Project

General

Profile

« Previous | Next » 

Revision 1422

Added by Dietmar almost 14 years ago

update SecureForm.php to work behind Proxies

View differences:

branches/2.8.x/CHANGELOG
11 11 
! = Update/Change
12 12 

  		




  13
  13
  
    
------------------------------------- 2.8.2 -------------------------------------


  		




  
  14
  
    
30 Jan-2011 Build 1422 Dietmar Woellbrink (Luisehahne)


  		




  
  15
  
    
! update SecureForm.php to work behind Proxies


  		




  14
  16
  
    
27 Jan-2011 Build 1421 Dietmar Woellbrink (Luisehahne)


  		




  15
  17
  
    
# fix Undefined index: WARN_PAGE_LEAVE


  		




  16
  18
  
    
26 Jan-2011 Build 1420 Dietmar Woellbrink (Luisehahne)


  		












  

    
      branches/2.8.x/wb/admin/interface/version.php
    
  





  52
  52
  
    

  		




  53
  53
  
    
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)


  		




  54
  54
  
    
if(!defined('VERSION')) define('VERSION', '2.8.2.RC5');


  		




  55
  
  
    
if(!defined('REVISION')) define('REVISION', '1421');


  		




  
  55
  
    
if(!defined('REVISION')) define('REVISION', '1422');


  		




  56
  56
  
    

  		




  57
  57
  
    
?>


  		












  

    
      branches/2.8.x/wb/framework/SecureForm.php
    
  





  22
  22
  
    
	const FRONTEND = 0;


  		




  23
  23
  
    
	const BACKEND  = 1;


  		




  24
  24
  
    

  		




  
  25
  
    

  		




  25
  26
  
    
	private $_FTAN        = '';


  		




  26
  27
  
    
	private $_IDKEYs      = array('0'=>'0');


  		




  27
  28
  
    
	private $_ftan_name   = '';


  		




  ......




  39
  40
  
    
		$this->_ftan_name = substr($this->_fingerprint, -(16 + hexdec($this->_fingerprint[0])), 16);


  		




  40
  41
  
    
	// make sure there is a alpha-letter at first position


  		




  41
  42
  
    
		$this->_ftan_name[0] = dechex(10 + (hexdec($this->_ftan_name[0]) % 5));


  		




  42
  
  
    
		$this->_idkey_name = substr($this->_fingerprint, hexdec($this->_fingerprint[strlen($this->_fingerprint)-1]), 16);


  		




  
  43
  
    
		$this->_idkey_name = substr($this->_fingerprint,


  		




  
  44
  
    
				                    hexdec($this->_fingerprint[strlen($this->_fingerprint)-1]), 16);


  		




  43
  45
  
    
	// make sure there is a alpha-letter at first position


  		




  44
  46
  
    
		$this->_idkey_name[0] = dechex(10 + (hexdec($this->_idkey_name[0]) % 5));


  		




  45
  47
  
    
	// takeover id_keys from session if available


  		




  ......




  76
  78
  
    
		$fingerprint .= ( isset($_SERVER['SERVER_ADMIN']) ) ? $_SERVER['SERVER_ADMIN'] : '13';


  		




  77
  79
  
    
		$fingerprint .= PHP_VERSION;


  		




  78
  80
  
    
	// client depending values


  		




  79
  
  
    
		$fingerprint .= ( isset($_SERVER['HTTP_ACCEPT']) ) ? $_SERVER['HTTP_ACCEPT'] : '17';


  		




  80
  
  
    
		$fingerprint .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '19';


  		




  81
  
  
    
		$fingerprint .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '23';


  		




  82
  
  
    
		$fingerprint .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '29';


  		




  83
  
  
    
		$fingerprint .= ( isset($_SERVER['HTTP_CONNECTION']) ) ? $_SERVER['HTTP_CONNECTION'] : '31';


  		




  84
  
  
    
		$fingerprint .= ( isset($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : '37';


  		




  85
  
  
    
		$fingerprint .= ( isset($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : '41';


  		




  
  81
  
    
		$fingerprint .= ( isset($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : '17';


  		




  
  82
  
    
		$usedOctets = ( defined('FINGERPRINT_WITH_IP_OCTETS') ) ? intval(defined('FINGERPRINT_WITH_IP_OCTETS')) : 0;


  		




  
  83
  
    
		$clientIp = ( isset($_SERVER['REMOTE_ADDR'])  ? $_SERVER['REMOTE_ADDR'] : '' );


  		




  
  84
  
    
		if(($clientIp != '') && ($usedOctets > 0)){


  		




  
  85
  
    
			$ip = explode('.', $clientIp);


  		




  
  86
  
    
			if($usedOctets > 0){


  		




  
  87
  
    
				while(sizeof($ip) >= $usedOctets) { unset($ip[$usedOctets]); }


  		




  
  88
  
    
			}


  		




  
  89
  
    
			$clientIp = implode('.', $ip);


  		




  
  90
  
    
		}else {


  		




  
  91
  
    
			$clientIp = 19;


  		




  
  92
  
    
		}


  		




  
  93
  
    
		$fingerprint .= $clientIp;


  		




  86
  94
  
    
		return md5($fingerprint);


  		




  87
  95
  
    
	}


  		




  88
  96
  
    

  		




  ......




  98
  106
  
    
 * creates Formular transactionnumbers for unique use


  		




  99
  107
  
    
 * @access public


  		




  100
  108
  
    
 * @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default)


  		




  101
  
  
    
 *                    false returns an array including FTAN0 and FTAN1


  		




  
  109
  
    
 *                     false returns an GET argument 'key=value'


  		




  102
  110
  
    
 * @return mixed:      array or string


  		




  103
  111
  
    
 *


  		




  104
  112
  
    
 * requirements: an active session must be available


  		




  ......




  115
  123
  
    
		{ // by default return a complete, hidden <input>-tag


  		




  116
  124
  
    
			return '<input type="hidden" name="'.$ftan[0].'" value="'.$ftan[1].'" title="" alt="" />';


  		




  117
  125
  
    
		}else{ // return an array with raw FTAN0 and FTAN1


  		




  118
  
  
    
			return array('FTAN0' => $ftan[0], 'FTAN1'=>$ftan[1]);


  		




  
  126
  
    
			return $ftan[0].'='.$ftan[1];


  		




  119
  127
  
    
		}


  		




  120
  128
  
    
	}


  		




  121
  129
  
    

  		












Also available in:  Unified diff