PHP Classes

File: vendor/jackbooted/security/TimeGuard.php

Recommend this page to a friend!
  Classes of Brett Dutton   JackBooted PHP Framework   vendor/jackbooted/security/TimeGuard.php   Download  
File: vendor/jackbooted/security/TimeGuard.php
Role: Class source
Content type: text/plain
Description: Class source
Class: JackBooted PHP Framework
Web application framework using simplified MVC
Author: By
Last change:
Date: 8 years ago
Size: 3,571 bytes
 

Contents

Class file image Download
<?php
namespace Jackbooted\Security;

use \
Jackbooted\Forms\Request;
use \
Jackbooted\G;
use \
Jackbooted\Html\JS;
use \
Jackbooted\Util\Log4PHP;
/**
 * @copyright Confidential and copyright (c) 2016 Jackbooted Software. All rights reserved.
 *
 * Written by Brett Dutton of Jackbooted Software
 * brett at brettdutton dot com
 *
 * This software is written and distributed under the GNU General Public
 * License which means that its source code is freely-distributed and
 * available to the general public.
 */

/**
 * This class generates an encripted key that is used by API calls
 * It is limited to certain length of time, and locked into a user
 */
class TimeGuard extends \Jackbooted\Util\JB {
    const
KEY = '_TG';
    const
DELIM = '*,*';
    const
NOGUARD = 'NO_TIME_GUARD';
    const
EXPIRY = 86400; // 60 * 60 * 24; // One Day

   
private static $log;
    private static
$crypto;

    public static function
init () {
       
self::$log = Log4PHP::logFactory ( __CLASS__ );
       
self::$crypto = new Cryptography ();
    }

    public function
__construct () {
       
parent::__construct();
    }

    public static function
get ( $targetFile, $forceEncrypt=true ) {
       
$unencryptedKey = join ( self::DELIM, [ G::get ( 'fldUser', 'GUEST' ),
                                                
$_SERVER['HTTP_HOST'],
                                                
$_SERVER['HTTP_USER_AGENT'],
                                                
session_id (),
                                                
$targetFile,
                                                
time () ] );
        return
self::$crypto->encrypt ( $unencryptedKey, $forceEncrypt );
    }

    public static function
js ( $targetFile ) {
       
$param = self::param ( $targetFile );

        return
JS::javaScript ( "var tgUrlParam = '$param';" );
    }

    public static function
url ( $targetFile, $forceEncrypt=true ) {
        return
$targetFile . '?' . self::param ( $targetFile, $forceEncrypt );
    }

    public static function
param ( $targetFile, $forceEncrypt=true ) {
       
$key = self::KEY;
       
$u = self::get ( $targetFile, $forceEncrypt );
       
$val = urlencode ( $u );
        return
$key . '=' . $val;
    }

    public static function
check () {
        if ( (
$val = Request::get ( self::KEY ) ) == '' ) {
            return
self::NOGUARD;
        }
        else {
           
$values = explode ( self::DELIM, $val );
            if (
count ( $values ) != 6 ) {
                return
'Incorrect TimeGuard format';
            }
            else if (
$values[0] != G::get ( 'fldUser', 'GUEST' ) ) {
                return
'The user has changed in the submission of this url';
            }
            else if (
$values[1] != $_SERVER['HTTP_HOST'] ) {
                return
'Host server has been compromised';
            }
            else if (
$values[2] != $_SERVER['HTTP_USER_AGENT'] ) {
                return
'Browser has been compromised';
            }
            else if (
$values[3] != session_id () ) {
                return
'PHP Session ID has been compromised';
            }
            else if (
strpos ( $_SERVER['SCRIPT_NAME'], $values[4] ) === false ) {
                return
'URL has been reused for target file name';
            }
            else {
               
$diff = time () - $values[5];
                if (
$diff < 0 || $diff > self::EXPIRY ) {
                    return
'URL has expired';
                }
                else {
                    return
true;
                }
            }
        }
    }
}