nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tokens: Multiple token support.

Browse Source
This commit is contained in:
Nate
2020-03-28 21:40:33 -06:00
parent 780450919e
commit 1ed699a850
1 changed files with 29 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
resources/classes/token.php
View File

@@ -17,7 +17,7 @@
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2019
Portions created by the Initial Developer are Copyright (C) 2019-2020
the Initial Developer. All Rights Reserved.
Contributor(s):
@@ -60,14 +60,19 @@ class token {
public function create($key) {
//allow only specific characters
$key = preg_replace('[^a-zA-Z0-9\-_@.\/]', '', $key);
$key = preg_replace('[^a-zA-Z0-9\-_@.\/]', '', $key);
//create a token and save in the token session array
$_SESSION['tokens'][$key]['name'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
$_SESSION['tokens'][$key]['hash'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
//create a token for the key submitted
$token = [
'name'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32))),
'hash'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32)))
];
//save in the token session array
$_SESSION['tokens'][$key][] = $token;
//send the hash
return $_SESSION['tokens'][$key];
return $token;
}
@@ -78,27 +83,31 @@ class token {
public function validate($key, $value = null) {
//allow only specific characters
$key = preg_replace('[^a-zA-Z0-9]', '', $key);
$key = preg_replace('[^a-zA-Z0-9]', '', $key);
//get the token name
$token_name = $_SESSION['tokens'][$key]['name'];
if (isset($_REQUEST[$token_name])) {
$value = $_REQUEST[$token_name];
}
else {
$value;
}
if (is_array($_SESSION['tokens'][$key]) && @sizeof($_SESSION['tokens'][$key]) != 0) {
foreach ($_SESSION['tokens'][$key] as $t => $token) {
$token_name = $token['name'];
if (isset($_REQUEST[$token_name])) {
$value = $_REQUEST[$token_name];
}
}
}
//limit the value to specific characters
$value = preg_replace('[^a-zA-Z0-9]', '', $value);
$value = preg_replace('[^a-zA-Z0-9]', '', $value);
//compare the hashed tokens
if (hash_equals($_SESSION['tokens'][$key]['hash'], $value)) {
return true;
}
else {
if (is_array($_SESSION['tokens'][$key]) && @sizeof($_SESSION['tokens'][$key]) != 0) {
foreach ($_SESSION['tokens'][$key] as $t => $token) {
if (hash_equals($token['hash'], $value)) {
unset($_SESSION['tokens'][$key][$t]);
return true;
}
}
}
return false;
}
}