Changeset 29 for trunk/patSession
- Timestamp:
- 11/11/04 12:40:30 (4 years ago)
- Files:
-
- trunk/patSession/Storage.php (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/patSession/Storage.php
r27 r29 56 56 57 57 /** 58 * accept tokens send by 59 * @access protected 60 * @var string $_tokenmode 61 */ 62 var $_tokenmode = 'cookie'; 63 64 /** 58 65 * security policy 59 66 * Default values: … … 65 72 * @var array $_security list of checks that will be done. 66 73 */ 67 var $_security = array( 'fix_referer', 'fix_ip', 'fix_browser' , 'use_token');74 var $_security = array( 'fix_referer', 'fix_ip', 'fix_browser' ); 68 75 69 76 /** … … 78 85 */ 79 86 var $_emptyReferer = null; 87 88 /** 89 * psst stands for: patSession Security Token 90 * @var string $_tokenName 91 */ 92 //var $_tokenName = 'psst'; 93 var $_tokenName = 'patSessionSecurityToken'; 94 95 /** 96 * disposable controll value for each request 97 * @var string $_ 98 */ 99 var $_tokenValue = null; 80 100 81 101 /** … … 102 122 function getQueryString() 103 123 { 104 return urlencode( $this->getName() ) . '=' . urlencode( $this->getId() ); 124 $query = array( $this->getName() . '=' . $this->getId() ); 125 if( !empty( $this->_tokenValue ) ) 126 { 127 array_push( $query, $this->_tokenValue ); 128 } 129 130 return implode( '&', $query ); 105 131 } 106 132 … … 281 307 $this->set( '_patSession_clientForwarded', null ); 282 308 $this->set( '_patSession_clientBrowser', null ); 309 $this->set( '_patSession_token', null ); 283 310 } 284 311 … … 387 414 } 388 415 416 // check token! 417 if( in_array( 'use_token', $this->_security ) ) 418 { 419 $token = $this->get( '_patSession_token' ); 420 421 // check if token is valid! 422 if( $token !== null ) 423 { 424 $match = false; 425 426 // check token from cookie - this mode is prefered, because it supports browser navigation 427 // like "reload", "back" and "forward" 428 if( ( $this->_tokenmode == 'any' || $this->_tokenmode == 'cookie' ) 429 && isset( $_COOKIE[$this->_tokenName] ) && $_COOKIE[$this->_tokenName] == $token ) 430 { 431 $match = true; 432 } 433 434 // check token send as get parameter 435 if( $this->_tokenmode == 'any' || $this->_tokenmode == 'get' ) 436 { 437 if( preg_match( '|[\?&]?'.$token.'&?|', $_SERVER['QUERY_STRING'] ) ) 438 { 439 $match = true; 440 } 441 } 442 443 if( !$match ) 444 { 445 $this->_state = 'token_dismatch'; 446 return false; 447 } 448 } 449 450 451 // save new token 452 $token = $this->_createId( 12 ); 453 $this->set( '_patSession_token', $token ); 454 455 // use get parameter to store session token 456 if( $this->_tokenmode == 'any' || $this->_tokenmode == 'get' ) 457 { 458 $this->_tokenValue = $token; 459 } 460 461 // try to set a cookie 462 if( $this->_tokenmode == 'any' || $this->_tokenmode == 'cookie' ) 463 { 464 setcookie( $this->_tokenName, $token ); 465 } 466 } 467 389 468 return true; 390 469 } … … 432 511 } 433 512 513 // set token mode 514 if( isset( $options['tokenmode'] ) && in_array( $options['tokenmode'], array( 'any', 'cookie', 'get' ) ) ) 515 { 516 $this->_tokenmode = $options['tokenmode']; 517 } 518 434 519 // some referers are allowed 435 520 if( isset( $options['allow-referer'] ) )
