cake/libs/security.php
| 1 | <?php |
|---|---|
| 2 | /** |
| 3 | * Core Security |
| 4 | * |
| 5 | * PHP versions 4 and 5 |
| 6 | * |
| 7 | * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) |
| 8 | * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org) |
| 9 | * |
| 10 | * Licensed under The MIT License |
| 11 | * Redistributions of files must retain the above copyright notice. |
| 12 | * |
| 13 | * @copyright Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org) |
| 14 | * @link http://cakephp.org CakePHP(tm) Project |
| 15 | * @package cake |
| 16 | * @subpackage cake.cake.libs |
| 17 | * @since CakePHP(tm) v .0.10.0.1233 |
| 18 | * @license MIT License (http://www.opensource.org/licenses/mit-license.php) |
| 19 | */ |
| 20 | |
| 21 | /** |
| 22 | * Security Library contains utility methods related to security |
| 23 | * |
| 24 | * @package cake |
| 25 | * @subpackage cake.cake.libs |
| 26 | */ |
| 27 | class Security extends Object { |
| 28 | |
| 29 | /** |
| 30 | * Default hash method |
| 31 | * |
| 32 | * @var string |
| 33 | * @access public |
| 34 | */ |
| 35 | var $hashType = null; |
| 36 | |
| 37 | /** |
| 38 | * Singleton implementation to get object instance. |
| 39 | * |
| 40 | * @return object |
| 41 | * @access public |
| 42 | * @static |
| 43 | */ |
| 44 | function &getInstance() { |
| 45 | static $instance = array(); |
| 46 | if (!$instance) { |
| 47 | $instance[0] =& new Security; |
| 48 | } |
| 49 | return $instance[0]; |
| 50 | } |
| 51 | |
| 52 | /** |
| 53 | * Get allowed minutes of inactivity based on security level. |
| 54 | * |
| 55 | * @return integer Allowed inactivity in minutes |
| 56 | * @access public |
| 57 | * @static |
| 58 | */ |
| 59 | function inactiveMins() { |
| 60 | switch (Configure::read('Security.level')) { |
| 61 | case 'high': |
| 62 | return 10; |
| 63 | break; |
| 64 | case 'medium': |
| 65 | return 100; |
| 66 | break; |
| 67 | case 'low': |
| 68 | default: |
| 69 | return 300; |
| 70 | break; |
| 71 | } |
| 72 | } |
| 73 | |
| 74 | /** |
| 75 | * Generate authorization hash. |
| 76 | * |
| 77 | * @return string Hash |
| 78 | * @access public |
| 79 | * @static |
| 80 | */ |
| 81 | function generateAuthKey() { |
| 82 | if (!class_exists('String')) { |
| 83 | App::import('Core', 'String'); |
| 84 | } |
| 85 | return Security::hash(String::uuid()); |
| 86 | } |
| 87 | |
| 88 | /** |
| 89 | * Validate authorization hash. |
| 90 | * |
| 91 | * @param string $authKey Authorization hash |
| 92 | * @return boolean Success |
| 93 | * @access public |
| 94 | * @static |
| 95 | * @todo Complete implementation |
| 96 | */ |
| 97 | function validateAuthKey($authKey) { |
| 98 | return true; |
| 99 | } |
| 100 | |
| 101 | /** |
| 102 | * Create a hash from string using given method. |
| 103 | * Fallback on next available method. |
| 104 | * |
| 105 | * @param string $string String to hash |
| 106 | * @param string $type Method to use (sha1/sha256/md5) |
| 107 | * @param boolean $salt If true, automatically appends the application's salt |
| 108 | * value to $string (Security.salt) |
| 109 | * @return string Hash |
| 110 | * @access public |
| 111 | * @static |
| 112 | */ |
| 113 | function hash($string, $type = null, $salt = false) { |
| 114 | $_this =& Security::getInstance(); |
| 115 | |
| 116 | if ($salt) { |
| 117 | if (is_string($salt)) { |
| 118 | $string = $salt . $string; |
| 119 | } else { |
| 120 | $string = Configure::read('Security.salt') . $string; |
| 121 | } |
| 122 | } |
| 123 | |
| 124 | if (empty($type)) { |
| 125 | $type = $_this->hashType; |
| 126 | } |
| 127 | $type = strtolower($type); |
| 128 | |
| 129 | if ($type == 'sha1' || $type == null) { |
| 130 | if (function_exists('sha1')) { |
| 131 | $return = sha1($string); |
| 132 | return $return; |
| 133 | } |
| 134 | $type = 'sha256'; |
| 135 | } |
| 136 | |
| 137 | if ($type == 'sha256' && function_exists('mhash')) { |
| 138 | return bin2hex(mhash(MHASH_SHA256, $string)); |
| 139 | } |
| 140 | |
| 141 | if (function_exists('hash')) { |
| 142 | return hash($type, $string); |
| 143 | } |
| 144 | return md5($string); |
| 145 | } |
| 146 | |
| 147 | /** |
| 148 | * Sets the default hash method for the Security object. This affects all objects using |
| 149 | * Security::hash(). |
| 150 | * |
| 151 | * @param string $hash Method to use (sha1/sha256/md5) |
| 152 | * @access public |
| 153 | * @return void |
| 154 | * @static |
| 155 | * @see Security::hash() |
| 156 | */ |
| 157 | function setHash($hash) { |
| 158 | $_this =& Security::getInstance(); |
| 159 | $_this->hashType = $hash; |
| 160 | } |
| 161 | |
| 162 | /** |
| 163 | * Encrypts/Decrypts a text using the given key. |
| 164 | * |
| 165 | * @param string $text Encrypted string to decrypt, normal string to encrypt |
| 166 | * @param string $key Key to use |
| 167 | * @return string Encrypted/Decrypted string |
| 168 | * @access public |
| 169 | * @static |
| 170 | */ |
| 171 | function cipher($text, $key) { |
| 172 | if (empty($key)) { |
| 173 | trigger_error(__('You cannot use an empty key for Security::cipher()', true), E_USER_WARNING); |
| 174 | return ''; |
| 175 | } |
| 176 | |
| 177 | srand(Configure::read('Security.cipherSeed')); |
| 178 | $out = ''; |
| 179 | $keyLength = strlen($key); |
| 180 | for ($i = 0, $textLength = strlen($text); $i < $textLength; $i++) { |
| 181 | $j = ord(substr($key, $i % $keyLength, 1)); |
| 182 | while ($j--) { |
| 183 | rand(0, 255); |
| 184 | } |
| 185 | $mask = rand(0, 255); |
| 186 | $out .= chr(ord(substr($text, $i, 1)) ^ $mask); |
| 187 | } |
| 188 | srand(); |
| 189 | return $out; |
| 190 | } |
| 191 | } |
| 192 | |
| 193 |
