projects / civicrm-core.git / blob
? search:


637a3a61476f79d43f57c5295c5020c19df46cef
[civicrm-core.git] / CRM / Core / Key.php
1 <?php
2 /*
3 +--------------------------------------------------------------------+
4 | Copyright CiviCRM LLC. All rights reserved. |
5 | |
6 | This work is published under the GNU AGPLv3 license with some |
7 | permitted exceptions and without any warranty. For full license |
8 | and copyright information, see https://civicrm.org/licensing |
9 +--------------------------------------------------------------------+
10 */
11
12 /**
13 *
14 * @package CRM
15 * @copyright CiviCRM LLC https://civicrm.org/licensing
16 */
17 class CRM_Core_Key {
18 public static $_key = NULL;
19
20 public static $_sessionID = NULL;
21
22 /**
23 * Generate a private key per session and store in session.
24 *
25 * @return string
26 * private key for this session
27 */
28 public static function privateKey() {
29 if (!self::$_key) {
30 $session = CRM_Core_Session::singleton();
31 self::$_key = $session->get('qfPrivateKey');
32 if (!self::$_key) {
33 self::$_key = md5(uniqid(mt_rand(), TRUE)) . md5(uniqid(mt_rand(), TRUE));
34 $session->set('qfPrivateKey', self::$_key);
35 }
36 }
37 return self::$_key;
38 }
39
40 /**
41 * @return mixed|null|string
42 */
43 public static function sessionID() {
44 if (!self::$_sessionID) {
45 $session = CRM_Core_Session::singleton();
46 self::$_sessionID = $session->get('qfSessionID');
47 if (!self::$_sessionID) {
48 self::$_sessionID = session_id();
49 $session->set('qfSessionID', self::$_sessionID);
50 }
51 }
52 return self::$_sessionID;
53 }
54
55 /**
56 * Generate a form key based on form name, the current user session
57 * and a private key. Modelled after drupal's form API
58 *
59 * @param string $name
60 * @param bool $addSequence
61 * Should we add a unique sequence number to the end of the key.
62 *
63 * @return string
64 * valid formID
65 */
66 public static function get($name, $addSequence = FALSE) {
67 $privateKey = self::privateKey();
68 $sessionID = self::sessionID();
69 $key = md5($sessionID . $name . $privateKey);
70
71 if ($addSequence) {
72 // now generate a random number between 1 and 100K and add it to the key
73 // so that we can have forms in mutiple tabs etc
74 $key = $key . '_' . mt_rand(1, 10000);
75 }
76 return $key;
77 }
78
79 /**
80 * Validate a form key based on the form name.
81 *
82 * @param string $key
83 * @param string $name
84 * @param bool $addSequence
85 *
86 * @return string
87 * if valid, else null
88 */
89 public static function validate($key, $name, $addSequence = FALSE) {
90 if (!is_string($key)) {
91 return NULL;
92 }
93
94 if ($addSequence) {
95 list($k, $t) = explode('_', $key);
96 if ($t < 1 || $t > 10000) {
97 return NULL;
98 }
99 }
100 else {
101 $k = $key;
102 }
103
104 $privateKey = self::privateKey();
105 $sessionID = self::sessionID();
106 if ($k != md5($sessionID . $name . $privateKey)) {
107 return NULL;
108 }
109 return $key;
110 }
111
112 /**
113 * @param $key
114 *
115 * @return bool
116 */
117 public static function valid($key) {
118 // a valid key is a 32 digit hex number
119 // followed by an optional _ and a number between 1 and 10000
120 if (strpos('_', $key) !== FALSE) {
121 list($hash, $seq) = explode('_', $key);
122
123 // ensure seq is between 1 and 10000
124 if (!is_numeric($seq) ||
125 $seq < 1 ||
126 $seq > 10000
127 ) {
128 return FALSE;
129 }
130 }
131 else {
132 $hash = $key;
133 }
134
135 // ensure that hash is a 32 digit hex number
136 return (bool) preg_match('#[0-9a-f]{32}#i', $hash);
137 }
138
139 }