121 lines
3.4 KiB
PHP
121 lines
3.4 KiB
PHP
<?php
|
|
/**
|
|
* functions/token.php
|
|
*
|
|
* This class handles form tokens.
|
|
*
|
|
* @version 3.0
|
|
* @author Joey Kimsey <Joey@thetempusproject.com>
|
|
* @link https://TheTempusProject.com/Core
|
|
* @license https://opensource.org/licenses/MIT [MIT LICENSE]
|
|
*/
|
|
namespace TheTempusProject\Bedrock\Functions;
|
|
|
|
use TheTempusProject\Bedrock\Classes\Config;
|
|
use TheTempusProject\Canary\Canary as Debug;
|
|
|
|
class Token {
|
|
private static $tokenName;
|
|
private static $tokenSaved;
|
|
private static $tokenEnabled = 'not_set';
|
|
|
|
public static function start() {
|
|
if ( !self::isTokenEnabled() ) {
|
|
return false;
|
|
}
|
|
if ( empty( self::$tokenName ) ) {
|
|
self::setTokenName();
|
|
}
|
|
if ( empty( self::$tokenSaved ) ) {
|
|
self::$tokenSaved = Session::get( self::$tokenName );
|
|
Debug::info( 'Token saved: ' . Session::get( self::$tokenName ) );
|
|
} else {
|
|
Debug::log( 'Original token was already saved' );
|
|
}
|
|
return true;
|
|
}
|
|
|
|
public static function setTokenName( $name = '' ) {
|
|
if ( !empty( $name ) ) {
|
|
if ( !Check::simpleName( $name ) ) {
|
|
Debug::warn( "Token name invalid: $name" );
|
|
return false;
|
|
}
|
|
self::$tokenName = $name;
|
|
}
|
|
if ( !empty( self::$tokenName ) ) {
|
|
return true;
|
|
}
|
|
self::$tokenName = DEFAULT_TOKEN_NAME;
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Determines, saves, then returns whether or not tokens are enabled.
|
|
*
|
|
* @return bool
|
|
*/
|
|
public static function isTokenEnabled() {
|
|
if ( self::$tokenEnabled !== 'not_set' ) {
|
|
return self::$tokenEnabled;
|
|
}
|
|
|
|
$sessionCheck = Check::sessions();
|
|
if ( $sessionCheck === false ) {
|
|
self::$tokenEnabled = false;
|
|
return self::$tokenEnabled;
|
|
}
|
|
|
|
$tokenConfig = Config::getValue( 'main/tokenEnabled' );
|
|
if ( !empty( $tokenConfig ) ) {
|
|
self::$tokenEnabled = $tokenConfig;
|
|
return self::$tokenEnabled;
|
|
}
|
|
|
|
if ( !empty( TOKEN_ENABLED ) ) {
|
|
self::$tokenEnabled = TOKEN_ENABLED;
|
|
return self::$tokenEnabled;
|
|
}
|
|
|
|
self::$tokenEnabled = false;
|
|
return self::$tokenEnabled;
|
|
}
|
|
|
|
/**
|
|
* Creates a token and stores it as a session variable.
|
|
*
|
|
* @return string - Returns the string of the token generated.
|
|
*/
|
|
public static function generate() {
|
|
if ( !self::start() ) {
|
|
Debug::warn( 'Token disabled' );
|
|
return false;
|
|
}
|
|
$token = Code::genToken();
|
|
Session::put( self::$tokenName, $token );
|
|
Debug::info( 'New token generated' );
|
|
return $token;
|
|
}
|
|
|
|
/**
|
|
* Checks a form token against a session token to confirm no XSS has occurred.
|
|
*
|
|
* @param string $token - This should be a post variable from the hidden token field.
|
|
* @return bool
|
|
*/
|
|
public static function check( $token ) {
|
|
if ( !self::start() ) {
|
|
Debug::warn( 'Token disabled' );
|
|
return false;
|
|
}
|
|
if ( $token === self::$tokenSaved ) {
|
|
Debug::info( 'Token check passed' );
|
|
return true;
|
|
}
|
|
Debug::error( 'Token check failed' );
|
|
Debug::error( 'token: ' . $token );
|
|
Debug::error( 'tokenSaved: ' . self::$tokenSaved );
|
|
return false;
|
|
}
|
|
}
|