nilsteampassnet /
TeamPass
@@ -42,11 +42,11 @@ discard block |
||
| 42 | 42 | */ |
| 43 | 43 | public static function register() |
| 44 | 44 | { |
| 45 | - if ( self::$hasBeenRegistered === true ) { |
|
| 45 | + if (self::$hasBeenRegistered === true) { |
|
| 46 | 46 | return; |
| 47 | 47 | } |
| 48 | 48 | |
| 49 | - if ( stream_filter_register(self::getFilterName(), __CLASS__) === false ) { |
|
| 49 | + if (stream_filter_register(self::getFilterName(), __CLASS__) === false) { |
|
| 50 | 50 | throw new RuntimeException('Failed to register stream filter: '.self::getFilterName()); |
| 51 | 51 | } |
| 52 | 52 | |
@@ -62,7 +62,7 @@ discard block |
||
| 62 | 62 | */ |
| 63 | 63 | public static function getFilterURL($filename, $fromCharset, $toCharset = null) |
| 64 | 64 | { |
| 65 | - if ( $toCharset === null ) { |
|
| 65 | + if ($toCharset === null) { |
|
| 66 | 66 | return sprintf('php://filter/convert.mbstring.encoding.%s/resource=%s', $fromCharset, $filename); |
| 67 | 67 | } else { |
| 68 | 68 | return sprintf('php://filter/convert.mbstring.encoding.%s:%s/resource=%s', $fromCharset, $toCharset, $filename); |
@@ -74,18 +74,18 @@ discard block |
||
| 74 | 74 | */ |
| 75 | 75 | public function onCreate() |
| 76 | 76 | { |
| 77 | - if ( strpos($this->filtername, self::FILTER_NAMESPACE) !== 0 ) { |
|
| 77 | + if (strpos($this->filtername, self::FILTER_NAMESPACE) !== 0) { |
|
| 78 | 78 | return false; |
| 79 | 79 | } |
| 80 | 80 | |
| 81 | 81 | $parameterString = substr($this->filtername, strlen(self::FILTER_NAMESPACE)); |
| 82 | 82 | |
| 83 | - if ( ! preg_match('/^(?P<from>[-\w]+)(:(?P<to>[-\w]+))?$/', $parameterString, $matches) ) { |
|
| 83 | + if (!preg_match('/^(?P<from>[-\w]+)(:(?P<to>[-\w]+))?$/', $parameterString, $matches)) { |
|
| 84 | 84 | return false; |
| 85 | 85 | } |
| 86 | 86 | |
| 87 | 87 | $this->fromCharset = isset($matches['from']) ? $matches['from'] : 'auto'; |
| 88 | - $this->toCharset = isset($matches['to']) ? $matches['to'] : mb_internal_encoding(); |
|
| 88 | + $this->toCharset = isset($matches['to']) ? $matches['to'] : mb_internal_encoding(); |
|
| 89 | 89 | |
| 90 | 90 | return true; |
| 91 | 91 | } |
@@ -99,7 +99,7 @@ discard block |
||
| 99 | 99 | */ |
| 100 | 100 | public function filter($in, $out, &$consumed, $closing) |
| 101 | 101 | { |
| 102 | - while ( $bucket = stream_bucket_make_writeable($in) ) { |
|
| 102 | + while ($bucket = stream_bucket_make_writeable($in)) { |
|
| 103 | 103 | $bucket->data = mb_convert_encoding($bucket->data, $this->toCharset, $this->fromCharset); |
| 104 | 104 | $consumed += $bucket->datalen; |
| 105 | 105 | stream_bucket_append($out, $bucket); |
@@ -47,7 +47,7 @@ discard block |
||
| 47 | 47 | $flags = $this->config->getFlags(); |
| 48 | 48 | $ignoreHeader = $this->config->getIgnoreHeaderLine(); |
| 49 | 49 | |
| 50 | - if ( $fromCharset === null ) { |
|
| 50 | + if ($fromCharset === null) { |
|
| 51 | 51 | $url = $filename; |
| 52 | 52 | } else { |
| 53 | 53 | $url = ConvertMbstringEncoding::getFilterURL($filename, $fromCharset, $toCharset); |
@@ -61,7 +61,7 @@ discard block |
||
| 61 | 61 | $originalLocale = setlocale(LC_ALL, '0'); // Backup current locale |
| 62 | 62 | setlocale(LC_ALL, 'en_US.UTF-8'); |
| 63 | 63 | |
| 64 | - foreach ( $csv as $lineNumber => $line ) { |
|
| 64 | + foreach ($csv as $lineNumber => $line) { |
|
| 65 | 65 | if ($ignoreHeader && $lineNumber == 0 || (count($line) === 1 && empty($line[0]))) { |
| 66 | 66 | continue; |
| 67 | 67 | } |
@@ -1,10 +1,10 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | if (!defined('__CSRF_PROTECTOR__')) { |
| 4 | - define('__CSRF_PROTECTOR__', true); // to avoid multiple declaration errors |
|
| 4 | + define('__CSRF_PROTECTOR__', true); // to avoid multiple declaration errors |
|
| 5 | 5 | |
| 6 | 6 | // name of HTTP POST variable for authentication |
| 7 | - define("CSRFP_TOKEN","csrfp_token"); |
|
| 7 | + define("CSRFP_TOKEN", "csrfp_token"); |
|
| 8 | 8 | |
| 9 | 9 | // We insert token name and list of url patterns for which |
| 10 | 10 | // GET requests are validated against CSRF as hidden input fields |
@@ -71,7 +71,7 @@ discard block |
||
