CRM-15932 - Decouple frequency units of contributions and recurring entities
[civicrm-core.git] / CRM / Core / Key.php
CommitLineData
6a488035
TO
1<?php
2/*
3 +--------------------------------------------------------------------+
39de6fd5 4 | CiviCRM version 4.6 |
6a488035 5 +--------------------------------------------------------------------+
06b69b18 6 | Copyright CiviCRM LLC (c) 2004-2014 |
6a488035
TO
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
9 | |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
13 | |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
18 | |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
d25dd0ee 26 */
6a488035
TO
27
28/**
29 *
30 * @package CRM
06b69b18 31 * @copyright CiviCRM LLC (c) 2004-2014
6a488035
TO
32 * $Id$
33 *
34 */
35class CRM_Core_Key {
36 static $_key = NULL;
37
38 static $_sessionID = NULL;
39
40 /**
fe482240 41 * Generate a private key per session and store in session.
6a488035 42 *
a6c01b45
CW
43 * @return string
44 * private key for this session
6a488035 45 */
00be9182 46 public static function privateKey() {
6a488035
TO
47 if (!self::$_key) {
48 $session = CRM_Core_Session::singleton();
49 self::$_key = $session->get('qfPrivateKey');
50 if (!self::$_key) {
51 self::$_key = md5(uniqid(mt_rand(), TRUE)) . md5(uniqid(mt_rand(), TRUE));
52 $session->set('qfPrivateKey', self::$_key);
53 }
54 }
55 return self::$_key;
56 }
57
a0ee3941
EM
58 /**
59 * @return mixed|null|string
60 */
00be9182 61 public static function sessionID() {
6a488035
TO
62 if (!self::$_sessionID) {
63 $session = CRM_Core_Session::singleton();
64 self::$_sessionID = $session->get('qfSessionID');
65 if (!self::$_sessionID) {
66 self::$_sessionID = session_id();
67 $session->set('qfSessionID', self::$_sessionID);
68 }
69 }
70 return self::$_sessionID;
71 }
72
73 /**
74 * Generate a form key based on form name, the current user session
75 * and a private key. Modelled after drupal's form API
76 *
c490a46a 77 * @param string $name
6a0b768e
TO
78 * @param bool $addSequence
79 * Should we add a unique sequence number to the end of the key.
6a488035 80 *
a6c01b45
CW
81 * @return string
82 * valid formID
6a488035 83 */
00be9182 84 public static function get($name, $addSequence = FALSE) {
6a488035 85 $privateKey = self::privateKey();
353ffa53
TO
86 $sessionID = self::sessionID();
87 $key = md5($sessionID . $name . $privateKey);
6a488035
TO
88
89 if ($addSequence) {
90 // now generate a random number between 1 and 100K and add it to the key
91 // so that we can have forms in mutiple tabs etc
92 $key = $key . '_' . mt_rand(1, 10000);
93 }
94 return $key;
95 }
96
97 /**
fe482240 98 * Validate a form key based on the form name.
6a488035 99 *
c490a46a 100 * @param string $key
6a488035 101 * @param string $name
77b97be7
EM
102 * @param bool $addSequence
103 *
a6c01b45
CW
104 * @return string
105 * if valid, else null
6a488035 106 */
00be9182 107 public static function validate($key, $name, $addSequence = FALSE) {
6a488035
TO
108 if (!is_string($key)) {
109 return NULL;
110 }
111
112 if ($addSequence) {
113 list($k, $t) = explode('_', $key);
114 if ($t < 1 || $t > 10000) {
115 return NULL;
116 }
117 }
118 else {
119 $k = $key;
120 }
121
122 $privateKey = self::privateKey();
123 $sessionID = self::sessionID();
124 if ($k != md5($sessionID . $name . $privateKey)) {
125 return NULL;
126 }
127 return $key;
128 }
129
a0ee3941
EM
130 /**
131 * @param $key
132 *
133 * @return bool
134 */
00be9182 135 public static function valid($key) {
6a488035
TO
136 // a valid key is a 32 digit hex number
137 // followed by an optional _ and a number between 1 and 10000
138 if (strpos('_', $key) !== FALSE) {
139 list($hash, $seq) = explode('_', $key);
140
141 // ensure seq is between 1 and 10000
142 if (!is_numeric($seq) ||
143 $seq < 1 ||
144 $seq > 10000
145 ) {
146 return FALSE;
147 }
148 }
149 else {
150 $hash = $key;
151 }
152
153 // ensure that hash is a 32 digit hex number
154 return preg_match('#[0-9a-f]{32}#i', $hash) ? TRUE : FALSE;
155 }
96025800 156
6a488035 157}