PageRenderTime 42ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/components/com_jce/editor/libraries/classes/token.php

https://bitbucket.org/organicdevelopment/joomla-2.5
PHP | 64 lines | 33 code | 8 blank | 23 comment | 2 complexity | 61d3ae8570d3b31e0a60796388db51d4 MD5 | raw file
Possible License(s): LGPL-3.0, GPL-2.0, MIT, BSD-3-Clause, LGPL-2.1
  1. <?php
  2. /**
  3. * @package JCE
  4. * @copyright Copyright (c) 2009-2012 Ryan Demmer. All rights reserved.
  5. * @license GNU/GPL 2 or later - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
  6. * JCE is free software. This version may have been modified pursuant
  7. * to the GNU General Public License, and as distributed it includes or
  8. * is derivative of works licensed under the GNU General Public License or
  9. * other free or open source software licenses.
  10. */
  11. defined('_JEXEC') or die('RESTRICTED');
  12. abstract class WFToken
  13. {
  14. /**
  15. * Create a token-string
  16. * From JSession::_createToken
  17. * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
  18. * @license GNU/GPL, see LICENSE.php
  19. * @access protected
  20. * @param int $length lenght of string
  21. * @return string $id generated token
  22. */
  23. private static function _createToken( $length = 32 )
  24. {
  25. static $chars = '0123456789abcdef';
  26. $max = strlen( $chars ) - 1;
  27. $token = '';
  28. $name = session_name();
  29. for( $i = 0; $i < $length; ++$i ) {
  30. $token .= $chars[ (rand( 0, $max )) ];
  31. }
  32. return md5($token.$name);
  33. }
  34. public static function getToken()
  35. {
  36. $session =JFactory::getSession();
  37. $user =JFactory::getUser();
  38. $token = $session->get('session.token', null, 'wf');
  39. //create a token
  40. if ( $token === null) {
  41. $token = self::_createToken(12);
  42. $session->set('session.token', $token, 'wf');
  43. }
  44. $hash = 'wf' . JUtility::getHash($user->get( 'id', 0 ) . $token);
  45. return $hash;
  46. }
  47. /**
  48. * Check the received token
  49. */
  50. public static function checkToken($method = 'POST')
  51. {
  52. $token = self::getToken();
  53. // check POST and GET for token
  54. return JRequest::getVar($token, JRequest::getVar($token, '', 'GET', 'alnum'), 'POST', 'alnum');
  55. }
  56. }