ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Slim_Http_CookieJar Class Reference

Slim - a micro PHP 5 framework. More...

+ Collaboration diagram for Slim_Http_CookieJar:

Public Member Functions

 __construct ( $secret, $config=null)
 Constructor. More...
 
 getHighConfidentiality ()
 Get the high confidentiality mode. More...
 
 setHighConfidentiality ( $enable)
 Enable or disable cookie data encryption. More...
 
 getSSL ()
 Get the SSL status (enabled or disabled?) More...
 
 setSSL ( $enable)
 Enable SSL support (not enabled by default) More...
 
 getResponseCookies ()
 Get Cookies for Response. More...
 
 getResponseCookie ( $cookiename)
 Get Cookie with name for Response. More...
 
 setCookie ( $cookiename, $value, $username, $expire=0, $path='/', $domain='', $secure=false, $httponly=null)
 Set a secure cookie. More...
 
 deleteCookie ( $name, $path='/', $domain='', $secure=false, $httponly=null)
 Delete a cookie. More...
 
 getCookieValue ( $cookiename, $deleteIfInvalid=true)
 Get a secure cookie value. More...
 
 setClassicCookie ( $cookiename, $value, $expire=0, $path='/', $domain='', $secure=false, $httponly=null)
 Send a classic (unsecure) cookie. More...
 
 cookieExists ($cookiename)
 Verify if a cookie exists. More...
 

Protected Member Functions

 _secureCookieValue ( $value, $username, $expire)
 Secure a cookie value. More...
 
 _encrypt ( $data, $key, $iv)
 Encrypt a given data with a given key and a given initialisation vector. More...
 
 _decrypt ( $data, $key, $iv)
 Decrypt a given data with a given key and a given initialisation vector. More...
 
 _validateIv ($iv)
 Validate Initialization vector. More...
 
 _validateKey ($key)
 Validate key. More...
 

Protected Attributes

 $_secret = ''
 
 $_algorithm = MCRYPT_RIJNDAEL_256
 
 $_mode = MCRYPT_MODE_CBC
 
 $_cryptModule = null
 
 $_highConfidentiality = true
 
 $_ssl = false
 
 $_cookies = array()
 

Detailed Description

Slim - a micro PHP 5 framework.

Author
Josh Lockhart info@.nosp@m.josh.nosp@m.lockh.nosp@m.art..nosp@m.com

Definition at line 54 of file CookieJar.php.

Constructor & Destructor Documentation

◆ __construct()

Slim_Http_CookieJar::__construct (   $secret,
  $config = null 
)

Constructor.

Initialize cookie manager and mcrypt module.

Parameters
string$secretServer's secret key
array$config
Exceptions
ExceptionIf secret key is empty
ExceptionIf unable to open mcypt module

Definition at line 101 of file CookieJar.php.

101 {
102 if ( empty($secret) ) {
103 throw new Exception('You must provide a secret key');
104 }
105 $this->_secret = $secret;
106 if ( $config !== null && !is_array($config) ) {
107 throw new Exception('Config must be an array');
108 }
109 if ( is_array($config) ) {
110 if ( isset($config['high_confidentiality']) ) {
111 $this->_highConfidentiality = $config['high_confidentiality'];
112 }
113 if ( isset($config['mcrypt_algorithm']) ) {
114 $this->_algorithm = $config['mcrypt_algorithm'];
115 }
116 if ( isset($config['mcrypt_mode']) ) {
117 $this->_mode = $config['mcrypt_mode'];
118 }
119 if ( isset($config['enable_ssl']) ) {
120 $this->_ssl = $config['enable_ssl'];
121 }
122 }
123 if ( extension_loaded('mcrypt') ) {
124 $this->_cryptModule = mcrypt_module_open($this->_algorithm, '', $this->_mode, '');
125 if ( $this->_cryptModule === false ) {
126 throw new Exception('Error while loading mcrypt module');
127 }
128 }
129 }

Member Function Documentation

◆ _decrypt()

Slim_Http_CookieJar::_decrypt (   $data,
  $key,
  $iv 
)
protected

Decrypt a given data with a given key and a given initialisation vector.

Parameters
string$dataData to crypt
string$keySecret key
string$ivInitialisation vector
Returns
string Encrypted data

Definition at line 359 of file CookieJar.php.

359 {
360 $iv = $this->_validateIv($iv);
361 $key = $this->_validateKey($key);
362 mcrypt_generic_init($this->_cryptModule, $key, $iv);
363 $decryptedData = mdecrypt_generic($this->_cryptModule, $data);
364 $res = str_replace("\x0", '', $decryptedData);
365 mcrypt_generic_deinit($this->_cryptModule);
366 return $res;
367 }
_validateKey($key)
Validate key.
Definition: CookieJar.php:393
_validateIv($iv)
Validate Initialization vector.
Definition: CookieJar.php:377
$data

References $data, $res, _validateIv(), and _validateKey().

