initial commit
This commit is contained in:
commit
1cc4bf3572
254 changed files with 63622 additions and 0 deletions
htdocs/libraries/formsgeneration
148
htdocs/libraries/formsgeneration/form_secure_submit.php
Normal file
148
htdocs/libraries/formsgeneration/form_secure_submit.php
Normal file
|
|
@ -0,0 +1,148 @@
|
|||
<?php
|
||||
/*
|
||||
*
|
||||
* @(#) $Id: form_secure_submit.php,v 1.5 2010/08/08 06:23:41 mlemos Exp $
|
||||
*
|
||||
*/
|
||||
|
||||
class form_secure_submit_class extends form_custom_class
|
||||
{
|
||||
var $server_validate=0;
|
||||
var $key='';
|
||||
var $validation='';
|
||||
var $expiry_time=300;
|
||||
var $expired=0;
|
||||
var $requirements=array(
|
||||
"mcrypt_cfb"=>"the mcrypt extension is not available"
|
||||
);
|
||||
|
||||
Function CheckRequirements()
|
||||
{
|
||||
Reset($this->requirements);
|
||||
$end=(GetType($function=Key($this->requirements))!="string");
|
||||
for(;!$end;)
|
||||
{
|
||||
if(!function_exists($function))
|
||||
return($this->requirements[$function]);
|
||||
Next($this->requirements);
|
||||
$end=(GetType($function=Key($this->requirements))!="string");
|
||||
}
|
||||
return("");
|
||||
}
|
||||
|
||||
Function EncryptValidation()
|
||||
{
|
||||
$encrypt_time=time();
|
||||
$iv_size=mcrypt_get_iv_size(MCRYPT_3DES,MCRYPT_MODE_CFB);
|
||||
$iv=str_repeat(chr(0),$iv_size);
|
||||
$key_size=mcrypt_get_key_size(MCRYPT_3DES,MCRYPT_MODE_CFB);
|
||||
$salt=substr(md5(rand()),0,2);
|
||||
$key=$salt.$this->key;
|
||||
if(strlen($key)>$key_size)
|
||||
$key=substr($key,0,$key_size);
|
||||
return(base64_encode(mcrypt_cfb(MCRYPT_3DES,$key,$encrypt_time,MCRYPT_ENCRYPT,$iv)).':'.$salt.$encrypt_time);
|
||||
}
|
||||
|
||||
Function DecryptValidation($encoded)
|
||||
{
|
||||
if(GetType($colon=strpos($encoded,':'))!='integer'
|
||||
|| strlen($encoded)<=$colon+3
|
||||
|| ($encrypt_time=intval(substr($encoded,$colon+3)))==0
|
||||
|| $encrypt_time>time()
|
||||
|| !($encrypted=base64_decode(substr($encoded,0,$colon))))
|
||||
return('');
|
||||
$iv_size=mcrypt_get_iv_size(MCRYPT_3DES,MCRYPT_MODE_CFB);
|
||||
$iv=str_repeat(chr(0),$iv_size);
|
||||
$key_size=mcrypt_get_key_size(MCRYPT_3DES,MCRYPT_MODE_CFB);
|
||||
$salt=substr($encoded,$colon+1,2);
|
||||
$key=$salt.$this->key;
|
||||
if(strlen($key)>$key_size)
|
||||
$key=substr($key,0,$key_size);
|
||||
return(mcrypt_cfb(MCRYPT_3DES,$key,$encrypted,MCRYPT_DECRYPT,$iv));
|
||||
}
|
||||
|
||||
Function AddInput(&$form, $arguments)
|
||||
{
|
||||
if(!IsSet($arguments['Key'])
|
||||
|| strlen($arguments['Key'])==0)
|
||||
return('it was not specified a valid key');
|
||||
$this->key=$arguments['Key'];
|
||||
if(IsSet($arguments['ExpiryTime']))
|
||||
{
|
||||
if(($this->expiry_time=intval($arguments['ExpiryTime']))<=0)
|
||||
return('it was not specified a valid expiry time value');
|
||||
}
|
||||
if(strlen($error=$this->CheckRequirements()))
|
||||
return($error);
|
||||
$submit_arguments=$arguments;
|
||||
$submit_arguments['TYPE']=(IsSet($arguments['SRC']) ? 'image' : 'submit');
|
||||
$this->focus_input=$submit_arguments['ID']=$this->GenerateInputID($form, $this->input, 'submit');
|
||||
$submit_arguments['NAME']=(IsSet($arguments['NAME']) ? $arguments['NAME'] : $this->focus_input);
|
||||
$submit_arguments['IgnoreAnonymousSubmitCheck']=1;
|
||||
if(strlen($error=$form->AddInput($submit_arguments)))
|
||||
return($error);
|
||||
$this->validation=$this->GenerateInputID($form, $this->input, 'validation');
|
||||
$arguments=array(
|
||||
'NAME'=>$this->validation,
|
||||
'ID'=>$this->validation,
|
||||
'TYPE'=>'hidden',
|
||||
'VALUE'=>''
|
||||
);
|
||||
return($form->AddInput($arguments));
|
||||
}
|
||||
|
||||
Function AddInputPart(&$form)
|
||||
{
|
||||
if(strlen($error=$form->SetInputValue($this->validation, $this->EncryptValidation()))
|
||||
|| strlen($error=$form->AddInputPart($this->validation)))
|
||||
return($error);
|
||||
return($form->AddInputPart($this->focus_input));
|
||||
}
|
||||
|
||||
Function WasSubmitted(&$form, $input='')
|
||||
{
|
||||
$name=$form->WasSubmitted($this->focus_input);
|
||||
if(strcmp($name, $this->focus_input)
|
||||
|| strcmp(strlen($form->METHOD) ? strtoupper($form->METHOD) : 'POST', Getenv('REQUEST_METHOD')))
|
||||
return('');
|
||||
$encoded=$form->GetSubmittedValue($this->validation);
|
||||
$decrypted=$this->DecryptValidation($encoded);
|
||||
if(strlen($decrypted)==0)
|
||||
return('');
|
||||
$remaining_time=intval($decrypted)+$this->expiry_time-time();
|
||||
if($remaining_time<0)
|
||||
{
|
||||
$this->expired=1;
|
||||
return('');
|
||||
}
|
||||
return($this->input);
|
||||
}
|
||||
|
||||
Function GetInputProperty(&$form, $property, &$value)
|
||||
{
|
||||
switch($property)
|
||||
{
|
||||
case 'Expired':
|
||||
$value = $this->expired;
|
||||
return('');
|
||||
}
|
||||
return($this->DefaultGetInputProperty($form, $property, $value));
|
||||
}
|
||||
|
||||
Function SetInputProperty(&$form, $property, $value)
|
||||
{
|
||||
switch($property)
|
||||
{
|
||||
case "Content":
|
||||
case "VALUE":
|
||||
if(strlen($value)==0)
|
||||
return("it was not specified a valid feedback element identifier");
|
||||
return($form->SetInputProperty($this->focus_input, $property, $value));
|
||||
default:
|
||||
return($this->DefaultSetInputProperty($form, $property, $value));
|
||||
}
|
||||
return("");
|
||||
}
|
||||
};
|
||||
|
||||
?>
|
||||
Loading…
Add table
Add a link
Reference in a new issue