[1242]
Author: phpnut
Date: 6:19:00 PM, Thursday, October 27, 2005
Message:
removing session directory
[1241]
Author: phpnut
Date: 6:13:46 PM, Thursday, October 27, 2005
Message:
added docblocks and temp error messages when trying to use the unimplemeted database for sessions
[1239]
Author: phpnut
Date: 5:28:57 PM, Thursday, October 27, 2005
Message:
More work on session.
Added config settings to core.php
updated model to allow models without a database table.
[1237]
Author: phpnut
Date: 3:50:27 PM, Thursday, October 27, 2005
Message:
adding directories for sessions
[1235]
Author: phpnut
Date: 3:36:08 AM, Thursday, October 27, 2005
Message:
Typo
[1234]
Author: phpnut
Date: 3:34:07 AM, Thursday, October 27, 2005
Message:
More work on the Session classes and adding the first methods the to Security class
[1233]
Author: phpnut
Date: 3:05:46 AM, Thursday, October 27, 2005
Message:
Start to core security class added.
Moved paths.php to cake/config/
Refactoring Session classes
[1232]
Author: phpnut
Date: 2:20:25 AM, Thursday, October 27, 2005
Message:
More work on the core session class.
Adding session component class.
Added fix for errors messages not working with validation.
Added possible fix for inflector now working on the word status.
git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1243 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-27 23:29:56 +00:00
|
|
|
<?php
|
|
|
|
/* SVN FILE: $Id$ */
|
|
|
|
/**
|
|
|
|
* Short description for file.
|
2006-01-17 05:13:38 +00:00
|
|
|
*
|
[1242]
Author: phpnut
Date: 6:19:00 PM, Thursday, October 27, 2005
Message:
removing session directory
[1241]
Author: phpnut
Date: 6:13:46 PM, Thursday, October 27, 2005
Message:
added docblocks and temp error messages when trying to use the unimplemeted database for sessions
[1239]
Author: phpnut
Date: 5:28:57 PM, Thursday, October 27, 2005
Message:
More work on session.
Added config settings to core.php
updated model to allow models without a database table.
[1237]
Author: phpnut
Date: 3:50:27 PM, Thursday, October 27, 2005
Message:
adding directories for sessions
[1235]
Author: phpnut
Date: 3:36:08 AM, Thursday, October 27, 2005
Message:
Typo
[1234]
Author: phpnut
Date: 3:34:07 AM, Thursday, October 27, 2005
Message:
More work on the Session classes and adding the first methods the to Security class
[1233]
Author: phpnut
Date: 3:05:46 AM, Thursday, October 27, 2005
Message:
Start to core security class added.
Moved paths.php to cake/config/
Refactoring Session classes
[1232]
Author: phpnut
Date: 2:20:25 AM, Thursday, October 27, 2005
Message:
More work on the core session class.
Adding session component class.
Added fix for errors messages not working with validation.
Added possible fix for inflector now working on the word status.
git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1243 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-27 23:29:56 +00:00
|
|
|
* Long description for file
|
|
|
|
*
|
|
|
|
* PHP versions 4 and 5
|
|
|
|
*
|
2007-02-02 10:39:45 +00:00
|
|
|
* CakePHP(tm) : Rapid Development Framework <http://www.cakephp.org/>
|
2008-01-01 22:18:17 +00:00
|
|
|
* Copyright 2005-2008, Cake Software Foundation, Inc.
|
2006-05-26 05:29:17 +00:00
|
|
|
* 1785 E. Sahara Avenue, Suite 490-204
|
|
|
|
* Las Vegas, Nevada 89104
|
[1242]
Author: phpnut
Date: 6:19:00 PM, Thursday, October 27, 2005
Message:
removing session directory
[1241]
Author: phpnut
Date: 6:13:46 PM, Thursday, October 27, 2005
Message:
added docblocks and temp error messages when trying to use the unimplemeted database for sessions
[1239]
Author: phpnut
Date: 5:28:57 PM, Thursday, October 27, 2005
Message:
More work on session.
Added config settings to core.php
updated model to allow models without a database table.
