1: <?php
2: 3: 4: 5: 6: 7: 8: 9:
10:
11: define ( 'XOOPS_TOKEN_TIMEOUT', 0 );
12: define ( 'XOOPS_TOKEN_PREFIX', "XOOPS_TOKEN_" );
13:
14: if(!defined('XOOPS_SALT'))
15: define('XOOPS_SALT',substr(md5(XOOPS_DB_PREFIX.XOOPS_DB_USER.XOOPS_ROOT_PATH),5,8));
16:
17: define ( 'XOOPS_TOKEN_SESSION_STRING', "X2_TOKEN");
18: define ( 'XOOPS_TOKEN_MULTI_SESSION_STRING', "X2_MULTI_TOKEN");
19:
20: define('XOOPS_TOKEN_DEFAULT', 'XOOPS_TOKEN_DEFAULT');
21:
22: 23: 24: 25: 26: 27: 28: 29: 30: 31:
32: class XoopsToken
33: {
34: 35: 36: 37:
38: var $_name_;
39:
40: 41: 42: 43:
44: var $_token_;
45:
46: 47: 48: 49: 50:
51: var $_lifetime_;
52:
53: 54: 55:
56: var $_unlimited_;
57:
58: 59: 60: 61: 62:
63: var $_number_=0;
64:
65: 66: 67: 68:
69: function XoopsToken($name, $timeout = XOOPS_TOKEN_TIMEOUT)
70: {
71: $this->_name_ = $name;
72:
73: if($timeout) {
74: $this->_lifetime_ = time() + $timeout;
75: $this->_unlimited_ = false;
76: }
77: else {
78: $this->_lifetime_ = 0;
79: $this->_unlimited_ = true;
80: }
81:
82: $this->_token_ = $this->_generateToken();
83: }
84:
85:
86: 87: 88: 89: 90: 91:
92: function _generateToken()
93: {
94: srand(microtime()*100000);
95: return md5(XOOPS_SALT.$this->_name_.uniqid(rand(),true));
96: }
97:
98: 99: 100: 101: 102: 103:
104: function getTokenName()
105: {
106: return XOOPS_TOKEN_PREFIX.$this->_name_."_".$this->_number_;
107: }
108:
109: 110: 111: 112: 113: 114:
115: function getTokenValue()
116: {
117: return $this->_token_;
118: }
119:
120: 121: 122: 123: 124: 125:
126: function setSerialNumber($serial_number)
127: {
128: $this->_number_ = $serial_number;
129: }
130:
131: 132: 133: 134: 135: 136:
137: function getSerialNumber()
138: {
139: return $this->_number_;
140: }
141:
142: 143: 144: 145: 146: 147: 148:
149: function getHtml()
150: {
151: return @sprintf('<input type="hidden" name="%s" value="%s" />',$this->getTokenName(),$this->getTokenValue());
152: }
153:
154: 155: 156: 157: 158: 159:
160: function getUrl()
161: {
162: return $this->getTokenName()."=".$this->getTokenValue();
163: }
164:
165: 166: 167: 168: 169:
170: function validate($token=null)
171: {
172: return ($this->_token_==$token && ( $this->_unlimited_ || time()<=$this->_lifetime_));
173: }
174: }
175:
176: 177: 178: 179: 180: 181: 182:
183: class XoopsTokenHandler
184: {
185: 186: 187:
188: var $_prefix ="";
189:
190:
191: 192: 193: 194: 195: 196: 197:
198: function &create($name,$timeout = XOOPS_TOKEN_TIMEOUT)
199: {
200: $token =new XoopsToken($name,$timeout);
201: $this->register($token);
202: return $token;
203: }
204:
205: 206: 207: 208: 209: 210: 211:
212: function &fetch($name)
213: {
214: $ret = null;
215: if(isset($_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name])) {
216: $ret =& $_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name];
217: }
218: return $ret;
219: }
220:
221: 222: 223:
224: function register(&$token)
225: {
226: $_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$token->_name_] = $token;
227: }
228:
229: 230: 231:
232: function unregister(&$token)
233: {
234: unset($_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$token->_name_]);
235: }
236:
237: 238: 239: 240: 241: 242: 243: 244:
245: function isRegistered($name)
246: {
247: return isset($_SESSION[XOOPS_TOKEN_SESSION_STRING][$this->_prefix.$name]);
248: }
249:
250: 251: 252: 253: 254: 255: 256: 257: 258:
259: function validate(&$token,$clearIfValid)
260: {
261: $req_token = isset($_REQUEST[ $token->getTokenName() ]) ?
