mirror of
https://github.com/fusionpbx/fusionpbx.git
synced 2026-01-06 11:43:50 +00:00
Create token.php
This commit is contained in:
FusionPBX
108
resources/classes/token.php
Normal file
108
resources/classes/token.php
Normal file
@@ -0,0 +1,108 @@
|
||||
<?php
|
||||
/*
|
||||
FusionPBX
|
||||
Version: MPL 1.1
|
||||
|
||||
The contents of this file are subject to the Mozilla Public License Version
|
||||
1.1 (the "License"); you may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
http://www.mozilla.org/MPL/
|
||||
|
||||
Software distributed under the License is distributed on an "AS IS" basis,
|
||||
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
for the specific language governing rights and limitations under the
|
||||
License.
|
||||
|
||||
The Original Code is FusionPBX
|
||||
|
||||
The Initial Developer of the Original Code is
|
||||
Mark J Crane <markjcrane@fusionpbx.com>
|
||||
Portions created by the Initial Developer are Copyright (C) 2019
|
||||
the Initial Developer. All Rights Reserved.
|
||||
|
||||
Contributor(s):
|
||||
Mark J Crane <markjcrane@fusionpbx.com>
|
||||
*/
|
||||
|
||||
/**
|
||||
* captcha class
|
||||
*
|
||||
* @method string get
|
||||
*/
|
||||
class token {
|
||||
|
||||
/**
|
||||
* Called when the object is created
|
||||
*/
|
||||
//public $code;
|
||||
|
||||
/**
|
||||
* Class constructor
|
||||
*/
|
||||
public function __construct() {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Called when there are no references to a particular object
|
||||
* unset the variables used in the class
|
||||
*/
|
||||
public function __destruct() {
|
||||
foreach ($this as $key => $value) {
|
||||
unset($this->$key);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Create the token
|
||||
* @var string $key
|
||||
*/
|
||||
public function create($key) {
|
||||
|
||||
//create a token and save in the token session array
|
||||
$_SESSION['tokens'][$key]['name'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
|
||||
$_SESSION['tokens'][$key]['hash'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
|
||||
|
||||
//send the hash
|
||||
return $_SESSION['tokens'][$key]['hash'];
|
||||
}
|
||||
|
||||
/**
|
||||
* validate the token
|
||||
* @var string $key
|
||||
*/
|
||||
public function validate($key, $value) {
|
||||
|
||||
//compare the hashed tokens
|
||||
if (hash_equals($_SESSION['tokens'][$key]['hash'], $value)) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
//create token
|
||||
$token = new token;
|
||||
$token_hash = $token->create('/app/users/user_edit.php');
|
||||
|
||||
echo "<input type='hidden' name='token' value='".$token_hash."'>";
|
||||
|
||||
//------------------------
|
||||
|
||||
//validate the token
|
||||
$token = new token;
|
||||
$token_valid = $token->validate('/app/users/user_edit.php', $_POST['token']);
|
||||
if (!$token_valid) {
|
||||
echo "access denied";
|
||||
exit;
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user