/testXML/lib/Cake/Utility/Security.php

https://bitbucket.org/allanxyh/project · PHP · 188 lines · 96 code · 16 blank · 76 comment · 22 complexity · ce049637a489c7352d3dac7ddc94b32b MD5 · raw file 

    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Core Security
    4. 

  4.  *
    5. 

  5.  * PHP 5
    6. 

  6.  *
    7. 

  7.  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
    8. 

  8.  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
    9. 

  9.  *
    10. 

  10.  * Licensed under The MIT License
    11. 

  11.  * Redistributions of files must retain the above copyright notice.
    12. 

  12.  *
    13. 

  13.  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
    14. 

  14.  * @link          http://cakephp.org CakePHP(tm) Project
    15. 

  15.  * @package       Cake.Utility
    16. 

  16.  * @since         CakePHP(tm) v .0.10.0.1233
    17. 

  17.  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
    18. 

  18.  */
    19. 

  19. 

  20. App::uses('String', 'Utility');
    21. 

  21. 

  22. /**
    23. 

  23.  * Security Library contains utility methods related to security
    24. 

  24.  *
    25. 

  25.  * @package       Cake.Utility
    26. 

  26.  */
    27. 

  27. class Security {
    28. 

  28. 

  29. /**
    30. 

  30.  * Default hash method
    31. 

  31.  *
    32. 

  32.  * @var string
    33. 

  33.  */
    34. 

  34. 	public static $hashType = null;
    35. 

  35. 

  36. /**
    37. 

  37.  * Get allowed minutes of inactivity based on security level.
    38. 

  38.  *
    39. 

  39.  * @return integer Allowed inactivity in minutes
    40. 

  40.  */
    41. 

  41. 	public static function inactiveMins() {
    42. 

  42. 		switch (Configure::read('Security.level')) {
    43. 

  43. 			case 'high':
    44. 

  44. 				return 10;
    45. 

  45. 			case 'medium':
    46. 

  46. 				return 100;
    47. 

  47. 			case 'low':
    48. 

  48. 			default:
    49. 

  49. 				return 300;
    50. 

  50. 		}
    51. 

  51. 	}
    52. 

  52. 

  53. /**
    54. 

  54.  * Generate authorization hash.
    55. 

  55.  *
    56. 

  56.  * @return string Hash
    57. 

  57.  */
    58. 

  58. 	public static function generateAuthKey() {
    59. 

  59. 		return Security::hash(String::uuid());
    60. 

  60. 	}
    61. 

  61. 

  62. /**
    63. 

  63.  * Validate authorization hash.
    64. 

  64.  *
    65. 

  65.  * @param string $authKey Authorization hash
    66. 

  66.  * @return boolean Success
    67. 

  67.  */
    68. 

  68. 	public static function validateAuthKey($authKey) {
    69. 

  69. 		return true;
    70. 

  70. 	}
    71. 

  71. 

  72. /**
    73. 

  73.  * Create a hash from string using given method.
    74. 

  74.  * Fallback on next available method.
    75. 

  75.  *
    76. 

  76.  * @param string $string String to hash
    77. 

  77.  * @param string $type Method to use (sha1/sha256/md5)
    78. 

  78.  * @param boolean $salt If true, automatically appends the application's salt
    79. 

  79.  *     value to $string (Security.salt)
    80. 

  80.  * @return string Hash
    81. 

  81.  */
    82. 

  82. 	public static function hash($string, $type = null, $salt = false) {
    83. 

  83. 		if ($salt) {
    84. 

  84. 			if (is_string($salt)) {
    85. 

  85. 				$string = $salt . $string;
    86. 

  86. 			} else {
    87. 

  87. 				$string = Configure::read('Security.salt') . $string;
    88. 

  88. 			}
    89. 

  89. 		}
    90. 

  90. 

  91. 		if (empty($type)) {
    92. 

  92. 			$type = self::$hashType;
    93. 

  93. 		}
    94. 

  94. 		$type = strtolower($type);
    95. 

  95. 

  96. 		if ($type == 'sha1' || $type == null) {
    97. 

  97. 			if (function_exists('sha1')) {
    98. 

  98. 				$return = sha1($string);
    99. 

  99. 				return $return;
    100. 

  100. 			}
    101. 

  101. 			$type = 'sha256';
    102. 

  102. 		}
    103. 

  103. 

  104. 		if ($type == 'sha256' && function_exists('mhash')) {
    105. 

