ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
Slim_Http_CookieJar Class Reference

Slim - a micro PHP 5 framework. More...

+ Collaboration diagram for Slim_Http_CookieJar:

Public Member Functions

 __construct ($secret, $config=null)
 Constructor.
 getHighConfidentiality ()
 Get the high confidentiality mode.
 setHighConfidentiality ($enable)
 Enable or disable cookie data encryption.
 getSSL ()
 Get the SSL status (enabled or disabled?)
 setSSL ($enable)
 Enable SSL support (not enabled by default)
 getResponseCookies ()
 Get Cookies for Response.
 getResponseCookie ($cookiename)
 Get Cookie with name for Response.
 setCookie ($cookiename, $value, $username, $expire=0, $path= '/', $domain= '', $secure=false, $httponly=null)
 Set a secure cookie.
 deleteCookie ($name, $path= '/', $domain= '', $secure=false, $httponly=null)
 Delete a cookie.
 getCookieValue ($cookiename, $deleteIfInvalid=true)
 Get a secure cookie value.
 setClassicCookie ($cookiename, $value, $expire=0, $path= '/', $domain= '', $secure=false, $httponly=null)
 Send a classic (unsecure) cookie.
 cookieExists ($cookiename)
 Verify if a cookie exists.

Protected Member Functions

 _secureCookieValue ($value, $username, $expire)
 Secure a cookie value.
 _encrypt ($data, $key, $iv)
 Encrypt a given data with a given key and a given initialisation vector.
 _decrypt ($data, $key, $iv)
 Decrypt a given data with a given key and a given initialisation vector.
 _validateIv ($iv)
 Validate Initialization vector.
 _validateKey ($key)
 Validate key.

Protected Attributes

 $_secret = ''
 $_algorithm = MCRYPT_RIJNDAEL_256
 $_mode = MCRYPT_MODE_CBC
 $_cryptModule = null
 $_highConfidentiality = true
 $_ssl = false
 $_cookies = array()

Detailed Description

Slim - a micro PHP 5 framework.

Author
Josh Lockhart info@.nosp@m.josh.nosp@m.lockh.nosp@m.art..nosp@m.com

Definition at line 54 of file CookieJar.php.

Constructor & Destructor Documentation

Slim_Http_CookieJar::__construct (   $secret,
  $config = null 
)

Constructor.

Initialize cookie manager and mcrypt module.

Parameters
string$secretServer's secret key
array$config
Exceptions
ExceptionIf secret key is empty
ExceptionIf unable to open mcypt module

Definition at line 101 of file CookieJar.php.

{
if ( empty($secret) ) {
throw new Exception('You must provide a secret key');
}
$this->_secret = $secret;
if ( $config !== null && !is_array($config) ) {
throw new Exception('Config must be an array');
}
if ( is_array($config) ) {
if ( isset($config['high_confidentiality']) ) {
$this->_highConfidentiality = $config['high_confidentiality'];
}
if ( isset($config['mcrypt_algorithm']) ) {
$this->_algorithm = $config['mcrypt_algorithm'];
}
if ( isset($config['mcrypt_mode']) ) {
$this->_mode = $config['mcrypt_mode'];
}
if ( isset($config['enable_ssl']) ) {
$this->_ssl = $config['enable_ssl'];
}
}
if ( extension_loaded('mcrypt') ) {
$this->_cryptModule = mcrypt_module_open($this->_algorithm, '', $this->_mode, '');
if ( $this->_cryptModule === false ) {
throw new Exception('Error while loading mcrypt module');
}
}
}

Member Function Documentation

Slim_Http_CookieJar::_decrypt (   $data,
  $key,
  $iv 
)
protected

Decrypt a given data with a given key and a given initialisation vector.

Parameters
string$dataData to crypt
string$keySecret key
string$ivInitialisation vector
Returns
string Encrypted data

Definition at line 359 of file CookieJar.php.

