RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

specific timing for csrf tokens

Browse Source
This commit is contained in:
xisi 2014-01-16 23:04:29 -05:00
parent a56140ca84
commit 42d93f5beb
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
public/include/classes/csrftoken.class.php
View File

@ -6,16 +6,18 @@ if (!defined('SECURITY')) die('Hacking attempt');
class CSRFToken Extends Base { class CSRFToken Extends Base {
/** /**
* Gets a basic CSRF token for this user/type and time chunk * Gets a basic CSRF token for this user/type and time chunk
* @param string User; for hash seed, if username isn't available use IP * @param string user User; for hash seed, if username isn't available use IP
* @param string Type of token; for hash seed, should be unique per page/use * @param string type Type of token; for hash seed, should be unique per page/use
* @param string timing Which date() chars we add to the seed; month day year hour minute default
* @param string seedExtra Extra information to add to the seed
* @return string CSRF token * @return string CSRF token
*/ */
public function getBasic($user, $type) { public function getBasic($user, $type, $timing='mdyHi', $seedExtra='') {
$date = date('m/d/y/H/i/s'); $date = date('m/d/y/H/i/s');
$data = explode('/', $date); $data = explode('/', $date);
$month = $data[0]; $day = $data[1]; $year = $data[2]; $month = $data[0]; $day = $data[1]; $year = $data[2];
$hour = $data[3]; $minute = $data[4]; $second = $data[5]; $hour = $data[3]; $minute = $data[4]; $second = $data[5];
$seed = $this->salty; $salt1 = $this->salt; $salt2 = $this->salty; $seed = $salt1;
$lead = $this->config['csrf']['options']['leadtime']; $lead = $this->config['csrf']['options']['leadtime'];
if ($lead >= 11) { $lead = 10; } if ($lead >= 11) { $lead = 10; }
if ($lead <= 0) { $lead = 3; } if ($lead <= 0) { $lead = 3; }
@ -23,7 +25,13 @@ class CSRFToken Extends Base {
$minute = 0; $minute = 0;
$fhour = ($hour == 23) ? $hour = 0 : $hour+=1; $fhour = ($hour == 23) ? $hour = 0 : $hour+=1;
} }
$seed = $seed.$month.$day.$user.$type.$year.$hour.$minute.$seed; $seed.= (strpos($timing, 'm') !== false) ? $month : '';
$seed.= (strpos($timing, 'd') !== false) ? $day : '';
$seed.= (strpos($timing, 'y') !== false) ? $year : '';
$seed.= (strpos($timing, 'H') !== false) ? $hour : '';
$seed.= (strpos($timing, 'i') !== false) ? $minute : '';
$seed.= (strpos($timing, 's') !== false) ? $second : '';
$seed.= ($seedExtra !== '') ? $seedExtra.$salt2 : $salt2;
return $this->getHash($seed); return $this->getHash($seed);
} }