Startsida Utforska Hjälp
Logga in
fusionpbx
/
fusionpbx-framework
spegling av https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

Tokens: Multiple token support.

Nate 5 år sedan
förälder
5662e6c233
incheckning
fef10890dc
1 ändrade filer med 29 tillägg och 20 borttagningar
Delad Vy Visa Diff Statistik
  1. 29 20
      resources/classes/token.php

+ 29 - 20
resources/classes/token.php
Visa fil 

@@ -17,7 +17,7 @@
 
 
 	The Initial Developer of the Original Code is
 
 	Mark J Crane <[email protected]>
 
-	Portions created by the Initial Developer are Copyright (C) 2019
 
+	Portions created by the Initial Developer are Copyright (C) 2019-2020
 
 	the Initial Developer. All Rights Reserved.
 
 
 	Contributor(s):
 
@@ -60,14 +60,19 @@ class token {
 
 	public function create($key) {
 
 
 		//allow only specific characters
 
-		$key = preg_replace('[^a-zA-Z0-9\-_@.\/]', '', $key);
 
+			$key = preg_replace('[^a-zA-Z0-9\-_@.\/]', '', $key);
 
 
-		//create a token and save in the token session array
 
-		$_SESSION['tokens'][$key]['name'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
 
-		$_SESSION['tokens'][$key]['hash'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
 
+		//create a token for the key submitted
 
+			$token = [
 
+				'name'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32))),
 
+				'hash'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32)))
 
+				];
 
+
 
+		//save in the token session array
 
+			$_SESSION['tokens'][$key][] = $token;
 
 
 		//send the hash
 
-		return $_SESSION['tokens'][$key];
 
+			return $token;
 
 
 	}
 
 
@@ -78,27 +83,31 @@ class token {
 
 	public function validate($key, $value = null) {
 
 
 		//allow only specific characters
 
-		$key = preg_replace('[^a-zA-Z0-9]', '', $key);
 
+			$key = preg_replace('[^a-zA-Z0-9]', '', $key);
 
 
 		//get the token name
 
-		$token_name = $_SESSION['tokens'][$key]['name'];
 
-		if (isset($_REQUEST[$token_name])) {
 
-			$value = $_REQUEST[$token_name];
 
-		}
 
-		else {
 
-			$value;
 
-		}
 
+			if (is_array($_SESSION['tokens'][$key]) && @sizeof($_SESSION['tokens'][$key]) != 0) {
 
+				foreach ($_SESSION['tokens'][$key] as $t => $token) {
 
+					$token_name = $token['name'];
 
+					if (isset($_REQUEST[$token_name])) {
 
+						$value = $_REQUEST[$token_name];
 
+					}
 
+				}
 
+			}
 
 
 		//limit the value to specific characters
 
-		$value = preg_replace('[^a-zA-Z0-9]', '', $value);
 
+			$value = preg_replace('[^a-zA-Z0-9]', '', $value);
 
 
 		//compare the hashed tokens
 
-		if (hash_equals($_SESSION['tokens'][$key]['hash'], $value)) {
 
-			return true;
 
-		}
 
-		else {
 
+			if (is_array($_SESSION['tokens'][$key]) && @sizeof($_SESSION['tokens'][$key]) != 0) {
 
+				foreach ($_SESSION['tokens'][$key] as $t => $token) {
 
+					if (hash_equals($token['hash'], $value)) {
 
+						unset($_SESSION['tokens'][$key][$t]);
 
+						return true;
 
+					}
 
+				}
 
+			}
 
 			return false;
 
-		}
 
 
 	}