  105. 			return bin2hex(mhash(MHASH_SHA256, $string));
    106. 

  106. 		}
    107. 

  107. 

  108. 		if (function_exists('hash')) {
    109. 

  109. 			return hash($type, $string);
    110. 

  110. 		}
    111. 

  111. 		return md5($string);
    112. 

  112. 	}
    113. 

  113. 

  114. /**
    115. 

  115.  * Sets the default hash method for the Security object.  This affects all objects using
    116. 

  116.  * Security::hash().
    117. 

  117.  *
    118. 

  118.  * @param string $hash Method to use (sha1/sha256/md5)
    119. 

  119.  * @return void
    120. 

  120.  * @see Security::hash()
    121. 

  121.  */
    122. 

  122. 	public static function setHash($hash) {
    123. 

  123. 		self::$hashType = $hash;
    124. 

  124. 	}
    125. 

  125. 

  126. /**
    127. 

  127.  * Encrypts/Decrypts a text using the given key.
    128. 

  128.  *
    129. 

  129.  * @param string $text Encrypted string to decrypt, normal string to encrypt
    130. 

  130.  * @param string $key Key to use
    131. 

  131.  * @return string Encrypted/Decrypted string
    132. 

  132.  */
    133. 

  133. 	public static function cipher($text, $key) {
    134. 

  134. 		if (empty($key)) {
    135. 

  135. 			trigger_error(__d('cake_dev', 'You cannot use an empty key for Security::cipher()'), E_USER_WARNING);
    136. 

  136. 			return '';
    137. 

  137. 		}
    138. 

  138. 

  139. 		srand(Configure::read('Security.cipherSeed'));
    140. 

  140. 		$out = '';
    141. 

  141. 		$keyLength = strlen($key);
    142. 

  142. 		for ($i = 0, $textLength = strlen($text); $i < $textLength; $i++) {
    143. 

  143. 			$j = ord(substr($key, $i % $keyLength, 1));
    144. 

  144. 			while ($j--) {
    145. 

  145. 				rand(0, 255);
    146. 

  146. 			}
    147. 

  147. 			$mask = rand(0, 255);
    148. 

  148. 			$out .= chr(ord(substr($text, $i, 1)) ^ $mask);
    149. 

  149. 		}
    150. 

  150. 		srand();
    151. 

  151. 		return $out;
    152. 

  152. 	}
    153. 

  153. 

  154. /**
    155. 

  155.  * Encrypts/Decrypts a text using the given key using rijndael method.
    156. 

  156.  *
    157. 

  157.  * @param string $text Encrypted string to decrypt, normal string to encrypt
    158. 

  158.  * @param string $key Key to use
    159. 

  159.  * @param string $operation Operation to perform, encrypt or decrypt
    160. 

  160.  * @return string Encrypted/Descrypted string
    161. 

  161.  */
    162. 

  162. 	public static function rijndael($text, $key, $operation) {
    163. 

  163. 		if (empty($key)) {
    164. 

  164. 			trigger_error(__d('cake_dev', 'You cannot use an empty key for Security::rijndael()'), E_USER_WARNING);
    165. 

  165. 			return '';
    166. 

  166. 		}
    167. 

  167. 		if (empty($operation) || !in_array($operation, array('encrypt', 'decrypt'))) {
    168. 

  168. 			trigger_error(__d('cake_dev', 'You must specify the operation for Security::rijndael(), either encrypt or decrypt'), E_USER_WARNING);
    169. 

  169. 			return '';
    170. 

  170. 		}
    171. 

  171. 		if (strlen($key) < 32) {
    172. 

  172. 			trigger_error(__d('cake_dev', 'You must use a key larger than 32 bytes for Security::rijndael()'), E_USER_WARNING);
    173. 

  173. 			return '';
    174. 

  174. 		}
    175. 

  175. 		$algorithm = 'rijndael-256';
    176. 

  176. 		$mode = 'cbc';
    177. 

  177. 		$cryptKey = substr($key, 0, 32);
    178. 

  178. 		$iv = substr($key, strlen($key) - 32, 32);
    179. 

  179. 		$out = '';
    180. 

  180. 		if ($operation === 'encrypt') {
    181. 

  181. 			$out .= mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv);
    182. 

  182. 		} elseif ($operation === 'decrypt') {
    183. 

  183. 			$out .= rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0");
    184. 

  184. 		}
    185. 

  185. 		return $out;
    186. 

  186. 	}
    187. 

  187. 

  188. }
    189.