References $data, $res, _validateIv(), and _validateKey().

Referenced by getCookieValue().

{
$iv = $this->_validateIv($iv);
$key = $this->_validateKey($key);
mcrypt_generic_init($this->_cryptModule, $key, $iv);
$decryptedData = mdecrypt_generic($this->_cryptModule, $data);
$res = str_replace("\x0", '', $decryptedData);
mcrypt_generic_deinit($this->_cryptModule);
return $res;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Slim_Http_CookieJar::_encrypt (   $data,
  $key,
  $iv 
)
protected

Encrypt a given data with a given key and a given initialisation vector.

Parameters
string$dataData to crypt
string$keySecret key
string$ivInitialisation vector
Returns
string Encrypted data

Definition at line 342 of file CookieJar.php.

References $data, $res, _validateIv(), and _validateKey().

Referenced by _secureCookieValue().

{
$iv = $this->_validateIv($iv);
$key = $this->_validateKey($key);
mcrypt_generic_init($this->_cryptModule, $key, $iv);
$res = @mcrypt_generic($this->_cryptModule, $data);
mcrypt_generic_deinit($this->_cryptModule);
return $res;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Slim_Http_CookieJar::_secureCookieValue (   $value,
  $username,
  $expire 
)
protected

Secure a cookie value.

The initial value is transformed with this protocol:

secureValue = username|expire|base64((value)k,expire)|HMAC(user|expire|value,k) where k = HMAC(user|expire, sk) and sk is server's secret key (value)k,md5(expire) is the result an cryptographic function (ex: AES256) on "value" with key k and initialisation vector = md5(expire)

Parameters
string$valueUnsecure value
string$usernameUser identifier
integer$expireExpiration time
Returns
string Secured value

Definition at line 315 of file CookieJar.php.

References $result, _encrypt(), and getHighConfidentiality().

Referenced by setCookie().

{
if ( is_string($expire) ) {
$expire = strtotime($expire);
}
$key = hash_hmac('sha1', $username . $expire, $this->_secret);
if ( $value !== '' && $this->getHighConfidentiality() ) {
$encryptedValue = base64_encode($this->_encrypt($value, $key, md5($expire)));
} else {
$encryptedValue = base64_encode($value);
}
if ( $this->_ssl && isset($_SERVER['SSL_SESSION_ID']) ) {
$verifKey = hash_hmac('sha1', $username . $expire . $value . $_SERVER['SSL_SESSION_ID'], $key);
} else {
$verifKey = hash_hmac('sha1', $username . $expire . $value, $key);
}
$result = array($username, $expire, $encryptedValue, $verifKey);
return implode('|', $result);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Slim_Http_CookieJar::_validateIv (   $iv)
protected

Validate Initialization vector.

If given IV is too long for the selected mcrypt algorithm, it will be truncated

Parameters
string$ivInitialization vector
Returns
string

Definition at line 377 of file CookieJar.php.

Referenced by _decrypt(), and _encrypt().

{
$ivSize = mcrypt_enc_get_iv_size($this->_cryptModule);
if ( strlen($iv) > $ivSize ) {
$iv = substr($iv, 0, $ivSize);
}
return $iv;
}

+ Here is the caller graph for this function:

Slim_Http_CookieJar::_validateKey (   $key)
protected

Validate key.

If given key is too long for the selected mcrypt algorithm, it will be truncated

Parameters
string$keykey
string

Definition at line 393 of file CookieJar.php.

Referenced by _decrypt(), and _encrypt().

{
$keySize = mcrypt_enc_get_key_size($this->_cryptModule);
if ( strlen($key) > $keySize ) {
$key = substr($key, 0, $keySize);
}
return $key;
}

+ Here is the caller graph for this function:

Slim_Http_CookieJar::cookieExists (   $cookiename)

Verify if a cookie exists.

Parameters
string$cookiename
Returns
bool TRUE if cookie exist, or FALSE if not

Definition at line 296 of file CookieJar.php.

References $_COOKIE.

Referenced by getCookieValue().

{
return isset($_COOKIE[$cookiename]);
}

+ Here is the caller graph for this function:

Slim_Http_CookieJar::deleteCookie (   $name,
  $path = '/',
  $domain = '',
  $secure = false,
  $httponly = null 
)

Delete a cookie.

Parameters
string$nameCookie name
string$pathCookie path
string$domainCookie domain
bool$secureWhen TRUE, send the cookie only on a secure connection
bool$httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol

Definition at line 221 of file CookieJar.php.

References $path.

Referenced by getCookieValue().

{
$expire = 315554400; /* 1980-01-01 */
$this->_cookies[$name] = new Slim_Http_Cookie($name, '', $expire, $path, $domain, $secure, $httponly);
//setcookie($name, '', $expire, $path, $domain, $secure, $httponly);
}

+ Here is the caller graph for this function:

Slim_Http_CookieJar::getCookieValue (   $cookiename,
  $deleteIfInvalid = true 
)

Get a secure cookie value.

Verify the integrity of cookie data and decrypt it. If the cookie is invalid, it can be automatically destroyed (default behaviour)

Parameters
string$cookienameCookie name
bool$deleteDestroy the cookie if invalid?
Returns
string|false The Cookie value, or FALSE if Cookie invalid

Definition at line 237 of file CookieJar.php.

References $_COOKIE, $data, _decrypt(), cookieExists(), deleteCookie(), and getHighConfidentiality().

{
if ( $this->cookieExists($cookiename) ) {
if ( extension_loaded('mcrypt') ) {
$cookieValues = explode('|', $_COOKIE[$cookiename]);
if ( (count($cookieValues) === 4) && ($cookieValues[1] == 0 || $cookieValues[1] >= time()) ) {
$key = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1], $this->_secret);
$cookieData = base64_decode($cookieValues[2]);
if ( $cookieData !== '' && $this->getHighConfidentiality() ) {
$data = $this->_decrypt($cookieData, $key, md5($cookieValues[1]));
} else {
$data = $cookieData;
}
if ( $this->_ssl && isset($_SERVER['SSL_SESSION_ID']) ) {
$verifKey = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1] . $data . $_SERVER['SSL_SESSION_ID'], $key);
} else {
$verifKey = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1] . $data, $key);
}
if ( $verifKey == $cookieValues[3] ) {
return $data;
}
}
} else {
return $_COOKIE[$cookiename];
}
}
if ( $deleteIfInvalid ) {
$this->deleteCookie($cookiename);
}
return false;
}

+ Here is the call graph for this function:

Slim_Http_CookieJar::getHighConfidentiality ( )

Get the high confidentiality mode.

Returns
bool TRUE if cookie data encryption is enabled, or FALSE if it isn't

Definition at line 136 of file CookieJar.php.

References $_highConfidentiality.

Referenced by _secureCookieValue(), and getCookieValue().

+ Here is the caller graph for this function:

Slim_Http_CookieJar::getResponseCookie (   $cookiename)

Get Cookie with name for Response.

Author
Josh Lockhart info@.nosp@m.josh.nosp@m.lockh.nosp@m.art..nosp@m.com
Parameters
string$cookienameThe name of the Cookie
Returns
Cookie|null Cookie, or NULL if Cookie with name not found

Definition at line 191 of file CookieJar.php.

{
return isset($this->_cookies[$cookiename]) ? $this->_cookies[$cookiename] : null;
}
Slim_Http_CookieJar::getResponseCookies ( )

Get Cookies for Response.

Author
Josh Lockhart info@.nosp@m.josh.nosp@m.lockh.nosp@m.art..nosp@m.com
Returns
array[Cookie]

Definition at line 180 of file CookieJar.php.

References $_cookies.

{
}
Slim_Http_CookieJar::getSSL ( )

Get the SSL status (enabled or disabled?)

