOUT', 0);
14define('XOOPS_TOKEN_PREFIX', 'XOOPS_TOKEN_');
15
16if (!defined('XOOPS_SALT')) {
17 define('XOOPS_SALT', substr(md5(XOOPS_DB_PREFIX.XOOPS_DB_USER.XOOPS_ROOT_PATH), 5, 8));
18}
19
20define('XOOPS_TOKEN_SESSION_STRING', 'X2_TOKEN');
21define('XOOPS_TOKEN_MULTI_SESSION_STRING', 'X2_MULTI_TOKEN');
22
23define('XOOPS_TOKEN_DEFAULT', 'XOOPS_TOKEN_DEFAULT');
24
35class XoopsToken
36{
41 public $_name_;
42
47 public $_token_;
48
54 public $_lifetime_;
55
59 public $_unlimited_;
60
66 public $_number_=0;
67
72 public function __construct($name, $timeout = XOOPS_TOKEN_TIMEOUT)
73 {
74 $this->_name_ = $name;
75
76 if ($timeout) {
77 $this->_lifetime_ = time() + $timeout;
78 $this->_unlimited_ = false;
79 } else {
80 $this->_lifetime_ = 0;
81 $this->_unlimited_ = true;
82 }
83
84 $this->_token_ = $this->_generateToken();
85 }
86
87
94 public function _generateToken()
95 {
96 mt_srand ((int) microtime() * 10000 );
97 return md5(XOOPS_SALT.$this->_name_.uniqid(mt_rand(), true ));
98 }
99
106 public function getTokenName()
107 {
108 return XOOPS_TOKEN_PREFIX.$this->_name_ . '_' . $this->_number_;
109 }
110
117 public function getTokenValue()
118 {
119 return $this->_token_;
120 }
121
128 public function setSerialNumber($serial_number)
129 {
130 $this->_number_ = $serial_number;
131 }
132
139 public function getSerialNumber()
140 {
141 return $this->_number_;
142 }
143
151 public function getHtml()
152 {
153 return @sprintf('<input type="hidden" name="%s" value="%s" />', $this->getTokenName(), $this->getTokenValue());
154 }
155
162 public function getUrl()
163 {
164 return $this->getTokenName() . '=' . $this->getTokenValue();
165 }
166
173 public function validate($token=null)
174 {
175 return ($this->_token_==$token && ($this->_unlimited_ || time()<=$this->_lifetime_));
176 }
177}
178
186class XoopsTokenHandler
187{
191 public $_prefix = '';
192
201 public function &create($name, $timeout = XOOPS_TOKEN_TIMEOUT)
202 {
203 $token =new XoopsToken($name, $timeout);
204 $this->register($token);
205 return $token;
206 }
207
215 public function &fetch($name)
216 {
217 $ret = null;
218 if (isset($_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name])) {
219 $ret =& $_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name];
220 }
221 return $ret;
222 }
223
228 public function register(&$token)
229 {
230 $_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$token->_name_] = $token;
231 }
232
237 public function unregister(&$token)
238 {
239 unset($_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$token->_name_]);
240 }
241
250 public function isRegistered($name)
251 {
252 return isset($_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name]);
253 }
254
264 public function validate(&$token, $clearIfValid)
265 {
266 $req_token = isset($_REQUEST[ $token->getTokenName() ]) ?