| 71 | 71 | * Contains list of those parameters that are required to be there |
| 72 | 72 | * in config file for csrfp to work |
| 73 | 73 | */ |
| 74 | - public static $requiredConfigurations = array('logDirectory', 'failedAuthAction', 'jsPath', 'jsUrl', 'tokenLength'); |
|
| 74 | + public static $requiredConfigurations = array('logDirectory', 'failedAuthAction', 'jsPath', 'jsUrl', 'tokenLength'); |
|
| 75 | 75 | |
| 76 | 76 | /* |
| 77 | 77 | * Function: init |
@@ -102,7 +102,7 @@ discard block |
||
| 102 | 102 | |
| 103 | 103 | //start session in case its not |
| 104 | 104 | if (session_id() === '') { |
| 105 | - require_once __DIR__ ."/../../../../../sources/SecureHandler.php"; |
|
| 105 | + require_once __DIR__."/../../../../../sources/SecureHandler.php"; |
|
| 106 | 106 | session_start(); |
| 107 | 107 | } |
| 108 | 108 | |
@@ -112,12 +112,12 @@ discard block |
||
| 112 | 112 | * a config/csrf_config.php file in the root folder |
| 113 | 113 | * for composer installations |
| 114 | 114 | */ |
| 115 | - $standard_config_location = __DIR__ ."/../csrfp.config.php"; |
|
| 116 | - $composer_config_location = __DIR__ ."/../../../../../config/csrf_config.php"; |
|
| 115 | + $standard_config_location = __DIR__."/../csrfp.config.php"; |
|
| 116 | + $composer_config_location = __DIR__."/../../../../../config/csrf_config.php"; |
|
| 117 | 117 | |
| 118 | 118 | if (file_exists($standard_config_location)) { |
| 119 | 119 | self::$config = include($standard_config_location); |
| 120 | - } elseif(file_exists($composer_config_location)) { |
|
| 120 | + } elseif (file_exists($composer_config_location)) { |
|
| 121 | 121 | self::$config = include($composer_config_location); |
| 122 | 122 | } else { |
| 123 | 123 | throw new configFileNotFoundException("OWASP CSRFProtector: configuration file not found for CSRFProtector!"); |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | //action in case of failed validation |
| 189 | 189 | self::failedValidationAction(); |
| 190 | 190 | } else { |
| 191 | - self::refreshToken(); //refresh token for successfull validation |
|
| 191 | + self::refreshToken(); //refresh token for successfull validation |
|
| 192 | 192 | } |
| 193 | 193 | } else if ($_SERVER['REQUEST_METHOD'] === 'POST') { |
| 194 | 194 | |
@@ -204,7 +204,7 @@ discard block |
||
| 204 | 204 | //action in case of failed validation |
| 205 | 205 | self::failedValidationAction(); |
| 206 | 206 | } else { |
| 207 | - self::refreshToken(); //refresh token for successfull validation |
|
| 207 | + self::refreshToken(); //refresh token for successfull validation |
|
| 208 | 208 | } |
| 209 | 209 | } |
| 210 | 210 | } |
@@ -251,7 +251,7 @@ discard block |
||
| 251 | 251 | */ |
| 252 | 252 | private static function failedValidationAction() |
| 253 | 253 | { |
| 254 | - if (!file_exists(__DIR__ ."/../" .self::$config['logDirectory'])) |
|
| 254 | + if (!file_exists(__DIR__."/../".self::$config['logDirectory'])) |
|
| 255 | 255 | throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!"); |
| 256 | 256 | |
| 257 | 257 | //call the logging function |
@@ -275,7 +275,7 @@ discard block |
||
| 275 | 275 | break; |
| 276 | 276 | case 2: |
| 277 | 277 | //redirect to custom error page |
| 278 | - $location = self::$config['errorRedirectionPage']; |
|
| 278 | + $location = self::$config['errorRedirectionPage']; |
|
| 279 | 279 | header("location: $location"); |
| 280 | 280 | case 3: |
| 281 | 281 | //send custom error message |
@@ -283,7 +283,7 @@ discard block |
||
| 283 | 283 | break; |
| 284 | 284 | case 4: |
| 285 | 285 | //send 500 header -- internal server error |
| 286 | - header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500); |
|
| 286 | + header($_SERVER['SERVER_PROTOCOL'].' 500 Internal Server Error', true, 500); |
|
| 287 | 287 | exit("<h2>500 Internal Server Error!</h2>"); |
| 288 | 288 | break; |
| 289 | 289 | default: |
@@ -339,7 +339,7 @@ discard block |
||
| 339 | 339 | { |
| 340 | 340 | //if config tokenLength value is 0 or some non int |
| 341 | 341 | if (intval(self::$config['tokenLength']) == 0) { |
| 342 | - self::$config['tokenLength'] = 32; //set as default |
|
| 342 | + self::$config['tokenLength'] = 32; //set as default |
|
| 343 | 343 | } |
| 344 | 344 | |
| 345 | 345 | //#todo - if $length > 128 throw exception |
@@ -395,22 +395,22 @@ discard block |
||
| 395 | 395 | //add a <noscript> message to outgoing HTML output, |
| 396 | 396 | //informing the user to enable js for CSRFProtector to work |
| 397 | 397 | //best section to add, after <body> tag |
| 398 | - $buffer = preg_replace("/<body[^>]*>/", "$0 <noscript>" .self::$config['disabledJavascriptMessage'] . |
|
| 398 | + $buffer = preg_replace("/<body[^>]*>/", "$0 <noscript>".self::$config['disabledJavascriptMessage']. |
|
| 399 | 399 | "</noscript>", $buffer); |
| 400 | - $hiddenInput = '<fieldset style="display: none"><legend>CSRF Protection</legend>' .PHP_EOL; |
|
| 401 | - $hiddenInput .= '<input type="hidden" id="' . CSRFP_FIELD_TOKEN_NAME.'" value="' |
|
| 402 | - .self::$config['CSRFP_TOKEN'] .'" />' .PHP_EOL; |
|
| 400 | + $hiddenInput = '<fieldset style="display: none"><legend>CSRF Protection</legend>'.PHP_EOL; |
|
| 401 | + $hiddenInput .= '<input type="hidden" id="'.CSRFP_FIELD_TOKEN_NAME.'" value="' |
|
| 402 | + .self::$config['CSRFP_TOKEN'].'" />'.PHP_EOL; |
|
| 403 | 403 | |
| 404 | - $hiddenInput .= '<input type="hidden" id="' .CSRFP_FIELD_URLS .'" value=\'' |
|
| 405 | - .json_encode(str_replace("&","%26",self::$config['verifyGetFor'])) .'\' />' .PHP_EOL; |
|
| 404 | + $hiddenInput .= '<input type="hidden" id="'.CSRFP_FIELD_URLS.'" value=\'' |
|
| 405 | + .json_encode(str_replace("&", "%26", self::$config['verifyGetFor'])).'\' />'.PHP_EOL; |
|
| 406 | 406 | $hiddenInput .= '</fieldset>'; |
| 407 | 407 | |
| 408 | 408 | //implant hidden fields with check url information for reading in javascript |
| 409 | - $buffer = str_ireplace('</body>', $hiddenInput . '</body>', $buffer); |
|
| 409 | + $buffer = str_ireplace('</body>', $hiddenInput.'</body>', $buffer); |
|
| 410 | 410 | |
| 411 | 411 | //implant the CSRFGuard js file to outgoing script |
| 412 | - $script = '<script type="text/javascript" src="' . self::$config['jsUrl'] . '"></script>' . PHP_EOL; |
|
| 413 | - $buffer = str_ireplace('</body>', $script . '</body>', $buffer, $count); |
|
| 412 | + $script = '<script type="text/javascript" src="'.self::$config['jsUrl'].'"></script>'.PHP_EOL; |
|
| 413 | + $buffer = str_ireplace('</body>', $script.'</body>', $buffer, $count); |
|
| 414 | 414 | |
| 415 | 415 | if (!$count) |
| 416 | 416 | $buffer .= $script; |
@@ -434,8 +434,8 @@ discard block |
||
| 434 | 434 | private static function logCSRFattack() |
| 435 | 435 | { |
| 436 | 436 | //if file doesnot exist for, create it |
| 437 | - $logFile = fopen(__DIR__ ."/../" .self::$config['logDirectory'] |
|
| 438 | - ."/" .date("m-20y") .".log", "a+"); |
|
| 437 | + $logFile = fopen(__DIR__."/../".self::$config['logDirectory'] |
|
| 438 | + ."/".date("m-20y").".log", "a+"); |
|
| 439 | 439 | |
| 440 | 440 | //throw exception if above fopen fails |
| 441 | 441 | if (!$logFile) |
@@ -456,7 +456,7 @@ discard block |
||
| 456 | 456 | $log['cookie'] = $_COOKIE; |
| 457 | 457 | |
| 458 | 458 | //convert log array to JSON format to be logged |
| 459 | - $log = json_encode($log) .PHP_EOL; |
|
| 459 | + $log = json_encode($log).PHP_EOL; |
|
| 460 | 460 | |
| 461 | 461 | //append log to the file |
| 462 | 462 | fwrite($logFile, $log); |
@@ -489,7 +489,7 @@ discard block |
||
| 489 | 489 | } |
| 490 | 490 | } |
| 491 | 491 | |
| 492 | - return $request_scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; |
|
| 492 | + return $request_scheme.'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; |
|
| 493 | 493 | } |
| 494 | 494 | |
| 495 | 495 | /* |
@@ -505,8 +505,8 @@ discard block |
||
| 505 | 505 | */ |
| 506 | 506 | public static function isURLallowed() { |
| 507 | 507 | foreach (self::$config['verifyGetFor'] as $key => $value) { |
| 508 | - $value = str_replace(array('/','*'), array('\/','(.*)'), $value); |
|
| 509 | - preg_match('/' .$value .'/', self::getCurrentUrl(), $output); |
|
| 508 | + $value = str_replace(array('/', '*'), array('\/', '(.*)'), $value); |
|
| 509 | + preg_match('/'.$value.'/', self::getCurrentUrl(), $output); |
|
| 510 | 510 | if (count($output) > 0) |
| 511 | 511 | return false; |