[1237]
Author: phpnut
Date: 3:50:27 PM, Thursday, October 27, 2005
Message:
adding directories for sessions
[1235]
Author: phpnut
Date: 3:36:08 AM, Thursday, October 27, 2005
Message:
Typo
[1234]
Author: phpnut
Date: 3:34:07 AM, Thursday, October 27, 2005
Message:
More work on the Session classes and adding the first methods the to Security class
[1233]
Author: phpnut
Date: 3:05:46 AM, Thursday, October 27, 2005
Message:
Start to core security class added.
Moved paths.php to cake/config/
Refactoring Session classes
[1232]
Author: phpnut
Date: 2:20:25 AM, Thursday, October 27, 2005
Message:
More work on the core session class.
Adding session component class.
Added fix for errors messages not working with validation.
Added possible fix for inflector now working on the word status.
git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1243 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-27 23:29:56 +00:00
|
|
|
*
|
|
|
|
* Licensed under The MIT License
|
|
|
|
* Redistributions of files must retain the above copyright notice.
|
|
|
|
*
|
2006-01-17 05:13:38 +00:00
|
|
|
* @filesource
|
2008-01-01 22:18:17 +00:00
|
|
|
* @copyright Copyright 2005-2008, Cake Software Foundation, Inc.
|
2007-02-02 10:39:45 +00:00
|
|
|
* @link http://www.cakefoundation.org/projects/info/cakephp CakePHP(tm) Project
|
2006-05-26 05:29:17 +00:00
|
|
|
* @package cake
|
|
|
|
* @subpackage cake.cake.libs
|
2007-02-02 10:39:45 +00:00
|
|
|
* @since CakePHP(tm) v .0.10.0.1233
|
2006-05-26 05:29:17 +00:00
|
|
|
* @version $Revision$
|
|
|
|
* @modifiedby $LastChangedBy$
|
|
|
|
* @lastmodified $Date$
|
|
|
|
* @license http://www.opensource.org/licenses/mit-license.php The MIT License
|
[1242]
Author: phpnut
Date: 6:19:00 PM, Thursday, October 27, 2005
Message:
removing session directory
[1241]
Author: phpnut
Date: 6:13:46 PM, Thursday, October 27, 2005
Message:
added docblocks and temp error messages when trying to use the unimplemeted database for sessions
[1239]
Author: phpnut
Date: 5:28:57 PM, Thursday, October 27, 2005
Message:
More work on session.
Added config settings to core.php
updated model to allow models without a database table.
[1237]
Author: phpnut
Date: 3:50:27 PM, Thursday, October 27, 2005
Message:
adding directories for sessions
[1235]
Author: phpnut
Date: 3:36:08 AM, Thursday, October 27, 2005
Message:
Typo
[1234]
Author: phpnut
Date: 3:34:07 AM, Thursday, October 27, 2005
Message:
More work on the Session classes and adding the first methods the to Security class
[1233]
Author: phpnut
Date: 3:05:46 AM, Thursday, October 27, 2005
Message:
Start to core security class added.
Moved paths.php to cake/config/
Refactoring Session classes
[1232]
Author: phpnut
Date: 2:20:25 AM, Thursday, October 27, 2005
Message:
More work on the core session class.
Adding session component class.
Added fix for errors messages not working with validation.
Added possible fix for inflector now working on the word status.
git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1243 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-27 23:29:56 +00:00
|
|
|
*/
|
|
|
|
/**
|
|
|
|
* Short description for file.
|
2006-01-17 05:13:38 +00:00
|
|
|
*
|
[1242]
Author: phpnut
Date: 6:19:00 PM, Thursday, October 27, 2005
Message:
removing session directory
[1241]
Author: phpnut
Date: 6:13:46 PM, Thursday, October 27, 2005
Message:
added docblocks and temp error messages when trying to use the unimplemeted database for sessions
[1239]
Author: phpnut
Date: 5:28:57 PM, Thursday, October 27, 2005
Message:
More work on session.
Added config settings to core.php
updated model to allow models without a database table.
[1237]
Author: phpnut
Date: 3:50:27 PM, Thursday, October 27, 2005
Message:
adding directories for sessions
[1235]
Author: phpnut
Date: 3:36:08 AM, Thursday, October 27, 2005
Message:
Typo
[1234]
Author: phpnut
Date: 3:34:07 AM, Thursday, October 27, 2005
Message:
More work on the Session classes and adding the first methods the to Security class
[1233]
Author: phpnut
Date: 3:05:46 AM, Thursday, October 27, 2005
Message:
Start to core security class added.