267 trim($_REQUEST[ $token->getTokenName() ]) : null;
268
269 if ($req_token) {
270 if ($token->validate($req_token)) {
271 if ($clearIfValid) {
272 $this->unregister($token);
273 }
274 return true;
275 }
276 }
277 return false;
278 }
279}
280
281class XoopsSingleTokenHandler extends XoopsTokenHandler
282{
283 public function autoValidate($name, $clearIfValid=true)
284 {
285 if ($token =& $this->fetch($name)) {
286 return $this->validate($token, $clearIfValid);
287 }
288 return false;
289 }
290
300 public static function &quickCreate($name, $timeout = XOOPS_TOKEN_TIMEOUT)
301 {
302 $handler =new XoopsSingleTokenHandler();
303 $ret =& $handler->create($name, $timeout);
304 return $ret;
305 }
306
316 public static function quickValidate($name, $clearIfValid=true)
317 {
318 $handler = new XoopsSingleTokenHandler();
319 return $handler->autoValidate($name, $clearIfValid);
320 }
321}
322
327class XoopsMultiTokenHandler extends XoopsTokenHandler
328{
332 public $_prefix = '';
333
334 public function &create($name, $timeout=XOOPS_TOKEN_TIMEOUT)
335 {
336 $token =new XoopsToken($name, $timeout);
337 $token->setSerialNumber($this->getUniqueSerial($name));
338 $this->register($token);
339 return $token;
340 }
341
342 public function &fetch($name, $serial_number=null)
343 {
344 $ret = null;
345 if (isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number])) {
346 $ret =& $_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number];
347 }
348 return $ret;
349 }
350
351 public function register(&$token)
352 {
353 $_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$token->_name_][$token->getSerialNumber()] = $token;
354 }
355
356 public function unregister(&$token)
357 {
358 unset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$token->_name_][$token->getSerialNumber()]);
359 }
360
361 public function isRegistered($name, $serial_number=null)
362 {
363 return isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number]);
364 }
365
366 public function autoValidate($name, $clearIfValid=true)
367 {
368 $serial_number = $this->getRequestNumber($name);
369
370 if ((null !== $serial_number) && $token =& $this->fetch($name, $serial_number)) {
371 return $this->validate($token, $clearIfValid);
372 }
373 return false;
374 }
375
385 public static function &quickCreate($name, $timeout = XOOPS_TOKEN_TIMEOUT)
386 {
387 $handler =new XoopsMultiTokenHandler();
388 $ret =& $handler->create($name, $timeout);
389 return $ret;
390 }
391
401 public static function quickValidate($name, $clearIfValid=true)
402 {
403 $handler = new XoopsMultiTokenHandler();
404 return $handler->autoValidate($name, $clearIfValid);
405 }
406
411 public function getRequestNumber($name)
412 {
413 $str = XOOPS_TOKEN_PREFIX.$name . '_';
414 foreach ($_REQUEST as $key=>$val) {
415 if (preg_match('/' . $str . "(\d+)/", $key, $match)) {
416 return (int)$match[1];
417 }
418 }
419
420 return null;
421 }
422
423 public function getUniqueSerial($name)
424 {
425 if (isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$name])) {
426 if (is_array($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$name])) {
427 for ($i=0;isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$name][$i]);$i++);
428 return $i;
429 }
430 }
431
432 return 0;
433 }
434}
XoopsMultiTokenHandler\quickValidate
static quickValidate($name, $clearIfValid=true)
Definition token.php:401
XoopsMultiTokenHandler\quickCreate
static & quickCreate($name, $timeout=XOOPS_TOKEN_TIMEOUT)
Definition token.php:385
XoopsMultiTokenHandler\create
& create($name, $timeout=XOOPS_TOKEN_TIMEOUT)
Definition token.php:334
XoopsSingleTokenHandler\quickValidate
static quickValidate($name, $clearIfValid=true)
Definition token.php:316
XoopsSingleTokenHandler\quickCreate
static & quickCreate($name, $timeout=XOOPS_TOKEN_TIMEOUT)
Definition token.php:300
XoopsTokenHandler\create
& create($name, $timeout=XOOPS_TOKEN_TIMEOUT)
Definition token.php:201
XoopsTokenHandler\isRegistered
isRegistered($name)
Definition token.php:250
XoopsTokenHandler\fetch
& fetch($name)
Definition token.php:215
XoopsTokenHandler\validate
validate(&$token, $clearIfValid)
Definition token.php:264
XoopsTokenHandler\unregister
unregister(&$token)
Definition token.php:237
XoopsToken\_generateToken
_generateToken()
Definition token.php:94
XoopsToken\getSerialNumber
getSerialNumber()
Definition token.php:139
XoopsToken\getTokenName
getTokenName()
Definition token.php:106
XoopsToken\validate
validate($token=null)
Definition token.php:173
XoopsToken\__construct
__construct($name, $timeout=XOOPS_TOKEN_TIMEOUT)
Definition token.php:72
XoopsToken\getTokenValue
getTokenValue()
Definition token.php:117
XoopsToken\setSerialNumber
setSerialNumber($serial_number)
Definition token.php:128