148 lines
4.2 KiB
PHP
148 lines
4.2 KiB
PHP
|
<?php
|
||
|
|
/*
|
||
|
|
*
|
||
|
|
* @(#) $Id: form_secure_submit.php,v 1.5 2010/08/08 06:23:41 mlemos Exp $
|
||
|
|
*
|
||
|
|
*/
|
||
|
|
|
||
|
|
class form_secure_submit_class extends form_custom_class
|
||
|
|
{
|
||
|
|
var $server_validate=0;
|
||
|
|
var $key='';
|
||
|
|
var $validation='';
|
||
|
|
var $expiry_time=300;
|
||
|
|
var $expired=0;
|
||
|
|
var $requirements=array(
|
||
|
|
"mcrypt_cfb"=>"the mcrypt extension is not available"
|
||
|
|
);
|
||
|
|
|
||
|
|
Function CheckRequirements()
|
||
|
|
{
|
||
|
|
Reset($this->requirements);
|
||
|
|
$end=(GetType($function=Key($this->requirements))!="string");
|
||
|
|
for(;!$end;)
|
||
|
|
{
|
||
|
|
if(!function_exists($function))
|
||
|
|
return($this->requirements[$function]);
|
||
|
|
Next($this->requirements);
|
||
|
|
$end=(GetType($function=Key($this->requirements))!="string");
|
||
|
|
}
|
||
|
|
return("");
|
||
|
|
}
|
||
|
|
|
||
|
|
Function EncryptValidation()
|
||
|
|
{
|
||
|
|
$encrypt_time=time();
|
||
|
|
$iv_size=mcrypt_get_iv_size(MCRYPT_3DES,MCRYPT_MODE_CFB);
|
||
|
|
$iv=str_repeat(chr(0),$iv_size);
|
||
|
|
$key_size=mcrypt_get_key_size(MCRYPT_3DES,MCRYPT_MODE_CFB);
|
||
|
|
$salt=substr(md5(rand()),0,2);
|
||
|
|
$key=$salt.$this->key;
|
||
|
|
if(strlen($key)>$key_size)
|
||
|
|
$key=substr($key,0,$key_size);
|
||
|
|
return(base64_encode(mcrypt_cfb(MCRYPT_3DES,$key,$encrypt_time,MCRYPT_ENCRYPT,$iv)).':'.$salt.$encrypt_time);
|
||
|
|
}
|
||
|
|
|
||
|
|
Function DecryptValidation($encoded)
|
||
|
|
{
|
||
|
|
if(GetType($colon=strpos($encoded,':'))!='integer'
|
||
|
|
|| strlen($encoded)<=$colon+3
|
||
|
|
|| ($encrypt_time=intval(substr($encoded,$colon+3)))==0
|
||
|
|
|| $encrypt_time>time()
|
||
|
|
|| !($encrypted=base64_decode(substr($encoded,0,$colon))))
|
||
|
|
return('');
|
||
|
|
$iv_size=mcrypt_get_iv_size(MCRYPT_3DES,MCRYPT_MODE_CFB);
|
||
|
|
$iv=str_repeat(chr(0),$iv_size);
|
||
|
|
$key_size=mcrypt_get_key_size(MCRYPT_3DES,MCRYPT_MODE_CFB);
|
||
|
|
$salt=substr($encoded,$colon+1,2);
|
||
|
|
$key=$salt.$this->key;
|
||
|
|
if(strlen($key)>$key_size)
|
||
|
|
$key=substr($key,0,$key_size);
|
||
|
|
return(mcrypt_cfb(MCRYPT_3DES,$key,$encrypted,MCRYPT_DECRYPT,$iv));
|
||
|
|
}
|
||
|
|
|
||
|
|
Function AddInput(&$form, $arguments)
|
||
|
|
{
|
||
|
|
if(!IsSet($arguments['Key'])
|
||
|
|
|| strlen($arguments['Key'])==0)
|
||
|
|
return('it was not specified a valid key');
|
||
|
|
$this->key=$arguments['Key'];
|
||
|
|
if(IsSet($arguments['ExpiryTime']))
|
||
|
|
{
|
||
|
|
if(($this->expiry_time=intval($arguments['ExpiryTime']))<=0)
|
||
|
|
return('it was not specified a valid expiry time value');