Referenced by getCookieValue().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _encrypt()

Slim_Http_CookieJar::_encrypt (   $data,
  $key,
  $iv 
)
protected

Encrypt a given data with a given key and a given initialisation vector.

Parameters
string$dataData to crypt
string$keySecret key
string$ivInitialisation vector
Returns
string Encrypted data

Definition at line 342 of file CookieJar.php.

342 {
343 $iv = $this->_validateIv($iv);
344 $key = $this->_validateKey($key);
345 mcrypt_generic_init($this->_cryptModule, $key, $iv);
346 $res = @mcrypt_generic($this->_cryptModule, $data);
347 mcrypt_generic_deinit($this->_cryptModule);
348 return $res;
349 }

References $data, $res, _validateIv(), and _validateKey().

Referenced by _secureCookieValue().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _secureCookieValue()

Slim_Http_CookieJar::_secureCookieValue (   $value,
  $username,
  $expire 
)
protected

Secure a cookie value.

The initial value is transformed with this protocol:

secureValue = username|expire|base64((value)k,expire)|HMAC(user|expire|value,k) where k = HMAC(user|expire, sk) and sk is server's secret key (value)k,md5(expire) is the result an cryptographic function (ex: AES256) on "value" with key k and initialisation vector = md5(expire)

Parameters
string$valueUnsecure value
string$usernameUser identifier
integer$expireExpiration time
Returns
string Secured value

Definition at line 315 of file CookieJar.php.

315 {
316 if ( is_string($expire) ) {
317 $expire = strtotime($expire);
318 }
319 $key = hash_hmac('sha1', $username . $expire, $this->_secret);
320 if ( $value !== '' && $this->getHighConfidentiality() ) {
321 $encryptedValue = base64_encode($this->_encrypt($value, $key, md5($expire)));
322 } else {
323 $encryptedValue = base64_encode($value);
324 }
325 if ( $this->_ssl && isset($_SERVER['SSL_SESSION_ID']) ) {
326 $verifKey = hash_hmac('sha1', $username . $expire . $value . $_SERVER['SSL_SESSION_ID'], $key);
327 } else {
328 $verifKey = hash_hmac('sha1', $username . $expire . $value, $key);
329 }
330 $result = array($username, $expire, $encryptedValue, $verifKey);
331 return implode('|', $result);
332 }
$result
getHighConfidentiality()
Get the high confidentiality mode.
Definition: CookieJar.php:136
_encrypt( $data, $key, $iv)
Encrypt a given data with a given key and a given initialisation vector.
Definition: CookieJar.php:342
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']

References $_SERVER, $result, _encrypt(), and getHighConfidentiality().

Referenced by setCookie().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _validateIv()

Slim_Http_CookieJar::_validateIv (   $iv)
protected

Validate Initialization vector.

If given IV is too long for the selected mcrypt algorithm, it will be truncated

Parameters
string$ivInitialization vector
Returns
string

Definition at line 377 of file CookieJar.php.

377 {
378 $ivSize = mcrypt_enc_get_iv_size($this->_cryptModule);
379 if ( strlen($iv) > $ivSize ) {
380 $iv = substr($iv, 0, $ivSize);
381 }
382 return $iv;
383 }

Referenced by _decrypt(), and _encrypt().

+ Here is the caller graph for this function:

◆ _validateKey()

Slim_Http_CookieJar::_validateKey (   $key)
protected

Validate key.

If given key is too long for the selected mcrypt algorithm, it will be truncated

Parameters
string$keykey
string

Definition at line 393 of file CookieJar.php.

393 {
394 $keySize = mcrypt_enc_get_key_size($this->_cryptModule);
395 if ( strlen($key) > $keySize ) {
396 $key = substr($key, 0, $keySize);
397 }
398 return $key;
399 }

Referenced by _decrypt(), and _encrypt().

+ Here is the caller graph for this function:

◆ cookieExists()

Slim_Http_CookieJar::cookieExists (   $cookiename)

Verify if a cookie exists.

Parameters
string$cookiename
Returns
bool TRUE if cookie exist, or FALSE if not

Definition at line 296 of file CookieJar.php.

296 {
297 return isset($_COOKIE[$cookiename]);
298 }
$_COOKIE["ilClientId"]
Definition: cron.php:11

References $_COOKIE.

Referenced by getCookieValue().

