| 22 |
22 |
const FRONTEND = 0;
|
| 23 |
23 |
const BACKEND = 1;
|
| 24 |
24 |
|
|
25 |
|
| 25 |
26 |
private $_FTAN = '';
|
| 26 |
27 |
private $_IDKEYs = array('0'=>'0');
|
| 27 |
28 |
private $_ftan_name = '';
|
| ... | ... | |
| 39 |
40 |
$this->_ftan_name = substr($this->_fingerprint, -(16 + hexdec($this->_fingerprint[0])), 16);
|
| 40 |
41 |
// make sure there is a alpha-letter at first position
|
| 41 |
42 |
$this->_ftan_name[0] = dechex(10 + (hexdec($this->_ftan_name[0]) % 5));
|
| 42 |
|
$this->_idkey_name = substr($this->_fingerprint, hexdec($this->_fingerprint[strlen($this->_fingerprint)-1]), 16);
|
|
43 |
$this->_idkey_name = substr($this->_fingerprint,
|
|
44 |
hexdec($this->_fingerprint[strlen($this->_fingerprint)-1]), 16);
|
| 43 |
45 |
// make sure there is a alpha-letter at first position
|
| 44 |
46 |
$this->_idkey_name[0] = dechex(10 + (hexdec($this->_idkey_name[0]) % 5));
|
| 45 |
47 |
// takeover id_keys from session if available
|
| ... | ... | |
| 76 |
78 |
$fingerprint .= ( isset($_SERVER['SERVER_ADMIN']) ) ? $_SERVER['SERVER_ADMIN'] : '13';
|
| 77 |
79 |
$fingerprint .= PHP_VERSION;
|
| 78 |
80 |
// client depending values
|
| 79 |
|
$fingerprint .= ( isset($_SERVER['HTTP_ACCEPT']) ) ? $_SERVER['HTTP_ACCEPT'] : '17';
|
| 80 |
|
$fingerprint .= ( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '19';
|
| 81 |
|
$fingerprint .= ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '23';
|
| 82 |
|
$fingerprint .= ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '29';
|
| 83 |
|
$fingerprint .= ( isset($_SERVER['HTTP_CONNECTION']) ) ? $_SERVER['HTTP_CONNECTION'] : '31';
|
| 84 |
|
$fingerprint .= ( isset($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : '37';
|
| 85 |
|
$fingerprint .= ( isset($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : '41';
|
|
81 |
$fingerprint .= ( isset($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : '17';
|
|
82 |
$usedOctets = ( defined('FINGERPRINT_WITH_IP_OCTETS') ) ? intval(defined('FINGERPRINT_WITH_IP_OCTETS')) : 0;
|
|
83 |
$clientIp = ( isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '' );
|
|
84 |
if(($clientIp != '') && ($usedOctets > 0)){
|
|
85 |
$ip = explode('.', $clientIp);
|
|
86 |
if($usedOctets > 0){
|
|
87 |
while(sizeof($ip) >= $usedOctets) { unset($ip[$usedOctets]); }
|
|
88 |
}
|
|
89 |
$clientIp = implode('.', $ip);
|
|
90 |
}else {
|
|
91 |
$clientIp = 19;
|
|
92 |
}
|
|
93 |
$fingerprint .= $clientIp;
|
| 86 |
94 |
return md5($fingerprint);
|
| 87 |
95 |
}
|
| 88 |
96 |
|
| ... | ... | |
| 98 |
106 |
* creates Formular transactionnumbers for unique use
|
| 99 |
107 |
* @access public
|
| 100 |
108 |
* @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default)
|
| 101 |
|
* false returns an array including FTAN0 and FTAN1
|
|
109 |
* false returns an GET argument 'key=value'
|
| 102 |
110 |
* @return mixed: array or string
|
| 103 |
111 |
*
|
| 104 |
112 |
* requirements: an active session must be available
|
| ... | ... | |
| 115 |
123 |
{ // by default return a complete, hidden <input>-tag
|
| 116 |
124 |
return '<input type="hidden" name="'.$ftan[0].'" value="'.$ftan[1].'" title="" alt="" />';
|
| 117 |
125 |
}else{ // return an array with raw FTAN0 and FTAN1
|
| 118 |
|
return array('FTAN0' => $ftan[0], 'FTAN1'=>$ftan[1]);
|
|
126 |
return $ftan[0].'='.$ftan[1];
|
| 119 |
127 |
}
|
| 120 |
128 |
}
|
| 121 |
129 |
|
update SecureForm.php to work behind Proxies