Returns
bool TRUE if SSL support is enabled, or FALSE if it isn't

Definition at line 156 of file CookieJar.php.

References $_ssl.

{
return $this->_ssl;
}
Slim_Http_CookieJar::setClassicCookie (   $cookiename,
  $value,
  $expire = 0,
  $path = '/',
  $domain = '',
  $secure = false,
  $httponly = null 
)

Send a classic (unsecure) cookie.

Parameters
string$nameCookie name
string$valueCookie value
integer$expireExpiration time
string$pathCookie path
string$domainCookie domain
bool$secureWhen TRUE, send the cookie only on a secure connection
bool$httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol

Definition at line 279 of file CookieJar.php.

References $path.

Referenced by setCookie().

{
/* httponly option is only available for PHP version >= 5.2 */
if ( $httponly === null ) {
$this->_cookies[$cookiename] = new Slim_Http_Cookie($cookiename, $value, $expire, $path, $domain, $secure);
//setcookie($cookiename, $value, $expire, $path, $domain, $secure);
} else {
$this->_cookies[$cookiename] = new Slim_Http_Cookie($cookiename, $value, $expire, $path, $domain, $secure, $httponly);
//setcookie($cookiename, $value, $expire, $path, $domain, $secure, $httponly);
}
}

+ Here is the caller graph for this function:

Slim_Http_CookieJar::setCookie (   $cookiename,
  $value,
  $username,
  $expire = 0,
  $path = '/',
  $domain = '',
  $secure = false,
  $httponly = null 
)

Set a secure cookie.

Parameters
string$nameCookie name
string$valueCookie value
string$usernameUser identifier
integer$expireExpiration time
string$pathCookie path
string$domainCookie domain
bool$secureWhen TRUE, send the cookie only on a secure connection
bool$httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol

Definition at line 207 of file CookieJar.php.

References $path, _secureCookieValue(), and setClassicCookie().

{
$secureValue = extension_loaded('mcrypt') ? $this->_secureCookieValue($value, $username, $expire) : $value;
$this->setClassicCookie($cookiename, $secureValue, $expire, $path, $domain, $secure, $httponly);
}

+ Here is the call graph for this function:

Slim_Http_CookieJar::setHighConfidentiality (   $enable)

Enable or disable cookie data encryption.

Parameters
bool$enableTRUE to enable, FALSE to disable
Returns
CookieJar

Definition at line 146 of file CookieJar.php.

{
$this->_highConfidentiality = (bool)$enable;
return $this;
}
Slim_Http_CookieJar::setSSL (   $enable)

Enable SSL support (not enabled by default)

Pro: Protect against replay attack Con: Cookie's lifetime is limited to SSL session's lifetime

Parameters
bool$enableTRUE to enable, FALSE to disable
Returns
CookieJar

Definition at line 169 of file CookieJar.php.

{
$this->_ssl = (bool)$enable;
return $this;
}

Field Documentation

Slim_Http_CookieJar::$_algorithm = MCRYPT_RIJNDAEL_256
protected

Definition at line 64 of file CookieJar.php.

Slim_Http_CookieJar::$_cookies = array()
protected

Definition at line 89 of file CookieJar.php.

Referenced by getResponseCookies().

Slim_Http_CookieJar::$_cryptModule = null
protected

Definition at line 74 of file CookieJar.php.

Slim_Http_CookieJar::$_highConfidentiality = true
protected

Definition at line 79 of file CookieJar.php.

Referenced by getHighConfidentiality().

Slim_Http_CookieJar::$_mode = MCRYPT_MODE_CBC
protected

Definition at line 69 of file CookieJar.php.

Slim_Http_CookieJar::$_secret = ''
protected

Definition at line 59 of file CookieJar.php.

Slim_Http_CookieJar::$_ssl = false
protected

Definition at line 84 of file CookieJar.php.

Referenced by getSSL().


The documentation for this class was generated from the following file: