| 62 |
62 |
'default' => array('value' => 0, 'expire' => 0, 'instance' => 0)
|
| 63 |
63 |
);
|
| 64 |
64 |
/** the salt for this instance */
|
| 65 |
|
private $sSalt = '';
|
|
65 |
private $sSalt = '';
|
| 66 |
66 |
/** fingerprint of the current connection */
|
| 67 |
|
private $sFingerprint = '';
|
|
67 |
private $sFingerprint = '';
|
| 68 |
68 |
/** the FTAN token which is valid for this instance */
|
| 69 |
|
private $aLastCreatedFtan = null;
|
|
69 |
private $aLastCreatedFtan = null;
|
| 70 |
70 |
/** the time when tokens expired if they created in this instance */
|
| 71 |
|
private $iExpireTime = 0;
|
|
71 |
private $iExpireTime = 0;
|
| 72 |
72 |
/** remove selected tokens only and update all others */
|
| 73 |
73 |
private $bPreserveAllOtherTokens = false;
|
| 74 |
74 |
/** id of the current instance */
|
| ... | ... | |
| 79 |
79 |
private $sInstanceToUpdate = null;
|
| 80 |
80 |
/* --- settings for SecureTokens ------------------------------------------------------ */
|
| 81 |
81 |
/** use fingerprinting to encode */
|
| 82 |
|
private $bUseFingerprint = true;
|
|
82 |
private $bUseFingerprint = true;
|
| 83 |
83 |
/** maximum lifetime of a token in seconds */
|
| 84 |
|
private $iTokenLifeTime = 1800; // between LIFETIME_MIN and LIFETIME_MAX (default = 30min)
|
|
84 |
private $iTokenLifeTime = 1800; // between LIFETIME_MIN and LIFETIME_MAX (default = 30min)
|
| 85 |
85 |
/** bit length of the IPv4 Netmask (0-32 // 0 = off default = 24) */
|
| 86 |
|
private $iNetmaskLengthV4 = 0;
|
|
86 |
private $iNetmaskLengthV4 = 0;
|
| 87 |
87 |
/** bit length of the IPv6 Netmask (0-128 // 0 = off default = 64) */
|
| 88 |
|
private $iNetmaskLengthV6 = 0;
|
|
88 |
private $iNetmaskLengthV6 = 0;
|
| 89 |
89 |
|
| 90 |
90 |
/**
|
| 91 |
91 |
* constructor
|
| ... | ... | |
| 271 |
271 |
default:
|
| 272 |
272 |
$sTokenName = $sFieldname;
|
| 273 |
273 |
}
|
| 274 |
|
if (preg_match('/[0-9a-f]{16}$/i', $sTokenName)) {
|
|
274 |
if (preg_match('/^[0-9a-f]{16}$/i', $sTokenName)) {
|
| 275 |
275 |
// key must be a 16-digit hexvalue
|
| 276 |
276 |
if (array_key_exists($sTokenName, $this->aTokens)) {
|
| 277 |
277 |
// check if key is stored in IDKEYs-list
|
| ... | ... | |
| 412 |
412 |
}else if (array_key_exists('HTTP_CLIENT_IP', $_SERVER)) {
|
| 413 |
413 |
$sClientIp = $_SERVER['HTTP_CLIENT_IP'];
|
| 414 |
414 |
}
|
| 415 |
|
return
|
| 416 |
|
__FILE__.PHP_VERSION
|
| 417 |
|
. isset($_SERVER['SERVER_SIGNATURE']) ? $_SERVER['SERVER_SIGNATURE'] : 'unknown'
|
| 418 |
|
. isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'AGENT'
|
| 419 |
|
. $this->calcClientIpHash($sClientIp)
|
| 420 |
|
;
|
|
415 |
$aTmp = array_chunk(stat(__FILE__), 11);
|
|
416 |
unset($aTmp[0][8]);
|
|
417 |
return md5(
|
|
418 |
__FILE__ . PHP_VERSION . implode('', $aTmp[0])
|
|
419 |
. (array_key_exists('HTTP_USER_AGENT', $_SERVER) ? $_SERVER['HTTP_USER_AGENT'] : 'AGENT')
|
|
420 |
. $this->calcClientIpHash($sClientIp)
|
|
421 |
);
|
| 421 |
422 |
}
|
| 422 |
423 |
|
| 423 |
424 |
/**
|
| ... | ... | |
| 449 |
450 |
// check if IP includes a IPv4 part and convert this into IPv6 format
|
| 450 |
451 |
$sPattern = '/^([:a-f0-9]*?)\:([0-9]{1,3}(?:\.[0-9]{1,3}){3})$/is';
|
| 451 |
452 |
if (preg_match($sPattern, $sRawIp, $aMatches)) {
|
|
453 |
// convert IPv4 into full size 32bit binary string
|
| 452 |
454 |
$sIpV4Bin = str_pad((string)decbin(ip2long($aMatches[2])), 32, '0', STR_PAD_LEFT) ;
|
|
455 |
// split into 2 parts of 16bit
|
| 453 |
456 |
$aIpV6Hex = str_split($sIpV4Bin, 16);
|
|
457 |
// concate the IPv6/96 part and hex of both IPv4 parts
|
| 454 |
458 |
$sRawIp = $aMatches[1].':'.dechex(bindec($aIpV6Hex[0])).':'.dechex(bindec($aIpV6Hex[1]));
|
| 455 |
459 |
}
|
| 456 |
|
// calculate number of missing words
|
|
460 |
// calculate number of missing IPv6 words
|
| 457 |
461 |
$iWords = 8 - count(preg_split('/:/', $sRawIp, null, PREG_SPLIT_NO_EMPTY));
|
| 458 |
|
// build replacement for '::'
|
|
462 |
// build multiple ':0000:' replacements for '::'
|
| 459 |
463 |
$sReplacement = $iWords ? implode(':', array_fill(0, $iWords, '0000')) : '';
|
| 460 |
464 |
// insert replacements and remove trailing/leading ':'
|
| 461 |
465 |
$sClientIp = trim(preg_replace('/\:\:/', ':'.$sReplacement.':', $sRawIp), ':');
|
| ... | ... | |
| 511 |
515 |
$this->bUseFingerprint = isset($this->oReg->SecTokenFingerprint)
|
| 512 |
516 |
? $this->oReg->SecTokenFingerprint
|
| 513 |
517 |
: $this->bUseFingerprint;
|
| 514 |
|
$this->iNetmaskLengthV4 = isset($this->oReg->SecTokenNetmask4)
|
| 515 |
|
? $this->oReg->SecTokenNetmask4
|
|
518 |
$this->iNetmaskLengthV4 = isset($this->oReg->SecTokenIpv4Netmask)
|
|
519 |
? $this->oReg->SecTokenIpv4Netmask
|
| 516 |
520 |
: $this->iNetmaskLengthV4;
|
| 517 |
|
$this->iNetmaskLengthV6 = isset($this->oReg->SecTokenNetmask6)
|
| 518 |
|
? $this->oReg->SecTokenNetmask6
|
|
521 |
$this->iNetmaskLengthV6 = isset($this->oReg->SecTokenIpv6PrefixLength)
|
|
522 |
? $this->oReg->SecTokenIpv6PrefixLength
|
| 519 |
523 |
: $this->iNetmaskLengthV6;
|
| 520 |
524 |
$this->iTokenLifeTime = isset($this->oReg->SecTokenLifeTime)
|
| 521 |
525 |
? $this->oReg->SecTokenLifeTime
|