diff options
| author | Gerardo Zamudio <gerardozamudio@users.noreply.github.com> | 2016-02-24 23:48:50 -0600 |
|---|---|---|
| committer | Gerardo Zamudio <gerardozamudio@users.noreply.github.com> | 2016-02-24 23:48:50 -0600 |
| commit | e4de6b3898b64b26d29aff31f21df5fda8055686 (patch) | |
| tree | 575f8a65440f291d70a070d168eafca8c82a6459 /app/Core/Security.php | |
| parent | d9ffbea174ea6524d0a22f8375ca8b3aa04a3c96 (diff) | |
| parent | a6540bc604c837d92c9368540c145606723e97f7 (diff) | |
Merge pull request #1 from fguillot/master
Update from upstream
Diffstat (limited to 'app/Core/Security.php')
| -rw-r--r-- | app/Core/Security.php | 86 |
1 files changed, 0 insertions, 86 deletions
diff --git a/app/Core/Security.php b/app/Core/Security.php deleted file mode 100644 index 54207ee1..00000000 --- a/app/Core/Security.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php - -namespace Kanboard\Core; - -/** - * Security class - * - * @package core - * @author Frederic Guillot - */ -class Security -{ - /** - * Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid() - * - * @static - * @access public - * @return string Random token - */ - public static function generateToken() - { - if (function_exists('openssl_random_pseudo_bytes')) { - return bin2hex(\openssl_random_pseudo_bytes(30)); - } elseif (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { - return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30)); - } - - return hash('sha256', uniqid(mt_rand(), true)); - } - - /** - * Generate and store a CSRF token in the current session - * - * @static - * @access public - * @return string Random token - */ - public static function getCSRFToken() - { - $nonce = self::generateToken(); - - if (empty($_SESSION['csrf_tokens'])) { - $_SESSION['csrf_tokens'] = array(); - } - - $_SESSION['csrf_tokens'][$nonce] = true; - - return $nonce; - } - - /** - * Check if the token exists for the current session (a token can be used only one time) - * - * @static - * @access public - * @param string $token CSRF token - * @return bool - */ - public static function validateCSRFToken($token) - { - if (isset($_SESSION['csrf_tokens'][$token])) { - unset($_SESSION['csrf_tokens'][$token]); - return true; - } - - return false; - } - - /** - * Check if the token used in a form is correct and then remove the value - * - * @static - * @access public - * @param array $values Form values - * @return bool - */ - public static function validateCSRFFormToken(array &$values) - { - if (! empty($values['csrf_token']) && self::validateCSRFToken($values['csrf_token'])) { - unset($values['csrf_token']); - return true; - } - - return false; - } -} |