262: trim($_REQUEST[ $token->getTokenName() ]) : null;
263:
264: if($req_token) {
265: if($token->validate($req_token)) {
266: if($clearIfValid)
267: $this->unregister($token);
268: return true;
269: }
270: }
271: return false;
272: }
273: }
274:
275: class XoopsSingleTokenHandler extends XoopsTokenHandler
276: {
277: function autoValidate($name,$clearIfValid=true)
278: {
279: if($token =& $this->fetch($name)) {
280: return $this->validate($token,$clearIfValid);
281: }
282: return false;
283: }
284:
285: 286: 287: 288: 289: 290: 291:
292: function &quickCreate($name,$timeout = XOOPS_TOKEN_TIMEOUT)
293: {
294: $handler =new XoopsSingleTokenHandler();
295: $ret =& $handler->create($name,$timeout);
296: return $ret;
297: }
298:
299: 300: 301: 302: 303: 304: 305:
306: function quickValidate($name,$clearIfValid=true)
307: {
308: $handler = new XoopsSingleTokenHandler();
309: return $handler->autoValidate($name,$clearIfValid);
310: }
311: }
312:
313: 314: 315: 316:
317: class XoopsMultiTokenHandler extends XoopsTokenHandler
318: {
319: function &create($name,$timeout=XOOPS_TOKEN_TIMEOUT)
320: {
321: $token =new XoopsToken($name,$timeout);
322: $token->setSerialNumber($this->getUniqueSerial($name));
323: $this->register($token);
324: return $token;
325: }
326:
327: function &fetch($name,$serial_number)
328: {
329: $ret = null;
330: if(isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number])) {
331: $ret =& $_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number];
332: }
333: return $ret;
334: }
335:
336: function register(&$token)
337: {
338: $_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$token->_name_][$token->getSerialNumber()] = $token;
339: }
340:
341: function unregister(&$token)
342: {
343: unset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$token->_name_][$token->getSerialNumber()]);
344: }
345:
346: function isRegistered($name,$serial_number)
347: {
348: return isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$this->_prefix.$name][$serial_number]);
349: }
350:
351: function autoValidate($name,$clearIfValid=true)
352: {
353: $serial_number = $this->getRequestNumber($name);
354: if($serial_number!==null) {
355: if($token =& $this->fetch($name,$serial_number)) {
356: return $this->validate($token,$clearIfValid);
357: }
358: }
359: return false;
360: }
361:
362: 363: 364: 365: 366: 367: 368:
369: function &quickCreate($name,$timeout = XOOPS_TOKEN_TIMEOUT)
370: {
371: $handler =new XoopsMultiTokenHandler();
372: $ret =& $handler->create($name,$timeout);
373: return $ret;
374: }
375:
376: 377: 378: 379: 380: 381: 382:
383: function quickValidate($name,$clearIfValid=true)
384: {
385: $handler = new XoopsMultiTokenHandler();
386: return $handler->autoValidate($name,$clearIfValid);
387: }
388:
389: 390: 391: 392:
393: function getRequestNumber($name)
394: {
395: $str = XOOPS_TOKEN_PREFIX.$name."_";
396: foreach($_REQUEST as $key=>$val) {
397: if(preg_match("/".$str."(\d+)/",$key,$match))
398: return intval($match[1]);
399: }
400:
401: return null;
402: }
403:
404: function getUniqueSerial($name)
405: {
406: if(isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$name])) {
407: if(is_array($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$name])) {
408: for($i=0;isset($_SESSION[XOOPS_TOKEN_MULTI_SESSION_STRING][$name][$i]);$i++);
409: return $i;
410: }
411: }
412:
413: return 0;
414: }
415: }
416: ?>
417: