paste.chapril.org-privatebin/lib/Persistence/ServerSalt.php

<?php
/**
 * PrivateBin
 *
 * a zero-knowledge paste bin
 *
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
 * @version   0.22
 */

namespace PrivateBin\Persistence;

use Exception;

/**
 * ServerSalt
 *
 * This is a random string which is unique to each PrivateBin installation.
 * It is automatically created if not present.
 *
 * Salt is used:
 * - to generate unique VizHash in discussions (which are not reproductible across PrivateBin servers)
 * - to generate unique deletion token (which are not re-usable across PrivateBin servers)
 */
class ServerSalt extends AbstractPersistence
{
    /**
     * generated salt
     *
     * @access private
     * @static
     * @var    string
     */
    private static $_salt = '';

    /**
     * generate a large random hexadecimal salt
     *
     * @access public
     * @static
     * @return string
     */
    public static function generate()
    {
        $randomSalt = '';
        if (function_exists('mcrypt_create_iv')) {
            $randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
        } else {
            // fallback to mt_rand()
            for ($i = 0; $i < 256; ++$i) {
                $randomSalt .= base_convert(mt_rand(), 10, 16);
            }
        }
        return $randomSalt;
    }

    /**
     * get server salt
     *
     * @access public
     * @static
     * @throws Exception
     * @return string
     */
    public static function get()
    {
        if (strlen(self::$_salt)) {
            return self::$_salt;
        }

        $file = 'salt.php';
        if (self::_exists($file)) {
            if (is_readable(self::getPath($file))) {
                $items = explode('|', file_get_contents(self::getPath($file)));
            }
            if (!isset($items) || !is_array($items) || count($items) != 3) {
                throw new Exception('unable to read file ' . self::getPath($file), 20);
            }
            self::$_salt = $items[1];
        } else {
            self::$_salt = self::generate();
            self::_store(
                $file,
                '<?php /* |' . self::$_salt . '| */ ?>'
            );
        }
        return self::$_salt;
    }

    /**
     * set the path
     *
     * @access public
     * @static
     * @param  string $path
     * @return void
     */
    public static function setPath($path)
    {
        self::$_salt = '';
        parent::setPath($path);
    }
}
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`<?php`
			`/**`
renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00			`* PrivateBin`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`*`
			`* a zero-knowledge paste bin`
			`*`
renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00			`* @link https://github.com/PrivateBin/PrivateBin`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)`
Replace HTTP links with HTTPS Using this regexp: https://regex101.com/r/rZ2dE2/1 2016-07-19 13:56:52 +02:00			`* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License`
incrementing version, updating changelog, added missing phpdoc comments 2015-11-09 21:39:42 +01:00			`* @version 0.22`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`*/`

Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00			`namespace PrivateBin\Persistence;`
Introduce PSR-4 autoloading 2016-07-21 17:09:48 +02:00
			`use Exception;`

ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`/**`
Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00			`* ServerSalt`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`*`
renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00			`* This is a random string which is unique to each PrivateBin installation.`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`* It is automatically created if not present.`
			`*`
			`* Salt is used:`
renaming the fork to PrivateBin 2016-07-11 11:58:15 +02:00			`* - to generate unique VizHash in discussions (which are not reproductible across PrivateBin servers)`
			`* - to generate unique deletion token (which are not re-usable across PrivateBin servers)`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`*/`
Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00			`class ServerSalt extends AbstractPersistence`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`{`
			`/**`
cleaned up phpdoc comments, added README on how to install and use it 2015-08-16 15:55:31 +02:00			`* generated salt`
			`*`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`* @access private`
			`* @static`
			`* @var string`
			`*/`
			`private static $_salt = '';`

			`/**`
			`* generate a large random hexadecimal salt`
			`*`
			`* @access public`
			`* @static`
			`* @return string`
			`*/`
			`public static function generate()`
			`{`
			`$randomSalt = '';`
Convert to PSR-2 coding style (using phpcs-fixer) 2016-07-26 08:19:35 +02:00			`if (function_exists('mcrypt_create_iv')) {`
Stronger server salt ZeroBin now generates a much stronger salt. This fixes issue #68 (mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm) (cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) Conflicts: lib/serversalt.php lib/vizhash16x16.php 2014-02-06 22:33:55 +01:00			`$randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));`
Convert to PSR-2 coding style (using phpcs-fixer) 2016-07-26 08:19:35 +02:00			`} else {`
			`// fallback to mt_rand()`
			`for ($i = 0; $i < 256; ++$i) {`
Stronger server salt ZeroBin now generates a much stronger salt. This fixes issue #68 (mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm) (cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) Conflicts: lib/serversalt.php lib/vizhash16x16.php 2014-02-06 22:33:55 +01:00			`$randomSalt .= base_convert(mt_rand(), 10, 16);`
			`}`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`}`
fixing nasty deletion bug from #15, included unit tests to trigger it and reworked persistence classes to through exceptions rather to fail silently 2015-08-27 21:41:21 +02:00			`return $randomSalt;`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`}`

			`/**`
			`* get server salt`
			`*`
			`* @access public`
			`* @static`
fixing nasty deletion bug from #15, included unit tests to trigger it and reworked persistence classes to through exceptions rather to fail silently 2015-08-27 21:41:21 +02:00			`* @throws Exception`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`* @return string`
			`*/`
			`public static function get()`
			`{`
Convert to PSR-2 coding style (using phpcs-fixer) 2016-07-26 08:19:35 +02:00			`if (strlen(self::$_salt)) {`
			`return self::$_salt;`
			`}`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00
			`$file = 'salt.php';`
fixing nasty deletion bug from #15, included unit tests to trigger it and reworked persistence classes to through exceptions rather to fail silently 2015-08-27 21:41:21 +02:00			`if (self::_exists($file)) {`
Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00			`if (is_readable(self::getPath($file))) {`
			`$items = explode('\|', file_get_contents(self::getPath($file)));`
			`}`
			`if (!isset($items) \|\| !is_array($items) \|\| count($items) != 3) {`
fixing nasty deletion bug from #15, included unit tests to trigger it and reworked persistence classes to through exceptions rather to fail silently 2015-08-27 21:41:21 +02:00			`throw new Exception('unable to read file ' . self::getPath($file), 20);`
			`}`
			`self::$_salt = $items[1];`
			`} else {`
			`self::$_salt = self::generate();`
ZeroBin 0.18 (cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903) Conflicts: CHANGELOG.md index.php js/zerobin.js lib/vizhash16x16.php 2013-02-24 17:41:32 +01:00			`self::_store(`
fixing nasty deletion bug from #15, included unit tests to trigger it and reworked persistence classes to through exceptions rather to fail silently 2015-08-27 21:41:21 +02:00			`$file,`
Renamed classes for full PSR-2 compliance, some cleanup 2016-08-09 11:54:42 +02:00			`'<?php /* \|' . self::$_salt . '\| */ ?>'`
ZeroBin 0.18 (cherry picked from commit 7a8cbee2f99cd74a50bce7e8df8130e2c477d903) Conflicts: CHANGELOG.md index.php js/zerobin.js lib/vizhash16x16.php 2013-02-24 17:41:32 +01:00			`);`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`}`
fixing nasty deletion bug from #15, included unit tests to trigger it and reworked persistence classes to through exceptions rather to fail silently 2015-08-27 21:41:21 +02:00			`return self::$_salt;`
			`}`

			`/**`
			`* set the path`
			`*`
			`* @access public`
			`* @static`
			`* @param string $path`
			`* @return void`
			`*/`
			`public static function setPath($path)`
			`{`
Convert to PSR-2 coding style (using phpcs-fixer) 2016-07-26 08:19:35 +02:00			`self::$_salt = '';`
fixing nasty deletion bug from #15, included unit tests to trigger it and reworked persistence classes to through exceptions rather to fail silently 2015-08-27 21:41:21 +02:00			`parent::setPath($path);`
ZeroBin 0.17 * added deletion link. * small refactoring. * improved regex checks. * larger server alt on installation. 2013-11-01 01:15:14 +01:00			`}`
			`}`