2015-01-09 09:22:31 +01:00
|
|
|
<?php
|
|
|
|
namespace Framadate\Security;
|
|
|
|
|
|
|
|
class Token {
|
2021-12-20 17:46:50 +01:00
|
|
|
public const DEFAULT_LENGTH = 64;
|
2015-01-09 09:22:31 +01:00
|
|
|
private $time;
|
|
|
|
private $value;
|
2015-04-02 11:58:35 +02:00
|
|
|
private $length;
|
|
|
|
private static $codeAlphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789';
|
2015-01-09 09:22:31 +01:00
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
public function __construct($length = self::DEFAULT_LENGTH) {
|
2015-04-02 11:58:35 +02:00
|
|
|
$this->length = $length;
|
2015-01-10 16:35:21 +01:00
|
|
|
$this->time = time() + TOKEN_TIME;
|
|
|
|
$this->value = $this->generate();
|
2015-01-09 09:22:31 +01:00
|
|
|
}
|
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
public function getTime(): int
|
|
|
|
{
|
2015-01-10 16:35:21 +01:00
|
|
|
return $this->time;
|
|
|
|
}
|
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
public function getValue(): string
|
|
|
|
{
|
2015-01-10 16:35:21 +01:00
|
|
|
return $this->value;
|
|
|
|
}
|
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
public function isGone(): bool
|
|
|
|
{
|
2015-01-10 16:35:21 +01:00
|
|
|
return $this->time < time();
|
|
|
|
}
|
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
public function check($value): bool
|
|
|
|
{
|
2015-01-10 16:35:21 +01:00
|
|
|
return $value === $this->value;
|
2015-01-09 09:22:31 +01:00
|
|
|
}
|
|
|
|
|
2015-04-02 11:58:35 +02:00
|
|
|
/**
|
|
|
|
* Get a secure token if possible, or a less secure one if not.
|
|
|
|
*
|
|
|
|
* @param int $length The token length
|
|
|
|
* @param bool $crypto_strong If passed, tells if the token is "cryptographically strong" or not.
|
|
|
|
* @return string
|
|
|
|
*/
|
2021-12-20 17:46:50 +01:00
|
|
|
public static function getToken(int $length = self::DEFAULT_LENGTH, bool &$crypto_strong = false): string
|
|
|
|
{
|
2015-04-02 11:58:35 +02:00
|
|
|
if (function_exists('openssl_random_pseudo_bytes')) {
|
|
|
|
openssl_random_pseudo_bytes(1, $crypto_strong); // Fake use to see if the algorithm used was "cryptographically strong"
|
|
|
|
return self::getSecureToken($length);
|
|
|
|
}
|
|
|
|
return self::getUnsecureToken($length);
|
|
|
|
}
|
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
public static function getUnsecureToken(int $length): string
|
|
|
|
{
|
2015-04-02 11:58:35 +02:00
|
|
|
$string = '';
|
|
|
|
mt_srand();
|
|
|
|
for ($i = 0; $i < $length; $i++) {
|
|
|
|
$string .= self::$codeAlphabet[mt_rand() % strlen(self::$codeAlphabet)];
|
|
|
|
}
|
|
|
|
|
|
|
|
return $string;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @author http://stackoverflow.com/a/13733588
|
|
|
|
*/
|
2021-12-20 17:46:50 +01:00
|
|
|
public static function getSecureToken(int $length): string
|
|
|
|
{
|
2015-04-02 11:58:35 +02:00
|
|
|
$token = "";
|
|
|
|
for($i=0;$i<$length;$i++){
|
|
|
|
$token .= self::$codeAlphabet[self::crypto_rand_secure(0,strlen(self::$codeAlphabet))];
|
|
|
|
}
|
|
|
|
return $token;
|
|
|
|
}
|
|
|
|
|
2021-12-20 17:46:50 +01:00
|
|
|
private function generate(): string
|
|
|
|
{
|
2018-02-19 00:18:43 +01:00
|
|
|
return self::getToken($this->length);
|
|
|
|
}
|
|
|
|
|
2015-04-02 11:58:35 +02:00
|
|
|
/**
|
|
|
|
* @author http://us1.php.net/manual/en/function.openssl-random-pseudo-bytes.php#104322
|
2021-12-20 17:46:50 +01:00
|
|
|
*
|
|
|
|
* @param int $max
|
|
|
|
*
|
|
|
|
* @psalm-param 0 $min
|
|
|
|
* @psalm-param 0|positive-int $max
|
2015-04-02 11:58:35 +02:00
|
|
|
*/
|
2021-12-20 17:46:50 +01:00
|
|
|
private static function crypto_rand_secure(int $min, $max): int {
|
2015-04-02 11:58:35 +02:00
|
|
|
$range = $max - $min;
|
2021-12-20 17:46:50 +01:00
|
|
|
// not so random...
|
|
|
|
if ($range < 0) {
|
|
|
|
return $min;
|
|
|
|
}
|
2015-04-02 11:58:35 +02:00
|
|
|
$log = log($range, 2);
|
|
|
|
$bytes = (int) ($log / 8) + 1; // length in bytes
|
|
|
|
$bits = (int) $log + 1; // length in bits
|
|
|
|
$filter = (int) (1 << $bits) - 1; // set all lower bits to 1
|
|
|
|
do {
|
|
|
|
$rnd = hexdec(bin2hex(openssl_random_pseudo_bytes($bytes)));
|
2021-12-20 17:46:50 +01:00
|
|
|
$rnd &= $filter; // discard irrelevant bits
|
2015-04-02 11:58:35 +02:00
|
|
|
} while ($rnd >= $range);
|
|
|
|
return $min + $rnd;
|
|
|
|
}
|
2015-01-09 09:22:31 +01:00
|
|
|
}
|