PageRenderTime 492ms CodeModel.GetById 352ms app.highlight 17ms RepoModel.GetById 89ms app.codeStats 0ms

/library/Zend/Form/Element/Hash.php

https://bitbucket.org/baruffaldi/cms-php-bfcms
PHP | 259 lines | 96 code | 22 blank | 141 comment | 4 complexity | 5366f0b74b0c5bc3fb364968d692010a MD5 | raw file
  1<?php
  2/**
  3 * Zend Framework
  4 *
  5 * LICENSE
  6 *
  7 * This source file is subject to the new BSD license that is bundled
  8 * with this package in the file LICENSE.txt.
  9 * It is also available through the world-wide-web at this URL:
 10 * http://framework.zend.com/license/new-bsd
 11 * If you did not receive a copy of the license and are unable to
 12 * obtain it through the world-wide-web, please send an email
 13 * to license@zend.com so we can send you a copy immediately.
 14 *
 15 * @category   Zend
 16 * @package    Zend_Form
 17 * @subpackage Element
 18 * @copyright  Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
 19 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 20 */
 21
 22/** Zend_Form_Element_Xhtml */
 23require_once 'Zend/Form/Element/Xhtml.php';
 24
 25/**
 26 * CSRF form protection
 27 * 
 28 * @category   Zend
 29 * @package    Zend_Form
 30 * @subpackage Element
 31 * @copyright  Copyright (c) 2005-2008 Zend Technologies USA Inc. (http://www.zend.com)
 32 * @license    http://framework.zend.com/license/new-bsd     New BSD License
 33 * @version    $Id: Hash.php 11334 2008-09-10 18:41:16Z matthew $
 34 */
 35class Zend_Form_Element_Hash extends Zend_Form_Element_Xhtml
 36{
 37    /**
 38     * Use formHidden view helper by default
 39     * @var string
 40     */
 41    public $helper = 'formHidden';
 42
 43    /**
 44     * Actual hash used.
 45     * 
 46     * @var mixed
 47     */
 48    protected $_hash;
 49
 50    /**
 51     * Salt for CSRF token
 52     * @var string
 53     */
 54    protected $_salt = 'salt';
 55
 56    /**
 57     * @var Zend_Session_Namespace
 58     */
 59    protected $_session;
 60
 61    /**
 62     * TTL for CSRF token
 63     * @var int
 64     */
 65    protected $_timeout = 300;
 66
 67    /**
 68     * Constructor
 69     *
 70     * Creates session namespace for CSRF token, and adds validator for CSRF 
 71     * token.
 72     * 
 73     * @param  string|array|Zend_Config $spec 
 74     * @param  array|Zend_Config $options 
 75     * @return void
 76     */
 77    public function __construct($spec, $options = null)
 78    {
 79        parent::__construct($spec, $options);
 80
 81        $this->setAllowEmpty(false)
 82             ->setRequired(true)
 83             ->initCsrfValidator();
 84    }
 85
 86    /**
 87     * Set session object
 88     * 
 89     * @param  Zend_Session_Namespace $session 
 90     * @return Zend_Form_Element_Hash
 91     */
 92    public function setSession($session)
 93    {
 94        $this->_session = $session;
 95        return $this;
 96    }
 97
 98    /**
 99     * Get session object
100     *
101     * Instantiate session object if none currently exists
102     * 
103     * @return Zend_Session_Namespace
104     */
105    public function getSession()
106    {
107        if (null === $this->_session) {
108            require_once 'Zend/Session/Namespace.php';
109            $this->_session = new Zend_Session_Namespace($this->getSessionName());
110        }
111        return $this->_session;
112    }
113
114    /**
115     * Initialize CSRF validator
116     *
117     * Creates Session namespace, and initializes CSRF token in session. 
118     * Additionally, adds validator for validating CSRF token.
119     * 
120     * @return Zend_Form_Element_Hash
121     */
122    public function initCsrfValidator()
123    {
124        $session = $this->getSession();
125        if (isset($session->hash)) {
126            $rightHash = $session->hash;
127        } else {
128            $rightHash = null;
129        }
130
131        $this->addValidator('Identical', true, array($rightHash));
132        return $this;
133    }
134
135    /**
136     * Salt for CSRF token
137     *
138     * @param  string $salt
139     * @return Zend_Form_Element_Hash
140     */
141    public function setSalt($salt)
142    {
143        $this->_salt = (string) $salt;
144        return $this;
145    }
146
147    /**
148     * Retrieve salt for CSRF token
149     *
150     * @return string
151     */
152    public function getSalt()
153    {
154        return $this->_salt;
155    }
156
157    /**
158     * Retrieve CSRF token
159     *
160     * If no CSRF token currently exists, generates one.
161     * 
162     * @return string
163     */
164    public function getHash()
165    {
166        if (null === $this->_hash) {
167            $this->_generateHash();
168        }
169        return $this->_hash;
170    }
171
172    /**
173     * Get session namespace for CSRF token
174     *
175     * Generates a session namespace based on salt, element name, and class.
176     * 
177     * @return string
178     */
179    public function getSessionName()
180    {
181        return __CLASS__ . '_' . $this->getSalt() . '_' . $this->getName();
182    }
183
184    /**
185     * Set timeout for CSRF session token
186     * 
187     * @param  int $ttl 
188     * @return Zend_Form_Element_Hash
189     */
190    public function setTimeout($ttl)
191    {
192        $this->_timeout = (int) $ttl;
193        return $this;
194    }
195
196    /**
197     * Get CSRF session token timeout
198     * 
199     * @return int
200     */
201    public function getTimeout()
202    {
203        return $this->_timeout;
204    }
205
206    /**
207     * Override getLabel() to always be empty
208     * 
209     * @return null
210     */
211    public function getLabel()
212    {
213        return null;
214    }
215
216    /**
217     * Initialize CSRF token in session
218     * 
219     * @return void
220     */
221    public function initCsrfToken()
222    {
223        $session = $this->getSession();
224        $session->setExpirationHops(1, null, true);
225        $session->setExpirationSeconds($this->getTimeout());
226        $session->hash = $this->getHash();
227    }
228
229    /**
230     * Render CSRF token in form
231     * 
232     * @param  Zend_View_Interface $view 
233     * @return string
234     */
235    public function render(Zend_View_Interface $view = null)
236    {
237        $this->initCsrfToken();
238        return parent::render($view);
239    }
240
241    /**
242     * Generate CSRF token
243     *
244     * Generates CSRF token and stores both in {@link $_hash} and element 
245     * value.
246     * 
247     * @return void
248     */
249    protected function _generateHash()
250    {
251        $this->_hash = md5(
252            mt_rand(1,1000000) 
253            .  $this->getSalt() 
254            .  $this->getName() 
255            .  mt_rand(1,1000000)
256        );
257        $this->setValue($this->_hash);
258    }
259}