102 if ( empty($secret) ) {
103 throw new Exception(
'You must provide a secret key');
105 $this->_secret = $secret;
106 if ( $config !== null && !is_array($config) ) {
107 throw new Exception(
'Config must be an array');
109 if ( is_array($config) ) {
110 if ( isset($config[
'high_confidentiality']) ) {
111 $this->_highConfidentiality = $config[
'high_confidentiality'];
113 if ( isset($config[
'mcrypt_algorithm']) ) {
114 $this->_algorithm = $config[
'mcrypt_algorithm'];
116 if ( isset($config[
'mcrypt_mode']) ) {
117 $this->_mode = $config[
'mcrypt_mode'];
119 if ( isset($config[
'enable_ssl']) ) {
120 $this->_ssl = $config[
'enable_ssl'];
123 if ( extension_loaded(
'mcrypt') ) {
124 $this->_cryptModule = mcrypt_module_open($this->_algorithm,
'', $this->_mode,
'');
125 if ( $this->_cryptModule ===
false ) {
126 throw new Exception(
'Error while loading mcrypt module');
147 $this->_highConfidentiality = (bool)$enable;
170 $this->_ssl = (bool)$enable;
192 return isset($this->_cookies[$cookiename]) ? $this->_cookies[$cookiename] : null;
207 public function setCookie( $cookiename, $value, $username, $expire = 0,
$path =
'/', $domain =
'', $secure =
false, $httponly = null ) {
208 $secureValue = extension_loaded(
'mcrypt') ? $this->
_secureCookieValue($value, $username, $expire) : $value;
221 public function deleteCookie( $name,
$path =
'/', $domain =
'', $secure =
false, $httponly = null ) {
223 $this->_cookies[$name] =
new Slim_Http_Cookie($name,
'', $expire,
$path, $domain, $secure, $httponly);
239 if ( extension_loaded(
'mcrypt') ) {
240 $cookieValues = explode(
'|',
$_COOKIE[$cookiename]);
241 if ( (count($cookieValues) === 4) && ($cookieValues[1] == 0 || $cookieValues[1] >= time()) ) {
242 $key = hash_hmac(
'sha1', $cookieValues[0] . $cookieValues[1], $this->_secret);
243 $cookieData = base64_decode($cookieValues[2]);
245 $data = $this->
_decrypt($cookieData, $key, md5($cookieValues[1]));
249 if ( $this->_ssl && isset($_SERVER[
'SSL_SESSION_ID']) ) {
250 $verifKey = hash_hmac(
'sha1', $cookieValues[0] . $cookieValues[1] .
$data . $_SERVER[
'SSL_SESSION_ID'], $key);
252 $verifKey = hash_hmac(
'sha1', $cookieValues[0] . $cookieValues[1] .
$data, $key);
254 if ( $verifKey == $cookieValues[3] ) {
262 if ( $deleteIfInvalid ) {
279 public function setClassicCookie( $cookiename, $value, $expire = 0,
$path =
'/', $domain =
'', $secure =
false, $httponly = null ) {
281 if ( $httponly === null ) {
282 $this->_cookies[$cookiename] =
new Slim_Http_Cookie($cookiename, $value, $expire,
$path, $domain, $secure);
285 $this->_cookies[$cookiename] =
new Slim_Http_Cookie($cookiename, $value, $expire,
$path, $domain, $secure, $httponly);
297 return isset(
$_COOKIE[$cookiename]);
316 if ( is_string($expire) ) {
317 $expire = strtotime($expire);
319 $key = hash_hmac(
'sha1', $username . $expire, $this->_secret);
321 $encryptedValue = base64_encode($this->
_encrypt($value, $key, md5($expire)));
323 $encryptedValue = base64_encode($value);
325 if ( $this->_ssl && isset($_SERVER[
'SSL_SESSION_ID']) ) {
326 $verifKey = hash_hmac(
'sha1', $username . $expire . $value . $_SERVER[
'SSL_SESSION_ID'], $key);
328 $verifKey = hash_hmac(
'sha1', $username . $expire . $value, $key);
330 $result = array($username, $expire, $encryptedValue, $verifKey);
345 mcrypt_generic_init($this->_cryptModule, $key, $iv);
346 $res = @mcrypt_generic($this->_cryptModule,
$data);
347 mcrypt_generic_deinit($this->_cryptModule);
362 mcrypt_generic_init($this->_cryptModule, $key, $iv);
363 $decryptedData = mdecrypt_generic($this->_cryptModule,
$data);
364 $res = str_replace(
"\x0",
'', $decryptedData);
365 mcrypt_generic_deinit($this->_cryptModule);
378 $ivSize = mcrypt_enc_get_iv_size($this->_cryptModule);
379 if ( strlen($iv) > $ivSize ) {
380 $iv = substr($iv, 0, $ivSize);
394 $keySize = mcrypt_enc_get_key_size($this->_cryptModule);
395 if ( strlen($key) > $keySize ) {
396 $key = substr($key, 0, $keySize);