@@ -123,7 +123,7 @@ |
||
123 | 123 | */ |
124 | 124 | while ($range > 0) { |
125 | 125 | if ($bits % 8 === 0) { |
126 | - ++$bytes; |
|
126 | + ++$bytes; |
|
127 | 127 | } |
128 | 128 | ++$bits; |
129 | 129 | $range >>= 1; |
@@ -151,7 +151,7 @@ |
||
151 | 151 | } elseif (empty($characters)) { |
152 | 152 | // Default to base 64 |
153 | 153 | $characters = '0123456789abcdefghijklmnopqrstuvwxyz' . |
154 | - 'ABCDEFGHIJKLMNOPQRSTUVWXYZ./'; |
|
154 | + 'ABCDEFGHIJKLMNOPQRSTUVWXYZ./'; |
|
155 | 155 | } |
156 | 156 | // determine how many bytes to generate |
157 | 157 | // This is basically doing floor(log(strlen($characters))) |
@@ -20,7 +20,7 @@ |
||
20 | 20 | * is in use. So if it does not exist at this point, we know we must bootstrap |
21 | 21 | * the libraries. |
22 | 22 | */ |
23 | - /* |
|
23 | + /* |
|
24 | 24 | if (!class_exists('\\PasswordLib\Core\AutoLoader', true)) { |
25 | 25 | require_once 'bootstrap.php'; |
26 | 26 | } |
@@ -63,7 +63,7 @@ |
||
63 | 63 | }, $line); |
64 | 64 | |
65 | 65 | $sql = 'INSERT INTO ' . $this->table . '(' . join(', ', $this->columns) . ')' . |
66 | - ' VALUES(' . join(',', $prepare) . ')'; |
|
66 | + ' VALUES(' . join(',', $prepare) . ')'; |
|
67 | 67 | |
68 | 68 | $stmt = $this->pdo->prepare($sql); |
69 | 69 | $stmt->execute($line); |
@@ -57,6 +57,6 @@ |
||
57 | 57 | }, $line); |
58 | 58 | |
59 | 59 | return 'INSERT INTO ' . $this->table . '(' . join(', ', $this->columns) . ')' . |
60 | - ' VALUES(' . join(', ', $line) . ');'; |
|
60 | + ' VALUES(' . join(', ', $line) . ');'; |
|
61 | 61 | } |
62 | 62 | } |
@@ -35,8 +35,8 @@ discard block |
||
35 | 35 | $this->table = $table; |
36 | 36 | |
37 | 37 | $this->fields = array('id' => $idField, |
38 | - 'parent' => $parentField, |
|
39 | - 'sort' => $sortField |
|
38 | + 'parent' => $parentField, |
|
39 | + 'sort' => $sortField |
|
40 | 40 | ); |
41 | 41 | } |
42 | 42 | |
@@ -49,7 +49,7 @@ discard block |
||
49 | 49 | public function getFields() |
50 | 50 | { |
51 | 51 | return array($this->fields['id'], $this->fields['parent'], $this->fields['sort'], |
52 | - 'nleft', 'nright', 'nlevel', 'personal_folder', 'renewal_period', 'bloquer_modification', 'bloquer_creation'); |
|
52 | + 'nleft', 'nright', 'nlevel', 'personal_folder', 'renewal_period', 'bloquer_modification', 'bloquer_creation'); |
|
53 | 53 | } |
54 | 54 | |
55 | 55 | /** |
@@ -356,12 +356,12 @@ discard block |
||
356 | 356 | $idField = $this->fields['id']; |
357 | 357 | $parentField = $this->fields['parent']; |
358 | 358 | |
359 | - $query = sprintf( |
|
360 | - 'select %s from %s order by %s', |
|
361 | - join(',', $this->getFields()), |
|
362 | - $this->table, |
|
363 | - $this->fields['sort'] |
|
364 | - ); |
|
359 | + $query = sprintf( |
|
360 | + 'select %s from %s order by %s', |
|
361 | + join(',', $this->getFields()), |
|
362 | + $this->table, |
|
363 | + $this->fields['sort'] |
|
364 | + ); |
|
365 | 365 | |
366 | 366 | $result = mysqli_query($link, $query); |
367 | 367 |
@@ -4,17 +4,17 @@ |
||
4 | 4 | */ |
5 | 5 | |
6 | 6 | return array( |
7 | - "CSRFP_TOKEN" => "", |
|
8 | - "logDirectory" => "../log", |
|
9 | - "failedAuthAction" => array( |
|
10 | - "GET" => 0, |
|
11 | - "POST" => 0), |
|
12 | - "errorRedirectionPage" => "", |
|
13 | - "customErrorMessage" => "", |
|
14 | - "jsPath" => "../js/csrfprotector.js", |
|
15 | - "jsUrl" => "", |
|
16 | - "tokenLength" => 50, |
|
17 | - "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\"> |
|
7 | + "CSRFP_TOKEN" => "", |
|
8 | + "logDirectory" => "../log", |
|
9 | + "failedAuthAction" => array( |
|
10 | + "GET" => 0, |
|
11 | + "POST" => 0), |
|
12 | + "errorRedirectionPage" => "", |
|
13 | + "customErrorMessage" => "", |
|
14 | + "jsPath" => "../js/csrfprotector.js", |
|
15 | + "jsUrl" => "", |
|
16 | + "tokenLength" => 50, |
|
17 | + "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\"> |