Moved paths.php to cake/config/
Refactoring Session classes
[1232]
Author: phpnut
Date: 2:20:25 AM, Thursday, October 27, 2005
Message:
More work on the core session class.
Adding session component class.
Added fix for errors messages not working with validation.
Added possible fix for inflector now working on the word status.
git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1243 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-27 23:29:56 +00:00
|
|
|
* Long description for file
|
|
|
|
*
|
2006-05-26 05:29:17 +00:00
|
|
|
* @package cake
|
|
|
|
* @subpackage cake.cake.libs
|
[1242]
Author: phpnut
Date: 6:19:00 PM, Thursday, October 27, 2005
Message:
removing session directory
[1241]
Author: phpnut
Date: 6:13:46 PM, Thursday, October 27, 2005
Message:
added docblocks and temp error messages when trying to use the unimplemeted database for sessions
[1239]
Author: phpnut
Date: 5:28:57 PM, Thursday, October 27, 2005
Message:
More work on session.
Added config settings to core.php
updated model to allow models without a database table.
[1237]
Author: phpnut
Date: 3:50:27 PM, Thursday, October 27, 2005
Message:
adding directories for sessions
[1235]
Author: phpnut
Date: 3:36:08 AM, Thursday, October 27, 2005
Message:
Typo
[1234]
Author: phpnut
Date: 3:34:07 AM, Thursday, October 27, 2005
Message:
More work on the Session classes and adding the first methods the to Security class
[1233]
Author: phpnut
Date: 3:05:46 AM, Thursday, October 27, 2005
Message:
Start to core security class added.
Moved paths.php to cake/config/
Refactoring Session classes
[1232]
Author: phpnut
Date: 2:20:25 AM, Thursday, October 27, 2005
Message:
More work on the core session class.
Adding session component class.
Added fix for errors messages not working with validation.
Added possible fix for inflector now working on the word status.
git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1243 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-27 23:29:56 +00:00
|
|
|
*/
|
2007-10-09 21:00:32 +00:00
|
|
|
class Security extends Object {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Default hash method
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
* @access public
|
|
|
|
*/
|
|
|
|
var $hashType = null;
|
2006-05-26 05:29:17 +00:00
|
|
|
/**
|
2007-05-26 06:35:44 +00:00
|
|
|
* Singleton implementation to get object instance.
|
2006-05-26 05:29:17 +00:00
|
|
|
*
|
2007-05-26 06:35:44 +00:00
|
|
|
* @return object
|
|
|
|
* @access public
|
|
|
|
* @static
|
2006-05-26 05:29:17 +00:00
|
|
|
*/
|
|
|
|
function &getInstance() {
|
|
|
|
static $instance = array();
|
|
|
|
if (!$instance) {
|
2006-08-03 06:49:51 +00:00
|
|
|
$instance[0] =& new Security;
|
2006-05-26 05:29:17 +00:00
|
|
|
}
|
|
|
|
return $instance[0];
|
|
|
|
}
|
|
|
|
/**
|
2007-05-26 06:35:44 +00:00
|
|
|
* Get allowed minutes of inactivity based on security level.
|
2006-05-26 05:29:17 +00:00
|
|
|
*
|
2007-10-22 16:54:36 +00:00
|
|
|
* @return integer Allowed inactivity in minutes
|
2007-05-26 06:35:44 +00:00
|
|
|
* @access public
|
|
|
|
* @static
|
2006-05-26 05:29:17 +00:00
|
|
|
*/
|
|
|
|
function inactiveMins() {
|
2006-08-03 06:49:51 +00:00
|
|
|
$_this =& Security::getInstance();
|
2007-10-16 09:05:25 +00:00
|
|
|
switch(Configure::read('Security.level')) {
|
2006-05-26 05:29:17 +00:00
|
|
|
case 'high':
|
|
|
|
return 10;
|
|
|
|
break;
|
|
|
|
case 'medium':
|
|
|
|
return 100;
|
|
|
|
break;
|
|
|
|
case 'low':
|
|
|
|
default:
|
|
|
|
return 300;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
2007-05-26 06:35:44 +00:00
|
|
|
* Generate authorization hash.
