ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
CookieJar.php
Go to the documentation of this file.
1 <?php
55 
59  protected $_secret = '';
60 
64  protected $_algorithm = MCRYPT_RIJNDAEL_256;
65 
69  protected $_mode = MCRYPT_MODE_CBC;
70 
74  protected $_cryptModule = null;
75 
79  protected $_highConfidentiality = true;
80 
84  protected $_ssl = false;
85 
89  protected $_cookies = array();
90 
101  public function __construct( $secret, $config = null ) {
102  if ( empty($secret) ) {
103  throw new Exception('You must provide a secret key');
104  }
105  $this->_secret = $secret;
106  if ( $config !== null && !is_array($config) ) {
107  throw new Exception('Config must be an array');
108  }
109  if ( is_array($config) ) {
110  if ( isset($config['high_confidentiality']) ) {
111  $this->_highConfidentiality = $config['high_confidentiality'];
112  }
113  if ( isset($config['mcrypt_algorithm']) ) {
114  $this->_algorithm = $config['mcrypt_algorithm'];
115  }
116  if ( isset($config['mcrypt_mode']) ) {
117  $this->_mode = $config['mcrypt_mode'];
118  }
119  if ( isset($config['enable_ssl']) ) {
120  $this->_ssl = $config['enable_ssl'];
121  }
122  }
123  if ( extension_loaded('mcrypt') ) {
124  $this->_cryptModule = mcrypt_module_open($this->_algorithm, '', $this->_mode, '');
125  if ( $this->_cryptModule === false ) {
126  throw new Exception('Error while loading mcrypt module');
127  }
128  }
129  }
130 
136  public function getHighConfidentiality() {
138  }
139 
146  public function setHighConfidentiality( $enable ) {
147  $this->_highConfidentiality = (bool)$enable;
148  return $this;
149  }
150 
156  public function getSSL() {
157  return $this->_ssl;
158  }
159 
169  public function setSSL( $enable ) {
170  $this->_ssl = (bool)$enable;
171  return $this;
172  }
173 
180  public function getResponseCookies() {
181  return $this->_cookies;
182  }
183 
191  public function getResponseCookie( $cookiename ) {
192  return isset($this->_cookies[$cookiename]) ? $this->_cookies[$cookiename] : null;
193  }
194 
207  public function setCookie( $cookiename, $value, $username, $expire = 0, $path = '/', $domain = '', $secure = false, $httponly = null ) {
208  $secureValue = extension_loaded('mcrypt') ? $this->_secureCookieValue($value, $username, $expire) : $value;
209  $this->setClassicCookie($cookiename, $secureValue, $expire, $path, $domain, $secure, $httponly);
210  }
211 
221  public function deleteCookie( $name, $path = '/', $domain = '', $secure = false, $httponly = null ) {
222  $expire = 315554400; /* 1980-01-01 */
223  $this->_cookies[$name] = new Slim_Http_Cookie($name, '', $expire, $path, $domain, $secure, $httponly);
224  //setcookie($name, '', $expire, $path, $domain, $secure, $httponly);
225  }
226 
237  public function getCookieValue( $cookiename, $deleteIfInvalid = true ) {
238  if ( $this->cookieExists($cookiename) ) {
239  if ( extension_loaded('mcrypt') ) {
240  $cookieValues = explode('|', $_COOKIE[$cookiename]);
241  if ( (count($cookieValues) === 4) && ($cookieValues[1] == 0 || $cookieValues[1] >= time()) ) {
242  $key = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1], $this->_secret);
243  $cookieData = base64_decode($cookieValues[2]);
244  if ( $cookieData !== '' && $this->getHighConfidentiality() ) {
245  $data = $this->_decrypt($cookieData, $key, md5($cookieValues[1]));
246  } else {
247  $data = $cookieData;
248  }
249  if ( $this->_ssl && isset($_SERVER['SSL_SESSION_ID']) ) {
250  $verifKey = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1] . $data . $_SERVER['SSL_SESSION_ID'], $key);
251  } else {
252  $verifKey = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1] . $data, $key);
253  }
254  if ( $verifKey == $cookieValues[3] ) {
255  return $data;
256  }
257  }
258  } else {
259  return $_COOKIE[$cookiename];
260  }
261  }
262  if ( $deleteIfInvalid ) {
263  $this->deleteCookie($cookiename);
264  }
265  return false;
266  }
267 
279  public function setClassicCookie( $cookiename, $value, $expire = 0, $path = '/', $domain = '', $secure = false, $httponly = null ) {
280  /* httponly option is only available for PHP version >= 5.2 */
281  if ( $httponly === null ) {
282  $this->_cookies[$cookiename] = new Slim_Http_Cookie($cookiename, $value, $expire, $path, $domain, $secure);
283  //setcookie($cookiename, $value, $expire, $path, $domain, $secure);
284  } else {
285  $this->_cookies[$cookiename] = new Slim_Http_Cookie($cookiename, $value, $expire, $path, $domain, $secure, $httponly);
286  //setcookie($cookiename, $value, $expire, $path, $domain, $secure, $httponly);
287  }
288  }
289 
296  public function cookieExists($cookiename) {
297  return isset($_COOKIE[$cookiename]);
298  }
299 
315  protected function _secureCookieValue( $value, $username, $expire ) {
316  if ( is_string($expire) ) {
317  $expire = strtotime($expire);
318  }
319  $key = hash_hmac('sha1', $username . $expire, $this->_secret);
320  if ( $value !== '' && $this->getHighConfidentiality() ) {
321  $encryptedValue = base64_encode($this->_encrypt($value, $key, md5($expire)));
322  } else {
323  $encryptedValue = base64_encode($value);
324  }
325  if ( $this->_ssl && isset($_SERVER['SSL_SESSION_ID']) ) {
326  $verifKey = hash_hmac('sha1', $username . $expire . $value . $_SERVER['SSL_SESSION_ID'], $key);
327  } else {
328  $verifKey = hash_hmac('sha1', $username . $expire . $value, $key);
329  }
330  $result = array($username, $expire, $encryptedValue, $verifKey);
331  return implode('|', $result);
332  }
333 
342  protected function _encrypt( $data, $key, $iv ) {
343  $iv = $this->_validateIv($iv);
344  $key = $this->_validateKey($key);
345  mcrypt_generic_init($this->_cryptModule, $key, $iv);
346  $res = @mcrypt_generic($this->_cryptModule, $data);
347  mcrypt_generic_deinit($this->_cryptModule);
348  return $res;
349  }
350 
359  protected function _decrypt( $data, $key, $iv ) {
360  $iv = $this->_validateIv($iv);
361  $key = $this->_validateKey($key);
362  mcrypt_generic_init($this->_cryptModule, $key, $iv);
363  $decryptedData = mdecrypt_generic($this->_cryptModule, $data);
364  $res = str_replace("\x0", '', $decryptedData);
365  mcrypt_generic_deinit($this->_cryptModule);
366  return $res;
367  }
368 
377  protected function _validateIv($iv) {
378  $ivSize = mcrypt_enc_get_iv_size($this->_cryptModule);
379  if ( strlen($iv) > $ivSize ) {
380  $iv = substr($iv, 0, $ivSize);
381  }
382  return $iv;
383  }
384 
393  protected function _validateKey($key) {
394  $keySize = mcrypt_enc_get_key_size($this->_cryptModule);
395  if ( strlen($key) > $keySize ) {
396  $key = substr($key, 0, $keySize);
397  }
398  return $key;
399  }
400 
401 }