| 512 | 512 | } |
@@ -97,8 +97,9 @@ discard block |
||
| 97 | 97 | * if mod_csrfp already enabled, no verification, no filtering |
| 98 | 98 | * Already done by mod_csrfp |
| 99 | 99 | */ |
| 100 | - if (getenv('mod_csrfp_enabled')) |
|
| 101 | - return; |
|
| 100 | + if (getenv('mod_csrfp_enabled')) { |
|
| 101 | + return; |
|
| 102 | + } |
|
| 102 | 103 | |
| 103 | 104 | //start session in case its not |
| 104 | 105 | if (session_id() === '') { |
@@ -124,15 +125,18 @@ discard block |
||
| 124 | 125 | } |
| 125 | 126 | |
| 126 | 127 | //overriding length property if passed in parameters |
| 127 | - if ($length != null) |
|
| 128 | - self::$config['tokenLength'] = intval($length); |
|
| 128 | + if ($length != null) { |
|
| 129 | + self::$config['tokenLength'] = intval($length); |
|
| 130 | + } |
|
| 129 | 131 | |
| 130 | 132 | //action that is needed to be taken in case of failed authorisation |
| 131 | - if ($action != null) |
|
| 132 | - self::$config['failedAuthAction'] = $action; |
|
| 133 | + if ($action != null) { |
|
| 134 | + self::$config['failedAuthAction'] = $action; |
|
| 135 | + } |
|
| 133 | 136 | |
| 134 | - if (self::$config['CSRFP_TOKEN'] == '') |
|
| 135 | - self::$config['CSRFP_TOKEN'] = CSRFP_TOKEN; |
|
| 137 | + if (self::$config['CSRFP_TOKEN'] == '') { |
|
| 138 | + self::$config['CSRFP_TOKEN'] = CSRFP_TOKEN; |
|
| 139 | + } |
|
| 136 | 140 | |
| 137 | 141 | // Validate the config if everythings filled out |
| 138 | 142 | foreach (self::$requiredConfigurations as $value) { |
@@ -152,8 +156,9 @@ discard block |
||
| 152 | 156 | || !isset($_SESSION[self::$config['CSRFP_TOKEN']]) |
| 153 | 157 | || !is_array($_SESSION[self::$config['CSRFP_TOKEN']]) |
| 154 | 158 | || !in_array($_COOKIE[self::$config['CSRFP_TOKEN']], |
| 155 | - $_SESSION[self::$config['CSRFP_TOKEN']])) |
|
| 156 | - self::refreshToken(); |
|
| 159 | + $_SESSION[self::$config['CSRFP_TOKEN']])) { |
|
| 160 | + self::refreshToken(); |
|
| 161 | + } |
|
| 157 | 162 | |
| 158 | 163 | // Set protected by CSRF Protector header |
| 159 | 164 | header('X-CSRF-Protection: OWASP CSRFP 1.0.0'); |
@@ -221,14 +226,20 @@ discard block |
||
| 221 | 226 | * bool - true if its valid else false |
| 222 | 227 | */ |
| 223 | 228 | private static function isValidToken($token) { |
| 224 | - if (!isset($_SESSION[self::$config['CSRFP_TOKEN']])) return false; |
|
| 225 | - if (!is_array($_SESSION[self::$config['CSRFP_TOKEN']])) return false; |
|
| 229 | + if (!isset($_SESSION[self::$config['CSRFP_TOKEN']])) { |
|
| 230 | + return false; |
|
| 231 | + } |
|
| 232 | + if (!is_array($_SESSION[self::$config['CSRFP_TOKEN']])) { |
|
| 233 | + return false; |
|
| 234 | + } |
|
| 226 | 235 | foreach ($_SESSION[self::$config['CSRFP_TOKEN']] as $key => $value) { |
| 227 | 236 | if ($value == $token) { |
| 228 | 237 | |
| 229 | 238 | // Clear all older tokens assuming they have been consumed |
| 230 | 239 | foreach ($_SESSION[self::$config['CSRFP_TOKEN']] as $_key => $_value) { |
| 231 | - if ($_value == $token) break; |
|
| 240 | + if ($_value == $token) { |
|
| 241 | + break; |
|
| 242 | + } |
|
| 232 | 243 | array_shift($_SESSION[self::$config['CSRFP_TOKEN']]); |
| 233 | 244 | } |
| 234 | 245 | return true; |
@@ -251,8 +262,9 @@ discard block |
||
| 251 | 262 | */ |
| 252 | 263 | private static function failedValidationAction() |
| 253 | 264 | { |
| 254 | - if (!file_exists(__DIR__ ."/../" .self::$config['logDirectory'])) |
|
| 255 | - throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!"); |
|
| 265 | + if (!file_exists(__DIR__ ."/../" .self::$config['logDirectory'])) { |
|
| 266 | + throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!"); |
|
| 267 | + } |
|
| 256 | 268 | |
| 257 | 269 | //call the logging function |
| 258 | 270 | static::logCSRFattack(); |
@@ -312,8 +324,9 @@ discard block |
||
| 312 | 324 | $token = self::generateAuthToken(); |
| 313 | 325 | |
| 314 | 326 | if (!isset($_SESSION[self::$config['CSRFP_TOKEN']]) |
| 315 | - || !is_array($_SESSION[self::$config['CSRFP_TOKEN']])) |
|
| 316 | - $_SESSION[self::$config['CSRFP_TOKEN']] = array(); |
|
| 327 | + || !is_array($_SESSION[self::$config['CSRFP_TOKEN']])) { |
