date.chapril.org-framadate/app/classes/Framadate/Services/SecurityService.php

52 lines
1.3 KiB
PHP
Raw Normal View History

2015-01-09 09:22:31 +01:00
<?php
namespace Framadate\Services;
use Framadate\Security\Token;
class SecurityService {
function __construct() {
}
2015-01-10 16:35:21 +01:00
/**
* Get a CSRF token by name, or (re)create it.
*
* It creates a new token if :
* <ul>
* <li>There no token with the given name in session</li>
* <li>The token time is in past</li>
* </ul>
*
* @param $tokan_name string The name of the CSRF token
* @return Token The token
*/
2015-01-09 09:22:31 +01:00
function getToken($tokan_name) {
2015-01-10 16:35:21 +01:00
if (!isset($_SESSION['tokens'])) {
$_SESSION['tokens'] = [];
}
if (!isset($_SESSION['tokens'][$tokan_name]) || $_SESSION['tokens'][$tokan_name]->isGone()) {
$_SESSION['tokens'][$tokan_name] = new Token();
}
return $_SESSION['tokens'][$tokan_name]->getValue();
}
/**
* Check if a given value is corresponding to the token in session.
*
* @param $tokan_name string Name of the token
* @param $csrf string Value to check
* @return bool true if the token is well checked
*/
public function checkCsrf($tokan_name, $csrf) {
$checked = $_SESSION['tokens'][$tokan_name]->getValue() === $csrf;
if($checked) {
unset($_SESSION['tokens'][$tokan_name]);
2015-01-09 09:22:31 +01:00
}
2015-01-10 16:35:21 +01:00
return $checked;
2015-01-09 09:22:31 +01:00
}
}