alice
/
MOZAMBICO
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
5 Commits
1 Branch
Struktur: 6310d26780
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „6310d26780“
${ noResults }
MOZAMBICO/App/Classes/Security.class.php

Security.class.php 2.3KB
Originalformat Blame Verlauf

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. <?php

  2. 	class Security {

  3. 		

  4. 		public $csrfTokenName;

  5. 		public $passwordMinLength;

  6. 		private $session;

  7. 		private $config;

  8. 		

  9. 		function __construct() {

  10. 			global $session, $config;

  11. 			

  12. 			$this->csrfTokenName = 'csrf_token';

  13. 			$this->session = $session;

  14. 			$this->config = $config;

  15. 			$this->passwordMinLength = $this->config['settings']['password-min-lenght'];

  16. 		}

  17. 		

  18. 		public function setCSRFToken() {

  19. 				

  20. 			//if ($this->session->sessionExists($this->csrfTokenName)) {

  21. 				

  22. 				if (function_exists('random_bytes')) { //Only PHP 7

  23. 					$this->session->refreshSession($this->csrfTokenName, bin2hex(random_bytes(32)));

  24. 				} else {

  25. 					$this->session->refreshSession($this->csrfTokenName, bin2hex(openssl_random_pseudo_bytes(32)));

  26. 				}

  27. 			

  28. 			//}

  29. 						

  30. 			return $this->session->getSessionValue($this->csrfTokenName);

  31. 		}

  32. 		

  33. 		public function getCSRFToken() {

  34. 			return $this->session->getSessionValue($this->csrfTokenName);

  35. 		}

  36. 		

  37. 		public function compareCSRFToken($token=null) {

  38. 			

  39. 			$sessionToken = $this->getCSRFToken();

  40. 			

  41. 			if ($sessionToken !== false) {

  42. 				return hash_equals($sessionToken, $token);

  43. 			}

  44. 			

  45. 			return false;

  46. 		}

  47. 		

  48. 		public function secureString($string, $action='e') {

  49. 			    $output = false;

  50. 

  51. 			    $encryptMethod = "AES-256-CBC";

  52. 			    $secretKey = $this->config['settings']['secret-key'];

  53. 			    $secretIv = $this->config['settings']['secret-iv'];

  54. 			

  55. 

  56. 			    $key = hash('sha256', $secretKey);

  57. 			

  58. 			    $iv = substr(hash('sha256', $secretIv), 0, 16);

  59. 			

  60. 			    if ($action == 'e') {

  61. 			        $output = openssl_encrypt($string, $encryptMethod, $key, 0, $iv);

  62. 			        $output = base64_encode($output);

  63. 			    } else if ($action == 'd') {

  64. 			        $output = openssl_decrypt(base64_decode($string), $encryptMethod, $key, 0, $iv);

  65. 			    }

  66. 			

  67. 			    return $output;

  68. 		}

  69. 		

  70. 		public function validatePassword($password='') {

  71. 			if(!preg_match( '/[^A-Za-z0-9]+/', $password) || strlen($password) < $this->passwordMinLength) {

  72. 				return false;

  73. 			}

  74. 

  75. 			return true;

  76. 		}

  77. 		

  78. 		public function getGUID() {

  79. 		    if (function_exists('com_create_guid') === true) {

  80. 		        return trim(com_create_guid(), '{}');

  81. 		    }

  82. 		

  83. 		    return sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));

  84. 		}

  85. 

  86. 	}