Inicio Explorar Ayuda
Iniciar sesión
fusionpbx
/
fusionpbx-framework
espejo de https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Rama: patch-1
Ramas Etiquetas
fusionpbx-frame...
/
resources
/
classes
/
token.php

token.php 2.7 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 
  1. <?php
    2. 

  2. /*
    3. 

  3. 	FusionPBX
    4. 

  4. 	Version: MPL 1.1
    5. 

  5. 

  6. 	The contents of this file are subject to the Mozilla Public License Version
    7. 

  7. 	1.1 (the "License"); you may not use this file except in compliance with
    8. 

  8. 	the License. You may obtain a copy of the License at
    9. 

  9. 	http://www.mozilla.org/MPL/
    10. 

  10. 

  11. 	Software distributed under the License is distributed on an "AS IS" basis,
    12. 

  12. 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    13. 

  13. 	for the specific language governing rights and limitations under the
    14. 

  14. 	License.
    15. 

  15. 

  16. 	The Original Code is FusionPBX
    17. 

  17. 

  18. 	The Initial Developer of the Original Code is
    19. 

  19. 	Mark J Crane <[email protected]>
    20. 

  20. 	Portions created by the Initial Developer are Copyright (C) 2019
    21. 

  21. 	the Initial Developer. All Rights Reserved.
    22. 

  22. 

  23. 	Contributor(s):
    24. 

  24. 	Mark J Crane <[email protected]>
    25. 

  25. */
    26. 

  26. 

  27. /**
    28. 

  28.  * captcha class
    29. 

  29.  *
    30. 

  30.  * @method string get
    31. 

  31.  */
    32. 

  32. class token {
    33. 

  33. 

  34. 	/**
    35. 

  35. 	* Called when the object is created
    36. 

  36. 	*/
    37. 

  37. 	//public $code;
    38. 

  38. 

  39. 	/**
    40. 

  40. 	* Class constructor
    41. 

  41. 	*/
    42. 

  42. 	public function __construct() {
    43. 

  43. 

  44. 	}
    45. 

  45. 

  46. 	/**
    47. 

  47. 	 * Called when there are no references to a particular object
    48. 

  48. 	 * unset the variables used in the class
    49. 

  49. 	 */
    50. 

  50. 	public function __destruct() {
    51. 

  51. 		foreach ($this as $key => $value) {
    52. 

  52. 			unset($this->$key);
    53. 

  53. 		}
    54. 

  54. 	}
    55. 

  55. 

  56. 	/**
    57. 

  57. 	 * Create the token
    58. 

  58. 	 * @var string $key
    59. 

  59. 	 */
    60. 

  60. 	public function create($key) {
    61. 

  61. 

  62. 		//allow only specific characters
    63. 

  63. 		$key = preg_replace('[^a-zA-Z0-9\-_@.\/]', '', $key);
    64. 

  64. 

  65. 		//create a token and save in the token session array
    66. 

  66. 		$_SESSION['tokens'][$key]['name'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
    67. 

  67. 		$_SESSION['tokens'][$key]['hash'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
    68. 

  68. 

  69. 		//send the hash
    70. 

  70. 		return $_SESSION['tokens'][$key];
    71. 

  71. 

  72. 	}
    73. 

  73. 

  74. 	/**
    75. 

  75. 	 * validate the token
    76. 

  76. 	 * @var string $key
    77. 

  77. 	 */
    78. 

  78. 	public function validate($key, $value = null) {
    79. 

  79. 

  80. 		//allow only specific characters
    81. 

  81. 		$key = preg_replace('[^a-zA-Z0-9]', '', $key);
    82. 

  82. 

  83. 		//get the token name
    84. 

  84. 		$token_name = $_SESSION['tokens'][$key]['name'];
    85. 

  85. 		if (isset($_REQUEST[$token_name])) {
    86. 

  86. 			$value = $_REQUEST[$token_name];
    87. 

  87. 		}
    88. 

  88. 		else {
    89. 

  89. 			$value;
    90. 

  90. 		}
    91. 

  91. 

  92. 		//limit the value to specific characters
    93. 

  93. 		$value = preg_replace('[^a-zA-Z0-9]', '', $value);
    94. 

  94. 

  95. 		//compare the hashed tokens
    96. 

  96. 		if (hash_equals($_SESSION['tokens'][$key]['hash'], $value)) {
    97. 

  97. 			return true;
    98. 

  98. 		}
    99. 

  99. 		else {
    100. 

  100. 			return false;
    101. 

  101. 		}
    102. 

  102. 

  103. 	}
    104. 

  104. 

  105. }
    106. 

  106. 

  107. /*
    108. 

  108. 

  109. //create token
    110. 

  110. 	$object = new token;
    111. 

  111. 	$token = $object->create('/app/bridges/bridge_edit.php');
    112. 

  112. 

  113. echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
    114. 

  114. 

  115. //------------------------
    116. 

  116. 

  117. //validate the token
    118. 

  118. 	$token = new token;
    119. 

  119. 	if (!$token->validate('/app/bridges/bridge_edit.php')) {
    120. 

  120. 		$_SESSION["message"] = $text['message-invalid_token'];
    121. 

  121. 		header('Location: bridges.php');
    122. 

  122. 		exit;
    123. 

  123. 	}
    124. 

  124. 

  125. */
    126. 

  126. 

  127. ?>
    128.