|
2006-05-26 05:29:17 +00:00
|
|
|
*
|
2007-05-26 06:35:44 +00:00
|
|
|
* @return string Hash
|
|
|
|
* @access public
|
|
|
|
* @static
|
2006-05-26 05:29:17 +00:00
|
|
|
*/
|
|
|
|
function generateAuthKey() {
|
|
|
|
$_this =& Security::getInstance();
|
2007-09-24 09:56:25 +00:00
|
|
|
if(!class_exists('String')) {
|
2008-05-12 19:50:00 +00:00
|
|
|
App::import('Core', 'String');
|
2007-09-24 09:56:25 +00:00
|
|
|
}
|
2007-09-21 01:57:27 +00:00
|
|
|
return $_this->hash(String::uuid());
|
2006-05-26 05:29:17 +00:00
|
|
|
}
|
|
|
|
/**
|
2007-05-26 06:35:44 +00:00
|
|
|
* Validate authorization hash.
|
2006-05-26 05:29:17 +00:00
|
|
|
*
|
2007-05-26 06:35:44 +00:00
|
|
|
* @param string $authKey Authorization hash
|
2007-10-22 16:09:35 +00:00
|
|
|
* @return boolean Success
|
2007-05-26 06:35:44 +00:00
|
|
|
* @access public
|
|
|
|
* @static
|
2006-05-26 05:29:17 +00:00
|
|
|
*/
|
2006-08-03 06:49:51 +00:00
|
|
|
function validateAuthKey($authKey) {
|
|
|
|
$_this =& Security::getInstance();
|
|
|
|
return true;
|
|
|
|
}
|
2006-05-26 05:29:17 +00:00
|
|
|
/**
|
2007-05-26 06:35:44 +00:00
|
|
|
* Create a hash from string using given method.
|
2006-05-26 05:29:17 +00:00
|
|
|
*
|
2007-05-26 06:35:44 +00:00
|
|
|
* @param string $string String to hash
|
|
|
|
* @param string $type Method to use (sha1/sha256/md5)
|
2008-02-02 04:51:49 +00:00
|
|
|
* @param boolean $salt If true, automatically appends the application's salt
|
|
|
|
* value to $string (Security.salt)
|
2007-05-26 06:35:44 +00:00
|
|
|
* @return string Hash
|
|
|
|
* @access public
|
|
|
|
* @static
|
2006-05-26 05:29:17 +00:00
|
|
|
*/
|
2008-02-02 04:51:49 +00:00
|
|
|
function hash($string, $type = null, $salt = false) {
|
2006-08-03 06:49:51 +00:00
|
|
|
$_this =& Security::getInstance();
|
2008-02-02 04:51:49 +00:00
|
|
|
|
|
|
|
if ($salt) {
|
|
|
|
$string = Configure::read('Security.salt') . $string;
|
|
|
|
}
|
2007-10-09 21:00:32 +00:00
|
|
|
if (empty($type)) {
|
|
|
|
$type = $_this->hashType;
|
|
|
|
}
|
2006-08-03 06:49:51 +00:00
|
|
|
$type = strtolower($type);
|
2007-10-09 21:00:32 +00:00
|
|
|
|
|
|
|
if ($type == 'sha1' || $type == null) {
|
2006-08-03 06:49:51 +00:00
|
|
|
if (function_exists('sha1')) {
|
|
|
|
$return = sha1($string);
|
|
|
|
return $return;
|
|
|
|
} else {
|
|
|
|
$type = 'sha256';
|
|
|
|
}
|
|
|
|
}
|
2006-01-17 05:13:38 +00:00
|
|
|
|
2006-08-03 06:49:51 +00:00
|
|
|
if ($type == 'sha256') {
|
|
|
|
if (function_exists('mhash')) {
|
|
|
|
$return = bin2hex(mhash(MHASH_SHA256, $string));
|
|
|
|
return $return;
|
|
|
|
} else {
|
|
|
|
$type = 'md5';
|
2006-05-26 05:29:17 +00:00
|
|
|
}
|
2006-08-03 06:49:51 +00:00
|
|
|
}
|
2006-01-17 05:13:38 +00:00
|
|
|
|
2006-08-03 06:49:51 +00:00
|
|
|
if ($type == 'md5') {
|
|
|
|
$return = md5($string);
|
|
|
|
return $return;
|
|
|
|
}
|
|
|
|
}
|
2007-10-09 21:00:32 +00:00
|
|
|
/**
|
|
|
|
* Sets the default hash method for the Security object. This affects all objects using
|
|
|
|
* Security::hash().
|
|
|
|
*
|
|
|
|
* @param string $hash Method to use (sha1/sha256/md5)
|
|
|
|
* @access public
|
|
|
|
* @static
|
|
|
|
* @see Security::hash()
|
|
|
|
*/
|
|
|
|
function setHash($hash) {
|
|
|
|
$_this =& Security::getInstance();
|
|
|
|
$_this->hashType = $hash;
|
|
|
|
}
|
2006-05-26 05:29:17 +00:00
|
|
|
/**
|
2007-05-26 06:35:44 +00:00
|
|
|
* Encripts/Decrypts a text using the given key.
|
2006-05-26 05:29:17 +00:00
|
|
|
*
|
2007-05-26 06:35:44 +00:00
|
|
|
* @param string $text Encrypted string to decrypt, normal string to encrypt
|
|
|
|
* @param string $key Key to use
|
|
|
|
* @return string Encrypted/Decrypted string
|
|
|
|
* @access public
|
|
|
|
* @static
|
2006-05-26 05:29:17 +00:00
|
|
|
*/
|
2006-08-03 06:49:51 +00:00
|
|
|
function cipher($text, $key) {
|
2008-05-12 19:50:00 +00:00
|
|
|
if (empty($key)) {
|
|
|
|
trigger_error('You cannot use an empty key for Security::cipher()');
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
2006-08-03 06:49:51 +00:00
|
|
|
$_this =& Security::getInstance();
|
|
|
|
if (!defined('CIPHER_SEED')) {
|
|
|
|
//This is temporary will change later
|
|
|
|
define('CIPHER_SEED', '76859309657453542496749683645');
|
|
|
|
}
|
|
|
|
srand (CIPHER_SEED);
|
|
|
|
$out = '';
|
2006-01-17 05:13:38 +00:00
|
|
|
|
2007-06-20 06:15:35 +00:00
|
|
|
for ($i = 0; $i < strlen($text); $i++) {
|
|
|
|
for ($j = 0; $j < ord(substr($key, $i % strlen($key), 1)); $j++) {
|
2006-08-03 06:49:51 +00:00
|
|
|
$toss = rand(0, 255);
|
|
|
|
}
|
|
|
|
$mask = rand(0, 255);
|
|
|
|
$out .= chr(ord(substr($text, $i, 1)) ^ $mask);
|
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
2005-11-05 04:08:14 +00:00
|
|
|
}
|
[1242]
Author: phpnut
Date: 6:19:00 PM, Thursday, October 27, 2005
Message:
removing session directory
[1241]
Author: phpnut
Date: 6:13:46 PM, Thursday, October 27, 2005
Message:
added docblocks and temp error messages when trying to use the unimplemeted database for sessions
[1239]
Author: phpnut
Date: 5:28:57 PM, Thursday, October 27, 2005
Message:
More work on session.
Added config settings to core.php
updated model to allow models without a database table.
[1237]
Author: phpnut
Date: 3:50:27 PM, Thursday, October 27, 2005
Message:
adding directories for sessions
[1235]
Author: phpnut
Date: 3:36:08 AM, Thursday, October 27, 2005
Message:
Typo
[1234]
Author: phpnut
Date: 3:34:07 AM, Thursday, October 27, 2005
Message:
More work on the Session classes and adding the first methods the to Security class
[1233]
Author: phpnut
Date: 3:05:46 AM, Thursday, October 27, 2005
Message:
Start to core security class added.
Moved paths.php to cake/config/
Refactoring Session classes
[1232]
Author: phpnut
Date: 2:20:25 AM, Thursday, October 27, 2005
Message:
More work on the core session class.
Adding session component class.
Added fix for errors messages not working with validation.
Added possible fix for inflector now working on the word status.
git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1243 3807eeeb-6ff5-0310-8944-8be069107fe0
2005-10-27 23:29:56 +00:00
|
|
|
?>
|