|
18 | 18 | Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you. |
19 | 19 | See details of your web browser for how to enable JavaScript.", |
20 | 20 | "verifyGetFor" => array("*page=items&type=duo_check*", "*upload.attachments.php*") |
@@ -1,101 +1,101 @@ |
||
1 | 1 | <?php |
2 | 2 | |
3 | 3 | class Duo { |
4 | - const DUO_PREFIX = "TX"; |
|
5 | - const APP_PREFIX = "APP"; |
|
6 | - const AUTH_PREFIX = "AUTH"; |
|
7 | - |
|
8 | - const DUO_EXPIRE = 300; |
|
9 | - const APP_EXPIRE = 3600; |
|
10 | - |
|
11 | - const IKEY_LEN = 20; |
|
12 | - const SKEY_LEN = 40; |
|
13 | - const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY |
|
14 | - |
|
15 | - const ERR_USER = 'ERR|The username passed to sign_request() is invalid.'; |
|
16 | - const ERR_IKEY = 'ERR|The Duo integration key passed to sign_request() is invalid.'; |
|
17 | - const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.'; |
|
18 | - const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.'; |
|
19 | - |
|
20 | - private static function sign_vals($key, $vals, $prefix, $expire, $time=NULL) { |
|
21 | - $exp = ($time ? $time : time()) + $expire; |
|
22 | - $val = $vals . '|' . $exp; |
|
23 | - $b64 = base64_encode($val); |
|
24 | - $cookie = $prefix . '|' . $b64; |
|
25 | - |
|
26 | - $sig = hash_hmac("sha1", $cookie, $key); |
|
27 | - return $cookie . '|' . $sig; |
|
28 | - } |
|
29 | - |
|
30 | - private static function parse_vals($key, $val, $prefix, $ikey, $time=NULL) { |
|
31 | - $ts = ($time ? $time : time()); |
|
32 | - |
|
33 | - $parts = explode('|', $val); |
|
34 | - if (count($parts) !== 3) { |
|
35 | - return null; |
|
36 | - } |
|
37 | - list($u_prefix, $u_b64, $u_sig) = $parts; |
|
38 | - |
|
39 | - $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key); |
|
40 | - if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) { |
|
41 | - return null; |
|
42 | - } |
|
43 | - |
|
44 | - if ($u_prefix !== $prefix) { |
|
45 | - return null; |
|
46 | - } |
|
47 | - |
|
48 | - $cookie_parts = explode('|', base64_decode($u_b64)); |
|
49 | - if (count($cookie_parts) !== 3) { |
|
50 | - return null; |
|
51 | - } |
|
52 | - list($user, $u_ikey, $exp) = $cookie_parts; |
|
53 | - |
|
54 | - if ($u_ikey !== $ikey) { |
|
55 | - return null; |
|
56 | - } |
|
57 | - if ($ts >= intval($exp)) { |
|
58 | - return null; |
|
59 | - } |
|
60 | - |
|
61 | - return $user; |
|
62 | - } |
|
63 | - |
|
64 | - public static function signRequest($ikey, $skey, $akey, $username, $time=NULL) { |
|
65 | - if (!isset($username) || strlen($username) === 0) { |
|
66 | - return self::ERR_USER; |
|
67 | - } |
|
68 | - if (strpos($username, '|') !== FALSE) { |
|
69 | - return self::ERR_USER; |
|
70 | - } |
|
71 | - if (!isset($ikey) || strlen($ikey) !== self::IKEY_LEN) { |
|
72 | - return self::ERR_IKEY; |
|
73 | - } |
|
74 | - if (!isset($skey) || strlen($skey) !== self::SKEY_LEN) { |
|
75 | - return self::ERR_SKEY; |
|
76 | - } |
|
77 | - if (!isset($akey) || strlen($akey) < self::AKEY_LEN) { |
|
78 | - return self::ERR_AKEY; |
|
79 | - } |
|
80 | - |
|
81 | - $vals = $username . '|' . $ikey; |
|
82 | - |
|
83 | - $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time); |
|
84 | - $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time); |
|
85 | - |
|
86 | - return $duo_sig . ':' . $app_sig; |
|
87 | - } |
|
88 | - |
|
89 | - public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time=NULL) { |
|
90 | - list($auth_sig, $app_sig) = explode(':', $sig_response); |
|
91 | - |
|
92 | - $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time); |
|
93 | - $app_user = self::parse_vals($akey, $app_sig, self::APP_PREFIX, $ikey, $time); |
|
94 | - |
|
95 | - if ($auth_user !== $app_user) { |
|
96 | - return null; |
|
97 | - } |
|
98 | - |
|
99 | - return $auth_user; |
|
100 | - } |
|