|
||
|
|
}
|
||
|
|
if(strlen($error=$this->CheckRequirements()))
|
||
|
|
return($error);
|
||
|
|
$submit_arguments=$arguments;
|
||
|
|
$submit_arguments['TYPE']=(IsSet($arguments['SRC']) ? 'image' : 'submit');
|
||
|
|
$this->focus_input=$submit_arguments['ID']=$this->GenerateInputID($form, $this->input, 'submit');
|
||
|
|
$submit_arguments['NAME']=(IsSet($arguments['NAME']) ? $arguments['NAME'] : $this->focus_input);
|
||
|
|
$submit_arguments['IgnoreAnonymousSubmitCheck']=1;
|
||
|
|
if(strlen($error=$form->AddInput($submit_arguments)))
|
||
|
|
return($error);
|
||
|
|
$this->validation=$this->GenerateInputID($form, $this->input, 'validation');
|
||
|
|
$arguments=array(
|
||
|
|
'NAME'=>$this->validation,
|
||
|
|
'ID'=>$this->validation,
|
||
|
|
'TYPE'=>'hidden',
|
||
|
|
'VALUE'=>''
|
||
|
|
);
|
||
|
|
return($form->AddInput($arguments));
|
||
|
|
}
|
||
|
|
|
||
|
|
Function AddInputPart(&$form)
|
||
|
|
{
|
||
|
|
if(strlen($error=$form->SetInputValue($this->validation, $this->EncryptValidation()))
|
||
|
|
|| strlen($error=$form->AddInputPart($this->validation)))
|
||
|
|
return($error);
|
||
|
|
return($form->AddInputPart($this->focus_input));
|
||
|
|
}
|
||
|
|
|
||
|
|
Function WasSubmitted(&$form, $input='')
|
||
|
|
{
|
||
|
|
$name=$form->WasSubmitted($this->focus_input);
|
||
|
|
if(strcmp($name, $this->focus_input)
|
||
|
|
|| strcmp(strlen($form->METHOD) ? strtoupper($form->METHOD) : 'POST', Getenv('REQUEST_METHOD')))
|
||
|
|
return('');
|
||
|
|
$encoded=$form->GetSubmittedValue($this->validation);
|
||
|
|
$decrypted=$this->DecryptValidation($encoded);
|
||
|
|
if(strlen($decrypted)==0)
|
||
|
|
return('');
|
||
|
|
$remaining_time=intval($decrypted)+$this->expiry_time-time();
|
||
|
|
if($remaining_time<0)
|
||
|
|
{
|
||
|
|
$this->expired=1;
|
||
|
|
return('');
|
||
|
|
}
|
||
|
|
return($this->input);
|
||
|
|
}
|
||
|
|
|
||
|
|
Function GetInputProperty(&$form, $property, &$value)
|
||
|
|
{
|
||
|
|
switch($property)
|
||
|
|
{
|
||
|
|
case 'Expired':
|
||
|
|
$value = $this->expired;
|
||
|
|
return('');
|
||
|
|
}
|
||
|
|
return($this->DefaultGetInputProperty($form, $property, $value));
|
||
|
|
}
|
||
|
|
|
||
|
|
Function SetInputProperty(&$form, $property, $value)
|
||
|
|
{
|
||
|
|
switch($property)
|
||
|
|
{
|
||
|
|
case "Content":
|
||
|
|
case "VALUE":
|
||
|
|
if(strlen($value)==0)
|
||
|
|
return("it was not specified a valid feedback element identifier");
|
||
|
|
return($form->SetInputProperty($this->focus_input, $property, $value));
|
||
|
|
default:
|
||
|
|
return($this->DefaultSetInputProperty($form, $property, $value));
|
||
|
|
}
|
||
|
|
return("");
|
||
|
|
}
|
||
|
|
};
|
||
|
|
|
||
|
|
?>
|