Typesetter-Original-gtbu/include/tool/Nonce.php

98 lines
2.4 KiB
PHP
Raw Normal View History

2021-09-08 19:52:21 +02:00
<?php
namespace gp\tool;
defined('is_running') or die('Not an entry point...');
class Nonce{
/**
* Generate a nerw nonce
* @param string $action Should be the same $action that is passed to Verify()
* @param bool $anon True if the nonce is being used for anonymous users
* @param int $factor Determines the length of time the generated nonce will be valid. The default 43200 will result in a 24hr period of time.
* @return string
*
*/
public static function Create($action='none', $anon=false, $factor=43200){
global $gpAdmin;
$nonce = $action;
if( !$anon && !empty($gpAdmin['username']) ){
$nonce .= $gpAdmin['username'];
}
return self::Hash($nonce, 0, $factor);
}
/**
* Verify a nonce ($check_nonce)
*
* @param string $action Should be the same $action that is passed to new_nonce()
* @param mixed $check_nonce The user submitted nonce or false if $_REQUEST['_gpnonce'] can be used
* @param bool $anon True if the nonce is being used for anonymous users
* @param int $factor Determines the length of time the generated nonce will be valid. The default 43200 will result in a 24hr period of time.
* @return bool Return false if the $check_nonce did not pass. true if passed
*
*/
public static function Verify($action='none', $check_nonce=false, $anon=false, $factor=43200 ){
global $gpAdmin;
if( $check_nonce === false ){
$check_nonce =& $_REQUEST['_gpnonce'];
}
if( empty($check_nonce) ){
return false;
}
$nonce = $action;
if( !$anon ){
if( empty($gpAdmin['username']) ){
return false;
}
$nonce .= $gpAdmin['username'];
}
// Nonce generated 0-12 hours ago
if( self::Hash( $nonce, 0, $factor ) === $check_nonce ){
return true;
}
// Nonce generated 12-24 hours ago
if( self::Hash( $nonce, 1, $factor ) === $check_nonce ){
return true;
}
// Invalid nonce
return false;
}
/**
* Generate a nonce hash
*
* @param string $nonce
* @param int $tick_offset
* @param int $factor Determines the length of time the generated nonce will be valid. The default 43200 will result in a 24hr period of time.
*
*/
public static function Hash($nonce, $tick_offset=0, $factor=43200){
global $config;
$nonce_tick = ceil(time() / $factor) - $tick_offset;
$nonce = $nonce . $config['gpuniq'] . $nonce_tick;
//nonces before version 5.0
if( gp_nonce_algo === 'legacy' ){
return substr( md5($nonce), -12, 10);
}
return \gp\tool::hash($nonce,gp_nonce_algo, 2);
}
}