|
| 328 | + $_SESSION[self::$config['CSRFP_TOKEN']] = array(); |
|
| 329 | + } |
|
| 317 | 330 | |
| 318 | 331 | //set token to session for server side validation |
| 319 | 332 | array_push($_SESSION[self::$config['CSRFP_TOKEN']], $token); |
@@ -412,8 +425,9 @@ discard block |
||
| 412 | 425 | $script = '<script type="text/javascript" src="' . self::$config['jsUrl'] . '"></script>' . PHP_EOL; |
| 413 | 426 | $buffer = str_ireplace('</body>', $script . '</body>', $buffer, $count); |
| 414 | 427 | |
| 415 | - if (!$count) |
|
| 416 | - $buffer .= $script; |
|
| 428 | + if (!$count) { |
|
| 429 | + $buffer .= $script; |
|
| 430 | + } |
|
| 417 | 431 | |
| 418 | 432 | return $buffer; |
| 419 | 433 | } |
@@ -438,8 +452,9 @@ discard block |
||
| 438 | 452 | ."/" .date("m-20y") .".log", "a+"); |
| 439 | 453 | |
| 440 | 454 | //throw exception if above fopen fails |
| 441 | - if (!$logFile) |
|
| 442 | - throw new logFileWriteError("OWASP CSRFProtector: Unable to write to the log file"); |
|
| 455 | + if (!$logFile) { |
|
| 456 | + throw new logFileWriteError("OWASP CSRFProtector: Unable to write to the log file"); |
|
| 457 | + } |
|
| 443 | 458 | |
| 444 | 459 | //miniature version of the log |
| 445 | 460 | $log = array(); |
@@ -448,10 +463,11 @@ discard block |
||
| 448 | 463 | $log['REQUEST_URI'] = $_SERVER['REQUEST_URI']; |
| 449 | 464 | $log['requestType'] = self::$requestType; |
| 450 | 465 | |
| 451 | - if (self::$requestType === "GET") |
|
| 452 | - $log['query'] = $_GET; |
|
| 453 | - else |
|
| 454 | - $log['query'] = $_POST; |
|
| 466 | + if (self::$requestType === "GET") { |
|
| 467 | + $log['query'] = $_GET; |
|
| 468 | + } else { |
|
| 469 | + $log['query'] = $_POST; |
|
| 470 | + } |
|
| 455 | 471 | |
| 456 | 472 | $log['cookie'] = $_COOKIE; |
| 457 | 473 | |
@@ -507,8 +523,9 @@ discard block |
||
| 507 | 523 | foreach (self::$config['verifyGetFor'] as $key => $value) { |
| 508 | 524 | $value = str_replace(array('/','*'), array('\/','(.*)'), $value); |
| 509 | 525 | preg_match('/' .$value .'/', self::getCurrentUrl(), $output); |
| 510 | - if (count($output) > 0) |
|
| 511 | - return false; |
|
| 526 | + if (count($output) > 0) { |
|
| 527 | + return false; |
|
| 528 | + } |
|
| 512 | 529 | } |
| 513 | 530 | return true; |
| 514 | 531 | } |
@@ -4,17 +4,17 @@ |
||
| 4 | 4 | */ |
| 5 | 5 | |
| 6 | 6 | return array( |
| 7 | - "CSRFP_TOKEN" => "", |
|
| 8 | - "logDirectory" => "../log", |
|
| 9 | - "failedAuthAction" => array( |
|
| 10 | - "GET" => 0, |
|
| 11 | - "POST" => 0), |
|
| 12 | - "errorRedirectionPage" => "", |
|
| 13 | - "customErrorMessage" => "", |
|
| 14 | - "jsPath" => "../js/csrfprotector.js", |
|
| 15 | - "jsUrl" => "", |
|
| 16 | - "tokenLength" => 50, |
|
| 17 | - "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\"> |
|
| 7 | + "CSRFP_TOKEN" => "", |
|
| 8 | + "logDirectory" => "../log", |
|
| 9 | + "failedAuthAction" => array( |
|
| 10 | + "GET" => 0, |
|
| 11 | + "POST" => 0), |
|
| 12 | + "errorRedirectionPage" => "", |
|
| 13 | + "customErrorMessage" => "", |
|
| 14 | + "jsPath" => "../js/csrfprotector.js", |
|
| 15 | + "jsUrl" => "", |
|
| 16 | + "tokenLength" => 50, |
|
| 17 | + "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\"> |
|
| 18 | 18 | Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you. |
| 19 | 19 | See details of your web browser for how to enable JavaScript.", |
| 20 | 20 | "verifyGetFor" => array("*page=items&type=duo_check*", "*upload.attachments.php*") |
@@ -1,101 +1,101 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | class Duo { |
| 4 | - const DUO_PREFIX = "TX"; |
|
| 5 | - const APP_PREFIX = "APP"; |
|
| 6 | - const AUTH_PREFIX = "AUTH"; |
|
| 7 | - |
|
| 8 | - const DUO_EXPIRE = 300; |
|
| 9 | - const APP_EXPIRE = 3600; |
|
| 10 | - |
|
| 11 | - const IKEY_LEN = 20; |
|
| 12 | - const SKEY_LEN = 40; |
|
| 13 | - const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY |
|
| 14 | - |
|
| 15 | - const ERR_USER = 'ERR|The username passed to sign_request() is invalid.'; |
|
| 16 | - const ERR_IKEY = 'ERR|The Duo integration key passed to sign_request() is invalid.'; |
|
| 17 | - const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.'; |
