1: <?php
  2: /**
  3:  * Core Security
  4:  *
  5:  * PHP versions 4 and 5
  6:  *
  7:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  8:  * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
  9:  *
 10:  * Licensed under The MIT License
 11:  * Redistributions of files must retain the above copyright notice.
 12:  *
 13:  * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
 14:  * @link          http://cakephp.org CakePHP(tm) Project
 15:  * @package       cake
 16:  * @subpackage    cake.cake.libs
 17:  * @since         CakePHP(tm) v .0.10.0.1233
 18:  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
 19:  */
 20: 
 21: /**
 22:  * Security Library contains utility methods related to security
 23:  *
 24:  * @package       cake
 25:  * @subpackage    cake.cake.libs
 26:  */
 27: class Security extends Object {
 28: 
 29: /**
 30:  * Default hash method
 31:  *
 32:  * @var string
 33:  * @access public
 34:  */
 35:     var $hashType = null;
 36: 
 37: /**
 38:  * Singleton implementation to get object instance.
 39:  *
 40:  * @return object
 41:  * @access public
 42:  * @static
 43:  */
 44:     function &getInstance() {
 45:         static $instance = array();
 46:         if (!$instance) {
 47:             $instance[0] =& new Security;
 48:         }
 49:         return $instance[0];
 50:     }
 51: 
 52: /**
 53:  * Get allowed minutes of inactivity based on security level.
 54:  *
 55:  * @return integer Allowed inactivity in minutes
 56:  * @access public
 57:  * @static
 58:  */
 59:     function inactiveMins() {
 60:         switch (Configure::read('Security.level')) {
 61:             case 'high':
 62:                 return 10;
 63:             break;
 64:             case 'medium':
 65:                 return 100;
 66:             break;
 67:             case 'low':
 68:             default:
 69:                 return 300;
 70:                 break;
 71:         }
 72:     }
 73: 
 74: /**
 75:  * Generate authorization hash.
 76:  *
 77:  * @return string Hash
 78:  * @access public
 79:  * @static
 80:  */
 81:     function generateAuthKey() {
 82:         if (!class_exists('String')) {
 83:             App::import('Core', 'String');
 84:         }
 85:         return Security::hash(String::uuid());
 86:     }
 87: 
 88: /**
 89:  * Validate authorization hash.
 90:  *
 91:  * @param string $authKey Authorization hash
 92:  * @return boolean Success
 93:  * @access public
 94:  * @static
 95:  * @todo Complete implementation
 96:  */
 97:     function validateAuthKey($authKey) {
 98:         return true;
 99:     }
100: 
101: /**
102:  * Create a hash from string using given method.
103:  * Fallback on next available method.
104:  *
105:  * @param string $string String to hash
106:  * @param string $type Method to use (sha1/sha256/md5)
107:  * @param boolean $salt If true, automatically appends the application's salt
108:  *     value to $string (Security.salt)
109:  * @return string Hash
110:  * @access public
111:  * @static
112:  */
113:     function hash($string, $type = null, $salt = false) {
114:         $_this =& Security::getInstance();
115: 
116:         if ($salt) {
117:             if (is_string($salt)) {
118:                 $string = $salt . $string;
119:             } else {
120:                 $string = Configure::read('Security.salt') . $string;
121:             }
122:         }
123: 
124:         if (empty($type)) {
125:             $type = $_this->hashType;
126:         }
127:         $type = strtolower($type);
128: 
129:         if ($type == 'sha1' || $type == null) {
130:             if (function_exists('sha1')) {
131:                 $return = sha1($string);
132:                 return $return;
133:             }
134:             $type = 'sha256';
135:         }
136: 
137:         if ($type == 'sha256' && function_exists('mhash')) {
138:             return bin2hex(mhash(MHASH_SHA256, $string));
139:         }
140: 
141:         if (function_exists('hash')) {
142:             return hash($type, $string);
143:         }
144:         return md5($string);
145:     }
146: 
147: /**
148:  * Sets the default hash method for the Security object.  This affects all objects using
149:  * Security::hash().
150:  *
151:  * @param string $hash Method to use (sha1/sha256/md5)
152:  * @access public
153:  * @return void
154:  * @static
155:  * @see Security::hash()
156:  */
157:     function setHash($hash) {
158:         $_this =& Security::getInstance();
159:         $_this->hashType = $hash;
160:     }
161: 
162: /**
163:  * Encrypts/Decrypts a text using the given key.
164:  *
165:  * @param string $text Encrypted string to decrypt, normal string to encrypt
166:  * @param string $key Key to use
167:  * @return string Encrypted/Decrypted string
168:  * @access public
169:  * @static
170:  */
171:     function cipher($text, $key) {
172:         if (empty($key)) {
173:             trigger_error(__('You cannot use an empty key for Security::cipher()', true), E_USER_WARNING);
174:             return '';
175:         }
176: 
177:         srand(Configure::read('Security.cipherSeed'));
178:         $out = '';
179:         $keyLength = strlen($key);
180:         for ($i = 0, $textLength = strlen($text); $i < $textLength; $i++) {
181:             $j = ord(substr($key, $i % $keyLength, 1));
182:             while ($j--) {
183:                 rand(0, 255);
184:             }
185:             $mask = rand(0, 255);
186:             $out .= chr(ord(substr($text, $i, 1)) ^ $mask);
187:         }
188:         srand();
189:         return $out;
190:     }
191: }
192: