mirror of
https://github.com/YunoHost-Apps/kanboard_ynh.git
synced 2024-09-03 19:36:17 +02:00
87 lines
2.1 KiB
PHP
87 lines
2.1 KiB
PHP
<?php
|
|
|
|
namespace Core;
|
|
|
|
/**
|
|
* Security class
|
|
*
|
|
* @package core
|
|
* @author Frederic Guillot
|
|
*/
|
|
class Security
|
|
{
|
|
/**
|
|
* Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid()
|
|
*
|
|
* @static
|
|
* @access public
|
|
* @return string Random token
|
|
*/
|
|
public static function generateToken()
|
|
{
|
|
if (function_exists('openssl_random_pseudo_bytes')) {
|
|
return bin2hex(\openssl_random_pseudo_bytes(30));
|
|
}
|
|
else if (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
|
|
return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
|
|
}
|
|
|
|
return hash('sha256', uniqid(mt_rand(), true));
|
|
}
|
|
|
|
/**
|
|
* Generate and store a CSRF token in the current session
|
|
*
|
|
* @static
|
|
* @access public
|
|
* @return string Random token
|
|
*/
|
|
public static function getCSRFToken()
|
|
{
|
|
$nonce = self::generateToken();
|
|
|
|
if (empty($_SESSION['csrf_tokens'])) {
|
|
$_SESSION['csrf_tokens'] = array();
|
|
}
|
|
|
|
$_SESSION['csrf_tokens'][$nonce] = true;
|
|
|
|
return $nonce;
|
|
}
|
|
|
|
/**
|
|
* Check if the token exists for the current session (a token can be used only one time)
|
|
*
|
|
* @static
|
|
* @access public
|
|
* @param string $token CSRF token
|
|
* @return bool
|
|
*/
|
|
public static function validateCSRFToken($token)
|
|
{
|
|
if (isset($_SESSION['csrf_tokens'][$token])) {
|
|
unset($_SESSION['csrf_tokens'][$token]);
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Check if the token used in a form is correct and then remove the value
|
|
*
|
|
* @static
|
|
* @access public
|
|
* @param array $values Form values
|
|
* @return bool
|
|
*/
|
|
public static function validateCSRFFormToken(array &$values)
|
|
{
|
|
if (! empty($values['csrf_token']) && self::validateCSRFToken($values['csrf_token'])) {
|
|
unset($values['csrf_token']);
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|