|
| 18 | - const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.'; |
|
| 19 | - |
|
| 20 | - private static function sign_vals($key, $vals, $prefix, $expire, $time=NULL) { |
|
| 21 | - $exp = ($time ? $time : time()) + $expire; |
|
| 22 | - $val = $vals . '|' . $exp; |
|
| 23 | - $b64 = base64_encode($val); |
|
| 24 | - $cookie = $prefix . '|' . $b64; |
|
| 25 | - |
|
| 26 | - $sig = hash_hmac("sha1", $cookie, $key); |
|
| 27 | - return $cookie . '|' . $sig; |
|
| 28 | - } |
|
| 29 | - |
|
| 30 | - private static function parse_vals($key, $val, $prefix, $ikey, $time=NULL) { |
|
| 31 | - $ts = ($time ? $time : time()); |
|
| 32 | - |
|
| 33 | - $parts = explode('|', $val); |
|
| 34 | - if (count($parts) !== 3) { |
|
| 35 | - return null; |
|
| 36 | - } |
|
| 37 | - list($u_prefix, $u_b64, $u_sig) = $parts; |
|
| 38 | - |
|
| 39 | - $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key); |
|
| 40 | - if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) { |
|
| 41 | - return null; |
|
| 42 | - } |
|
| 43 | - |
|
| 44 | - if ($u_prefix !== $prefix) { |
|
| 45 | - return null; |
|
| 46 | - } |
|
| 47 | - |
|
| 48 | - $cookie_parts = explode('|', base64_decode($u_b64)); |
|
| 49 | - if (count($cookie_parts) !== 3) { |
|
| 50 | - return null; |
|
| 51 | - } |
|
| 52 | - list($user, $u_ikey, $exp) = $cookie_parts; |
|
| 53 | - |
|
| 54 | - if ($u_ikey !== $ikey) { |
|
| 55 | - return null; |
|
| 56 | - } |
|
| 57 | - if ($ts >= intval($exp)) { |
|
| 58 | - return null; |
|
| 59 | - } |
|
| 60 | - |
|
| 61 | - return $user; |
|
| 62 | - } |
|
| 63 | - |
|
| 64 | - public static function signRequest($ikey, $skey, $akey, $username, $time=NULL) { |
|
| 65 | - if (!isset($username) || strlen($username) === 0) { |
|
| 66 | - return self::ERR_USER; |
|
| 67 | - } |
|
| 68 | - if (strpos($username, '|') !== FALSE) { |
|
| 69 | - return self::ERR_USER; |
|
| 70 | - } |
|
| 71 | - if (!isset($ikey) || strlen($ikey) !== self::IKEY_LEN) { |
|
| 72 | - return self::ERR_IKEY; |
|
| 73 | - } |
|
| 74 | - if (!isset($skey) || strlen($skey) !== self::SKEY_LEN) { |
|
| 75 | - return self::ERR_SKEY; |
|
| 76 | - } |
|
| 77 | - if (!isset($akey) || strlen($akey) < self::AKEY_LEN) { |
|
| 78 | - return self::ERR_AKEY; |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - $vals = $username . '|' . $ikey; |
|
| 82 | - |
|
| 83 | - $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time); |
|
| 84 | - $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time); |
|
| 85 | - |
|
| 86 | - return $duo_sig . ':' . $app_sig; |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time=NULL) { |
|
| 90 | - list($auth_sig, $app_sig) = explode(':', $sig_response); |
|
| 91 | - |
|
| 92 | - $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time); |
|
| 93 | - $app_user = self::parse_vals($akey, $app_sig, self::APP_PREFIX, $ikey, $time); |
|
| 94 | - |
|
| 95 | - if ($auth_user !== $app_user) { |
|
| 96 | - return null; |
|
| 97 | - } |
|
| 98 | - |
|
| 99 | - return $auth_user; |
|
| 100 | - } |
|
| 4 | + const DUO_PREFIX = "TX"; |
|
| 5 | + const APP_PREFIX = "APP"; |
|
| 6 | + const AUTH_PREFIX = "AUTH"; |
|
| 7 | + |
|
| 8 | + const DUO_EXPIRE = 300; |
|
| 9 | + const APP_EXPIRE = 3600; |
|
| 10 | + |
|
| 11 | + const IKEY_LEN = 20; |
|
| 12 | + const SKEY_LEN = 40; |
|
| 13 | + const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY |
|
| 14 | + |
|
| 15 | + const ERR_USER = 'ERR|The username passed to sign_request() is invalid.'; |
|
| 16 | + const ERR_IKEY = 'ERR|The Duo integration key passed to sign_request() is invalid.'; |
|
| 17 | + const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.'; |
|
| 18 | + const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.'; |
|
| 19 | + |
|
| 20 | + private static function sign_vals($key, $vals, $prefix, $expire, $time=NULL) { |
|
| 21 | + $exp = ($time ? $time : time()) + $expire; |
|
| 22 | + $val = $vals . '|' . $exp; |
|
| 23 | + $b64 = base64_encode($val); |
|
| 24 | + $cookie = $prefix . '|' . $b64; |
|
| 25 | + |
|
| 26 | + $sig = hash_hmac("sha1", $cookie, $key); |
|
| 27 | + return $cookie . '|' . $sig; |
|
| 28 | + } |
|
| 29 | + |
|
| 30 | + private static function parse_vals($key, $val, $prefix, $ikey, $time=NULL) { |
|
| 31 | + $ts = ($time ? $time : time()); |
|
| 32 | + |
|
| 33 | + $parts = explode('|', $val); |
|
| 34 | + if (count($parts) !== 3) { |
|
| 35 | + return null; |
|
| 36 | + } |
|
| 37 | + list($u_prefix, $u_b64, $u_sig) = $parts; |
|
| 38 | + |
|
| 39 | + $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key); |
|
| 40 | + if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) { |
|
| 41 | + return null; |
|
| 42 | + } |
|
| 43 | + |
|
| 44 | + if ($u_prefix !== $prefix) { |
|
| 45 | + return null; |
|
| 46 | + } |
|
| 47 | + |
|
| 48 | + $cookie_parts = explode('|', base64_decode($u_b64)); |
|
| 49 | + if (count($cookie_parts) !== 3) { |
|
| 50 | + return null; |
|
| 51 | + } |
|
| 52 | + list($user, $u_ikey, $exp) = $cookie_parts; |
|
| 53 | + |
|
| 54 | + if ($u_ikey !== $ikey) { |
|
| 55 | + return null; |
|
| 56 | + } |
|
| 57 | + if ($ts >= intval($exp)) { |
|
| 58 | + return null; |
|
| 59 | + } |
|
| 60 | + |
|
| 61 | + return $user; |
|
| 62 | + } |
|
| 63 | + |
|
| 64 | + public static function signRequest($ikey, $skey, $akey, $username, $time=NULL) { |
|
| 65 | + if (!isset($username) || strlen($username) === 0) { |
|
| 66 | + return self::ERR_USER; |
|
| 67 | + } |
|
| 68 | + if (strpos($username, '|') !== FALSE) { |
|
| 69 | + return self::ERR_USER; |
|
| 70 | + } |
|
| 71 | + if (!isset($ikey) || strlen($ikey) !== self::IKEY_LEN) { |
|
| 72 | + return self::ERR_IKEY; |
|
| 73 | + } |
|
| 74 | + if (!isset($skey) || strlen($skey) !== self::SKEY_LEN) { |
|
| 75 | + return self::ERR_SKEY; |
|
| 76 | + } |
|
| 77 | + if (!isset($akey) || strlen($akey) < self::AKEY_LEN) { |
|
| 78 | + return self::ERR_AKEY; |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + $vals = $username . '|' . $ikey; |
|
| 82 | + |
|
| 83 | + $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time); |
|
| 84 | + $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time); |
|
| 85 | + |
|
| 86 | + return $duo_sig . ':' . $app_sig; |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time=NULL) { |
|
| 90 | + list($auth_sig, $app_sig) = explode(':', $sig_response); |
|
| 91 | + |
|
| 92 | + $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time); |
|
| 93 | + $app_user = self::parse_vals($akey, $app_sig, self::APP_PREFIX, $ikey, $time); |
|
| 94 | + |
|
| 95 | + if ($auth_user !== $app_user) { |
|
| 96 | + return null; |
|
| 97 | + } |
|
| 98 | + |
|
| 99 | + return $auth_user; |
|
| 100 | + } |
|
| 101 | 101 | } |
| 102 | 102 | \ No newline at end of file |
@@ -17,17 +17,17 @@ discard block |
||
| 17 | 17 | const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.'; |
| 18 | 18 | const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.'; |
| 19 | 19 | |
| 20 | - private static function sign_vals($key, $vals, $prefix, $expire, $time=NULL) { |
|
| 20 | + private static function sign_vals($key, $vals, $prefix, $expire, $time = NULL) { |
|
| 21 | 21 | $exp = ($time ? $time : time()) + $expire; |
| 22 | - $val = $vals . '|' . $exp; |
|
| 22 | + $val = $vals.'|'.$exp; |
|
| 23 | 23 | $b64 = base64_encode($val); |
| 24 | - $cookie = $prefix . '|' . $b64; |
|
| 24 | + $cookie = $prefix.'|'.$b64; |
|
| 25 | 25 | |
| 26 | 26 | $sig = hash_hmac("sha1", $cookie, $key); |
| 27 | - return $cookie . '|' . $sig; |
|
| 27 | + return $cookie.'|'.$sig; |
|
| 28 | 28 | } |
| 29 | 29 | |
| 30 | - private static function parse_vals($key, $val, $prefix, $ikey, $time=NULL) { |
|
| 30 | + private static function parse_vals($key, $val, $prefix, $ikey, $time = NULL) { |
|
| 31 | 31 | $ts = ($time ? $time : time()); |
| 32 | 32 | |
| 33 | 33 | $parts = explode('|', $val); |
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | } |
| 37 | 37 | list($u_prefix, $u_b64, $u_sig) = $parts; |
| 38 | 38 | |
| 39 | - $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key); |
|
| 39 | + $sig = hash_hmac("sha1", $u_prefix.'|'.$u_b64, $key); |
|
| 40 | 40 | if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) { |
| 41 | 41 | return null; |
| 42 | 42 | } |
@@ -61,7 +61,7 @@ discard block |
||
| 61 | 61 | return $user; |
| 62 | 62 | } |
| 63 | 63 | |
| 64 | - public static function signRequest($ikey, $skey, $akey, $username, $time=NULL) { |
|
| 64 | + public static function signRequest($ikey, $skey, $akey, $username, $time = NULL) { |
|
| 65 | 65 | if (!isset($username) || strlen($username) === 0) { |
| 66 | 66 | return self::ERR_USER; |
| 67 | 67 | } |
@@ -78,15 +78,15 @@ discard block |
||
| 78 | 78 | return self::ERR_AKEY; |
| 79 | 79 | } |
| 80 | 80 | |
| 81 | - $vals = $username . '|' . $ikey; |
|
| 81 | + $vals = $username.'|'.$ikey; |
|
| 82 | 82 | |
| 83 | 83 | $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time); |
| 84 | 84 | $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time); |
| 85 | 85 | |
| 86 | - return $duo_sig . ':' . $app_sig; |
|
| 86 | + return $duo_sig.':'.$app_sig; |
|
| 87 | 87 | } |
| 88 | 88 | |
| 89 | - public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time=NULL) { |
|
| 89 | + public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time = NULL) { |
|
| 90 | 90 | list($auth_sig, $app_sig) = explode(':', $sig_response); |
| 91 | 91 | |
| 92 | 92 | $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time); |
@@ -6,6 +6,6 @@ |
||
| 6 | 6 | { |
| 7 | 7 | function __construct($message = "", $code = 0, $exception = null) |
| 8 | 8 | { |
| 9 | - parent::__construct($message, $code, $exception); |
|
| 9 | + parent::__construct($message, $code, $exception); |
|
| 10 | 10 | } |
| 11 | 11 | } |
| 12 | 12 | \ No newline at end of file |
@@ -26,11 +26,11 @@ |
||
| 26 | 26 | { |
| 27 | 27 | switch (strtolower($this->format)) |
| 28 | 28 | { |
| 29 | - case 'p': |
|
| 29 | + case 'p': |
|
| 30 | 30 | return 'image/png'; |
| 31 | - case 'g': |
|
| 31 | + case 'g': |
|
| 32 | 32 | return 'image/gif'; |
| 33 | - case 'j': |
|
| 33 | + case 'j': |
|
| 34 | 34 | return 'image/jpeg'; |
| 35 | 35 | } |
| 36 | 36 | throw new QRException(sprintf('Unknown MIME-type: %s', $this->format)); |
@@ -44,11 +44,11 @@ |
||
| 44 | 44 | public function getUrl($qrtext, $size) |
| 45 | 45 | { |
| 46 | 46 | return 'http://qrickit.com/api/qr' |
| 47 | - . '?qrsize=' . $size |
|
| 48 | - . '&e=' . strtolower($this->errorcorrectionlevel) |
|
| 49 | - . '&bgdcolor=' . $this->bgcolor |
|
| 50 | - . '&fgdcolor=' . $this->color |
|
| 51 | - . '&t=' . strtolower($this->format) |
|
| 52 | - . '&d=' . rawurlencode($qrtext); |
|
| 47 | + . '?qrsize='.$size |
|
| 48 | + . '&e='.strtolower($this->errorcorrectionlevel) |
|
| 49 | + . '&bgdcolor='.$this->bgcolor |
|
| 50 | + . '&fgdcolor='.$this->color |
|
| 51 | + . '&t='.strtolower($this->format) |
|
| 52 | + . '&d='.rawurlencode($qrtext); |
|
| 53 | 53 | } |
| 54 | 54 | } |
| 55 | 55 | \ No newline at end of file |
@@ -33,8 +33,8 @@ |
||
| 33 | 33 | public function getUrl($qrtext, $size) |
| 34 | 34 | { |
| 35 | 35 | return 'https://chart.googleapis.com/chart?cht=qr' |
| 36 | - . '&chs=' . $size . 'x' . $size |
|
| 37 | - . '&chld=' . $this->errorcorrectionlevel . '|' . $this->margin |
|
| 38 | - . '&chl=' . rawurlencode($qrtext); |
|
| 36 | + . '&chs='.$size.'x'.$size |
|
| 37 | + . '&chld='.$this->errorcorrectionlevel.'|'.$this->margin |
|
| 38 | + . '&chl='.rawurlencode($qrtext); |
|
| 39 | 39 | } |
| 40 | 40 | } |
| 41 | 41 | \ No newline at end of file |
@@ -11,8 +11,9 @@ |
||
| 11 | 11 | |
| 12 | 12 | function __construct($verifyssl = false, $errorcorrectionlevel = 'L', $margin = 1) |
| 13 | 13 | { |
| 14 | - if (!is_bool($verifyssl)) |
|
| 15 | - throw new QRException('VerifySSL must be bool'); |
|
| 14 | + if (!is_bool($verifyssl)) { |
|
| 15 | + throw new QRException('VerifySSL must be bool'); |
|
| 16 | + } |
|
| 16 | 17 | |
| 17 | 18 | $this->verifyssl = $verifyssl; |
| 18 | 19 | |
@@ -12,8 +12,9 @@ |
||
| 12 | 12 | |
| 13 | 13 | public function getRandomBytes($bytecount) { |
| 14 | 14 | $result = mcrypt_create_iv($bytecount, $this->source); |
| 15 | - if ($result === false) |
|
| 16 | - throw new RNGException('mcrypt_create_iv returned an invalid value'); |
|
| 15 | + if ($result === false) { |
|
| 16 | + throw new RNGException('mcrypt_create_iv returned an invalid value'); |
|
| 17 | + } |
|
| 17 | 18 | return $result; |
| 18 | 19 | } |
| 19 | 20 | |