4 | + const DUO_PREFIX = "TX"; |
|
5 | + const APP_PREFIX = "APP"; |
|
6 | + const AUTH_PREFIX = "AUTH"; |
|
7 | + |
|
8 | + const DUO_EXPIRE = 300; |
|
9 | + const APP_EXPIRE = 3600; |
|
10 | + |
|
11 | + const IKEY_LEN = 20; |
|
12 | + const SKEY_LEN = 40; |
|
13 | + const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY |
|
14 | + |
|
15 | + const ERR_USER = 'ERR|The username passed to sign_request() is invalid.'; |
|
16 | + const ERR_IKEY = 'ERR|The Duo integration key passed to sign_request() is invalid.'; |
|
17 | + const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.'; |
|
18 | + const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.'; |
|
19 | + |
|
20 | + private static function sign_vals($key, $vals, $prefix, $expire, $time=NULL) { |
|
21 | + $exp = ($time ? $time : time()) + $expire; |
|
22 | + $val = $vals . '|' . $exp; |
|
23 | + $b64 = base64_encode($val); |
|
24 | + $cookie = $prefix . '|' . $b64; |
|
25 | + |
|
26 | + $sig = hash_hmac("sha1", $cookie, $key); |
|
27 | + return $cookie . '|' . $sig; |
|
28 | + } |
|
29 | + |
|
30 | + private static function parse_vals($key, $val, $prefix, $ikey, $time=NULL) { |
|
31 | + $ts = ($time ? $time : time()); |
|
32 | + |
|
33 | + $parts = explode('|', $val); |
|
34 | + if (count($parts) !== 3) { |
|
35 | + return null; |
|
36 | + } |
|
37 | + list($u_prefix, $u_b64, $u_sig) = $parts; |
|
38 | + |
|
39 | + $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key); |
|
40 | + if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) { |
|
41 | + return null; |
|
42 | + } |
|
43 | + |
|
44 | + if ($u_prefix !== $prefix) { |
|
45 | + return null; |
|
46 | + } |
|
47 | + |
|
48 | + $cookie_parts = explode('|', base64_decode($u_b64)); |
|
49 | + if (count($cookie_parts) !== 3) { |
|
50 | + return null; |
|
51 | + } |
|
52 | + list($user, $u_ikey, $exp) = $cookie_parts; |
|
53 | + |
|
54 | + if ($u_ikey !== $ikey) { |
|
55 | + return null; |
|
56 | + } |
|
57 | + if ($ts >= intval($exp)) { |
|
58 | + return null; |
|
59 | + } |
|
60 | + |
|
61 | + return $user; |
|
62 | + } |
|
63 | + |
|
64 | + public static function signRequest($ikey, $skey, $akey, $username, $time=NULL) { |
|
65 | + if (!isset($username) || strlen($username) === 0) { |
|
66 | + return self::ERR_USER; |
|
67 | + } |
|
68 | + if (strpos($username, '|') !== FALSE) { |
|
69 | + return self::ERR_USER; |
|
70 | + } |
|
71 | + if (!isset($ikey) || strlen($ikey) !== self::IKEY_LEN) { |
|
72 | + return self::ERR_IKEY; |
|
73 | + } |
|
74 | + if (!isset($skey) || strlen($skey) !== self::SKEY_LEN) { |
|
75 | + return self::ERR_SKEY; |
|
76 | + } |
|
77 | + if (!isset($akey) || strlen($akey) < self::AKEY_LEN) { |
|
78 | + return self::ERR_AKEY; |
|
79 | + } |
|
80 | + |
|
81 | + $vals = $username . '|' . $ikey; |
|
82 | + |
|
83 | + $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time); |
|
84 | + $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time); |
|
85 | + |
|
86 | + return $duo_sig . ':' . $app_sig; |
|
87 | + } |
|
88 | + |
|
89 | + public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time=NULL) { |
|
90 | + list($auth_sig, $app_sig) = explode(':', $sig_response); |
|
91 | + |
|
92 | + $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time); |
|
93 | + $app_user = self::parse_vals($akey, $app_sig, self::APP_PREFIX, $ikey, $time); |
|
94 | + |
|
95 | + if ($auth_user !== $app_user) { |
|
96 | + return null; |
|
97 | + } |
|
98 | + |
|
99 | + return $auth_user; |
|
100 | + } |
|
101 | 101 | } |
102 | 102 | \ No newline at end of file |
@@ -6,6 +6,6 @@ |
||
6 | 6 | { |
7 | 7 | function __construct($message = "", $code = 0, $exception = null) |
8 | 8 | { |
9 | - parent::__construct($message, $code, $exception); |
|
9 | + parent::__construct($message, $code, $exception); |
|
10 | 10 | } |
11 | 11 | } |
12 | 12 | \ No newline at end of file |