+ Here is the caller graph for this function:

◆ deleteCookie()

Slim_Http_CookieJar::deleteCookie (   $name,
  $path = '/',
  $domain = '',
  $secure = false,
  $httponly = null 
)

Delete a cookie.

Parameters
string$nameCookie name
string$pathCookie path
string$domainCookie domain
bool$secureWhen TRUE, send the cookie only on a secure connection
bool$httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol

Definition at line 221 of file CookieJar.php.

221 {
222 $expire = 315554400; /* 1980-01-01 */
223 $this->_cookies[$name] = new Slim_Http_Cookie($name, '', $expire, $path, $domain, $secure, $httponly);
224 //setcookie($name, '', $expire, $path, $domain, $secure, $httponly);
225 }
$path
Definition: index.php:22

References $path.

Referenced by getCookieValue().

+ Here is the caller graph for this function:

◆ getCookieValue()

Slim_Http_CookieJar::getCookieValue (   $cookiename,
  $deleteIfInvalid = true 
)

Get a secure cookie value.

Verify the integrity of cookie data and decrypt it. If the cookie is invalid, it can be automatically destroyed (default behaviour)

Parameters
string$cookienameCookie name
bool$deleteDestroy the cookie if invalid?
Returns
string|false The Cookie value, or FALSE if Cookie invalid

Definition at line 237 of file CookieJar.php.

237 {
238 if ( $this->cookieExists($cookiename) ) {
239 if ( extension_loaded('mcrypt') ) {
240 $cookieValues = explode('|', $_COOKIE[$cookiename]);
241 if ( (count($cookieValues) === 4) && ($cookieValues[1] == 0 || $cookieValues[1] >= time()) ) {
242 $key = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1], $this->_secret);
243 $cookieData = base64_decode($cookieValues[2]);
244 if ( $cookieData !== '' && $this->getHighConfidentiality() ) {
245 $data = $this->_decrypt($cookieData, $key, md5($cookieValues[1]));
246 } else {
247 $data = $cookieData;
248 }
249 if ( $this->_ssl && isset($_SERVER['SSL_SESSION_ID']) ) {
250 $verifKey = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1] . $data . $_SERVER['SSL_SESSION_ID'], $key);
251 } else {
252 $verifKey = hash_hmac('sha1', $cookieValues[0] . $cookieValues[1] . $data, $key);
253 }
254 if ( $verifKey == $cookieValues[3] ) {
255 return $data;
256 }
257 }
258 } else {
259 return $_COOKIE[$cookiename];
260 }
261 }
262 if ( $deleteIfInvalid ) {
263 $this->deleteCookie($cookiename);
264 }
265 return false;
266 }
_decrypt( $data, $key, $iv)
Decrypt a given data with a given key and a given initialisation vector.
Definition: CookieJar.php:359
deleteCookie( $name, $path='/', $domain='', $secure=false, $httponly=null)
Delete a cookie.
Definition: CookieJar.php:221
cookieExists($cookiename)
Verify if a cookie exists.
Definition: CookieJar.php:296

References $_COOKIE, $_SERVER, $data, _decrypt(), cookieExists(), deleteCookie(), and getHighConfidentiality().

+ Here is the call graph for this function:

◆ getHighConfidentiality()

Slim_Http_CookieJar::getHighConfidentiality ( )

Get the high confidentiality mode.

Returns
bool TRUE if cookie data encryption is enabled, or FALSE if it isn't

Definition at line 136 of file CookieJar.php.

136 {
138 }

References $_highConfidentiality.

Referenced by _secureCookieValue(), and getCookieValue().

+ Here is the caller graph for this function:

◆ getResponseCookie()

Slim_Http_CookieJar::getResponseCookie (   $cookiename)

Get Cookie with name for Response.

Author
Josh Lockhart info@.nosp@m.josh.nosp@m.lockh.nosp@m.art..nosp@m.com
Parameters
string$cookienameThe name of the Cookie
Returns
Cookie|null Cookie, or NULL if Cookie with name not found

Definition at line 191 of file CookieJar.php.

191 {
192 return isset($this->_cookies[$cookiename]) ? $this->_cookies[$cookiename] : null;
193 }

◆ getResponseCookies()

Slim_Http_CookieJar::getResponseCookies ( )

Get Cookies for Response.

Author
Josh Lockhart info@.nosp@m.josh.nosp@m.lockh.nosp@m.art..nosp@m.com
Returns
array[Cookie]

Definition at line 180 of file CookieJar.php.

180 {
181 return $this->_cookies;
182 }

References $_cookies.

◆ getSSL()

Slim_Http_CookieJar::getSSL ( )

Get the SSL status (enabled or disabled?)

Returns
bool TRUE if SSL support is enabled, or FALSE if it isn't

Definition at line 156 of file CookieJar.php.

156 {
157 return $this->_ssl;
158 }

References $_ssl.

◆ setClassicCookie()

Slim_Http_CookieJar::setClassicCookie (   $cookiename,
  $value,
  $expire = 0,
  $path = '/',
  $domain = '',
  $secure = false,
  $httponly = null 
)

Send a classic (unsecure) cookie.

Parameters
string$nameCookie name
string$valueCookie value
integer$expireExpiration time
string$pathCookie path
string$domainCookie domain
bool$secureWhen TRUE, send the cookie only on a secure connection
bool$httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol

Definition at line 279 of file CookieJar.php.

279 {
280 /* httponly option is only available for PHP version >= 5.2 */
281 if ( $httponly === null ) {
282 $this->_cookies[$cookiename] = new Slim_Http_Cookie($cookiename, $value, $expire, $path, $domain, $secure);
283 //setcookie($cookiename, $value, $expire, $path, $domain, $secure);
284 } else {
285 $this->_cookies[$cookiename] = new Slim_Http_Cookie($cookiename, $value, $expire, $path, $domain, $secure, $httponly);
286 //setcookie($cookiename, $value, $expire, $path, $domain, $secure, $httponly);
287 }
288 }

References $path.

Referenced by setCookie().

+ Here is the caller graph for this function:

◆ setCookie()

Slim_Http_CookieJar::setCookie (   $cookiename,
  $value,
  $username,
  $expire = 0,
  $path = '/',
  $domain = '',
  $secure = false,
  $httponly = null 
)

Set a secure cookie.

Parameters
string$nameCookie name
string$valueCookie value
string$usernameUser identifier
integer$expireExpiration time
string$pathCookie path
string$domainCookie domain
bool$secureWhen TRUE, send the cookie only on a secure connection
bool$httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol

Definition at line 207 of file CookieJar.php.

207 {
208 $secureValue = extension_loaded('mcrypt') ? $this->_secureCookieValue($value, $username, $expire) : $value;
209 $this->setClassicCookie($cookiename, $secureValue, $expire, $path, $domain, $secure, $httponly);
210 }
_secureCookieValue( $value, $username, $expire)
Secure a cookie value.
Definition: CookieJar.php:315
setClassicCookie( $cookiename, $value, $expire=0, $path='/', $domain='', $secure=false, $httponly=null)
Send a classic (unsecure) cookie.
Definition: CookieJar.php:279

References $path, _secureCookieValue(), and setClassicCookie().

+ Here is the call graph for this function:

◆ setHighConfidentiality()

Slim_Http_CookieJar::setHighConfidentiality (   $enable)

Enable or disable cookie data encryption.

Parameters
bool$enableTRUE to enable, FALSE to disable
Returns
CookieJar

Definition at line 146 of file CookieJar.php.

146 {
147 $this->_highConfidentiality = (bool)$enable;
148 return $this;
149 }

◆ setSSL()

Slim_Http_CookieJar::setSSL (   $enable)

Enable SSL support (not enabled by default)

Pro: Protect against replay attack Con: Cookie's lifetime is limited to SSL session's lifetime

Parameters
bool$enableTRUE to enable, FALSE to disable
Returns
CookieJar

Definition at line 169 of file CookieJar.php.

169 {
170 $this->_ssl = (bool)$enable;
171 return $this;
172 }

Field Documentation

◆ $_algorithm

Slim_Http_CookieJar::$_algorithm = MCRYPT_RIJNDAEL_256
protected

Definition at line 64 of file CookieJar.php.

◆ $_cookies

Slim_Http_CookieJar::$_cookies = array()
protected

Definition at line 89 of file CookieJar.php.

Referenced by getResponseCookies().

◆ $_cryptModule

Slim_Http_CookieJar::$_cryptModule = null
protected

Definition at line 74 of file CookieJar.php.

◆ $_highConfidentiality

Slim_Http_CookieJar::$_highConfidentiality = true
protected

Definition at line 79 of file CookieJar.php.

Referenced by getHighConfidentiality().

◆ $_mode

Slim_Http_CookieJar::$_mode = MCRYPT_MODE_CBC
protected

Definition at line 69 of file CookieJar.php.

◆ $_secret

Slim_Http_CookieJar::$_secret = ''
protected

Definition at line 59 of file CookieJar.php.

◆ $_ssl

Slim_Http_CookieJar::$_ssl = false
protected

Definition at line 84 of file CookieJar.php.

Referenced by getSSL().


The documentation for this class was generated from the following file: