Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 0bb3773de6
Branches Tags
TechEmpower.Fra...
/
php-senthot
/
Senthot
/
Lib
/
Behavior
/
TokenBuildBehavior.class.php

TokenBuildBehavior.class.php 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. <?php
    2. 

  2. // +--------------------------------------------------------------------------
    3. 

  3. // | Senthot [ DEVELOPED BY ME ]
    4. 

  4. // +--------------------------------------------------------------------------
    5. 

  5. // | Copyright (c) 2010 http://www.senthot.com All rights reserved.
    6. 

  6. // | License ( http://www.apache.org/licenses/LICENSE-2.0 )
    7. 

  7. // | Author: ms134n ( [email protected] )
    8. 

  8. // +--------------------------------------------------------------------------
    9. 

  9. 

  10. defined('SEN_PATH') or exit();
    11. 

  11. /**
    12. 

  12.  * System behavior extension : Form token generation
    13. 

  13.  * @category	Sen
    14. 

  14.  * @package		Sen
    15. 

  15.  * @subpackage  Behavior
    16. 

  16.  * @author		ms134n <[email protected]>
    17. 

  17.  */
    18. 

  18. class TokenBuildBehavior extends Behavior {
    19. 

  19.     // Parameter defines the behavior
    20. 

  20.     protected $options   =  array(
    21. 

  21.         'TOKEN_ON'       => false,     // Open Token Authentication
    22. 

  22.         'TOKEN_NAME'     => '__hash__',    // Token authentication hidden form field names
    23. 

  23.         'TOKEN_TYPE'     => 'md5',   // Token authentication hash rule
    24. 

  24.         'TOKEN_RESET'    => true, // Tokens are reset after an error
    25. 

  25.     );
    26. 

  26. 

  27.     public function run(&$content){
    28. 

  28.         if(C('TOKEN_ON')) {
    29. 

  29.             if(strpos($content,'{__TOKEN__}')) {
    30. 

  30.                 // Token hidden form fields specified location
    31. 

  31.                 $content = str_replace('{__TOKEN__}',$this->buildToken(),$content);
    32. 

  32.             }elseif(preg_match('/<\/form(\s*)>/is',$content,$match)) {
    33. 

  33.                 // Smart token generated form hidden fields
    34. 

  34.                 $content = str_replace($match[0],$this->buildToken().$match[0],$content);
    35. 

  35.             }
    36. 

  36.         }else{
    37. 

  37.             $content = str_replace('{__TOKEN__}','',$content);
    38. 

  38.         }
    39. 

  39.     }
    40. 

  40. 

  41.     // Create a form token
    42. 

  42.     private function buildToken() {
    43. 

  43.         $tokenName  = C('TOKEN_NAME');
    44. 

  44.         $tokenType  = C('TOKEN_TYPE');
    45. 

  45.         if(!isset($_SESSION[$tokenName])) {
    46. 

  46.             $_SESSION[$tokenName]  = array();
    47. 

  47.         }
    48. 

  48.         // Uniqueness identifies the current page
    49. 

  49.         $tokenKey   =  md5($_SERVER['REQUEST_URI']);
    50. 

  50.         if(isset($_SESSION[$tokenName][$tokenKey])) {// Repeat the same page does not generate session
    51. 

  51.             $tokenValue = $_SESSION[$tokenName][$tokenKey];
    52. 

  52.         }else{
    53. 

  53.             $tokenValue = $tokenType(microtime(TRUE));
    54. 

  54.             $_SESSION[$tokenName][$tokenKey]   =  $tokenValue;
    55. 

  55.         }
    56. 

  56.         $token      =  '<input type="hidden" name="'.$tokenName.'" value="'.$tokenKey.'_'.$tokenValue.'" />';
    57. 

  57.         return $token;
    58. 

  58.     }
    59. 

  59. }
    60.