| 23 |
23 |
|
| 24 |
24 |
/* insert global vars here... */
|
| 25 |
25 |
|
| 26 |
|
var $_FTAN = '';
|
| 27 |
|
var $_IDKEYs = array();
|
|
26 |
var $_FTAN = '';
|
|
27 |
var $_IDKEYs = '';
|
|
28 |
var $_salt = '';
|
| 28 |
29 |
|
| 29 |
30 |
function SecureForm()
|
| 30 |
31 |
{
|
| 31 |
32 |
// $this->__construct();
|
| 32 |
33 |
$this->_FTAN = '';
|
| 33 |
|
// if(isset($_SESSION['FTAN'])) { unset($_SESSION['FTAN']); }
|
|
34 |
$this->_salt = $this->_generate_salt();
|
|
35 |
if(isset($_SESSION['IDKEYS']))
|
|
36 |
{
|
|
37 |
$this->_IDKEYs = $_SESSION['IDKEYS'];
|
|
38 |
}else {
|
|
39 |
$this->_IDKEYs = array();
|
|
40 |
}
|
| 34 |
41 |
}
|
| 35 |
42 |
// function __construct()
|
| 36 |
43 |
// {
|
| ... | ... | |
| 38 |
45 |
// if(isset($_SESSION['FTAN'])) { unset($_SESSION['FTAN']); }
|
| 39 |
46 |
// }
|
| 40 |
47 |
|
|
48 |
|
|
49 |
function _generate_salt()
|
|
50 |
{
|
|
51 |
// server depending values
|
|
52 |
$salt = ( isset($_SERVER['SERVER_SIGNATURE']) ) ? $_SERVER['SERVER_SIGNATURE'] : '2';
|
|
53 |
$salt .= ( isset($_SERVER['SERVER_SOFTWARE']) ) ? $_SERVER['SERVER_SOFTWARE'] : '3';
|
|
54 |
$salt .= ( isset($_SERVER['SERVER_NAME']) ) ? $_SERVER['SERVER_NAME'] : '5';
|
|
55 |
$salt .= ( isset($_SERVER['SERVER_ADDR']) ) ? $_SERVER['SERVER_ADDR'] : '7';
|
|
56 |
$salt .= ( isset($_SERVER['SERVER_PORT']) ) ? $_SERVER['SERVER_PORT'] : '11';
|
|
57 |
$salt .= ( isset($_SERVER['SERVER_ADMIN']) ) ? $_SERVER['SERVER_ADMIN'] : '13';
|
|
58 |
$salt .= PHP_VERSION;
|
|
59 |
// client depending values
|
|
60 |
$salt .= ( isset($_SERVER['HTTP_ACCEPT']) ) ? $_SERVER['HTTP_ACCEPT'] : '17';
|
|
61 |
$salt .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '19';
|
|
62 |
$salt .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '23';
|
|
63 |
$salt .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '29';
|
|
64 |
$salt .= ( isset($_SERVER['HTTP_CONNECTION']) ) ? $_SERVER['HTTP_CONNECTION'] : '31';
|
|
65 |
$salt .= ( isset($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : '37';
|
|
66 |
return $salt;
|
|
67 |
}
|
| 41 |
68 |
/*
|
| 42 |
69 |
* creates Formular transactionnumbers for unique use
|
| 43 |
70 |
* @access public
|
| ... | ... | |
| 58 |
85 |
}else{
|
| 59 |
86 |
$time = (string)time();
|
| 60 |
87 |
}
|
| 61 |
|
$salt = ( isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : '');
|
| 62 |
|
$salt .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '');
|
| 63 |
|
$salt .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '');
|
| 64 |
|
$salt .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '');
|
| 65 |
|
$salt .= ( isset($_SERVER['HTTP_CONNECTION']) ? $_SERVER['HTTP_CONNECTION'] : '');
|
| 66 |
|
$salt .= ( isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
|
| 67 |
|
$salt .= ( isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : '');
|
| 68 |
|
$salt = ( $salt !== '' ) ? $salt : 'eXtremelyHotTomatoJuice';
|
| 69 |
|
$this->_FTAN = md5($time.$salt);
|
|
88 |
$this->_FTAN = md5($time.$this->_salt);
|
| 70 |
89 |
$_SESSION['FTAN'] = $this->_FTAN;
|
|
90 |
|
| 71 |
91 |
}
|
| 72 |
92 |
$ftan0 = 'a'.substr($this->_FTAN, -(10 + hexdec(substr($this->_FTAN, 1))), 10);
|
| 73 |
93 |
$ftan1 = 'a'.substr($this->_FTAN, hexdec(substr($this->_FTAN, -1)), 10);
|
| ... | ... | |
| 109 |
129 |
return $retval;
|
| 110 |
130 |
}
|
| 111 |
131 |
|
|
132 |
/*
|
|
133 |
* save values in session and returns a ID-key
|
|
134 |
* @access public
|
|
135 |
* @param mixed $value: the value for witch a key shall generated and memorized
|
|
136 |
* @return string: a MD5-Key to use instead of the real value
|
|
137 |
*
|
|
138 |
* requirements: an active session must be available
|
|
139 |
*/
|
|
140 |
function getIDKEY($value)
|
|
141 |
{
|
|
142 |
$isarray = is_array($value);
|
|
143 |
if( $isarray ) { $value = serialize($value); }
|
|
144 |
$key = md5($this->_salt.(string)$value);
|
|
145 |
if( $isarray ) { $key[5] = 'h'; }
|
|
146 |
$added = false;
|
|
147 |
while(!$added)
|
|
148 |
{
|
|
149 |
if( !array_key_exists($key, $this->_IDKEYs) )
|
|
150 |
{
|
|
151 |
$this->_IDKEYs[$key] = $value;
|
|
152 |
$added = true;
|
|
153 |
}else {
|
|
154 |
// if key already exist, increment the last four digits until the key is unique
|
|
155 |
$key = substr($key, -4).dechex(('0x'.substr($key0, -4)) + 1);
|
|
156 |
}
|
|
157 |
}
|
|
158 |
$_SESSION['IDKEYS'] = $this->_IDKEYs;
|
|
159 |
return $key;
|
|
160 |
}
|
| 112 |
161 |
|
| 113 |
|
|
|
162 |
/*
|
|
163 |
* search for key in session and returns the original value
|
|
164 |
* @access public
|
|
165 |
* @param string $key: the alias-key from the original value
|
|
166 |
* @return mixed: the original value (string, numeric, array) or NULL if request fails
|
|
167 |
*
|
|
168 |
* requirements: an active session must be available
|
|
169 |
*/
|
|
170 |
function checkIDKEY( $key )
|
|
171 |
{
|
|
172 |
$value = null;
|
|
173 |
if( array_key_exists($key, $this->_IDKEYs))
|
|
174 |
{
|
|
175 |
$value = $this->_IDKEYs[$key];
|
|
176 |
unset($this->_IDKEYs[$key]);
|
|
177 |
$_SESSION['IDKEYS'] = $this->_IDKEYs;
|
|
178 |
if($value[5] == 'h') { $value = unserialize($value); }
|
|
179 |
}
|
|
180 |
return $value;
|
|
181 |
}
|
| 114 |
182 |
//put your code here
|
| 115 |
183 |
}
|
| 116 |
|
?>
|
|
184 |
?>
|
added IdKey to class secureForm