forkbb/app/Core/Csrf.php

<?php

namespace ForkBB\Core;

use ForkBB\Core\Secury;

class Csrf
{
    /**
     * @var Secury
     */
    protected $secury;

    /**
     * @var string
     */
    protected $key;

    /**
     * Конструктор
     *
     * @param Secury $secury
     * @param string $key
     */
    public function __construct(Secury $secury, string $key)
    {
        $this->secury = $secury;
        $this->key = \sha1($key);
    }

    /**
     * Возвращает csrf токен
     *
     * @param string $marker
     * @param array $args
     * @param string|int $time
     *
     * @return string
     */
    public function create(string $marker, array $args = [], $time = null): string
    {
         unset($args['token'], $args['#']);
         \ksort($args);
         $marker .= '|';
         foreach ($args as $key => $value) {
             $marker .= $key . '|' . (string) $value . '|';
         }
         $time = $time ?: \time();
         return $this->secury->hmac($marker, $time . $this->key) . 'f' . $time;
    }

    /**
     * Проверка токена
     *
     * @param mixed $token
     * @param string $marker
     * @param array $args
     *
     * @return bool
     */
    public function verify($token, string $marker, array $args = []): bool
    {
        return \is_string($token)
            && \preg_match('%f(\d+)$%D', $token, $matches)
            && $matches[1] < \time()
            && $matches[1] + 1800 > \time()
            && \hash_equals($this->create($marker, $args, $matches[1]), $token);
    }
}
intermediate achievements 2017-02-14 13:05:26 +00:00			`<?php`

Forum and ... 2017-03-21 16:16:15 +00:00			`namespace ForkBB\Core;`
intermediate achievements 2017-02-14 13:05:26 +00:00
			`use ForkBB\Core\Secury;`

			`class Csrf`
			`{`
			`/**`
			`* @var Secury`
			`*/`
			`protected $secury;`

			`/**`
			`* @var string`
			`*/`
			`protected $key;`

			`/**`
			`* Конструктор`
2017-11-03 2017-11-03 13:06:22 +00:00			`*`
intermediate achievements 2017-02-14 13:05:26 +00:00			`* @param Secury $secury`
Add declaration of argument types and return values 2020-05-24 11:30:48 +00:00			`* @param string $key`
intermediate achievements 2017-02-14 13:05:26 +00:00			`*/`
Add declaration of argument types and return values 2020-05-24 11:30:48 +00:00			`public function __construct(Secury $secury, string $key)`
intermediate achievements 2017-02-14 13:05:26 +00:00			`{`
			`$this->secury = $secury;`
2018-03-08 2018-03-08 12:39:54 +00:00			`$this->key = \sha1($key);`
intermediate achievements 2017-02-14 13:05:26 +00:00			`}`

			`/**`
			`* Возвращает csrf токен`
2017-11-03 2017-11-03 13:06:22 +00:00			`*`
intermediate achievements 2017-02-14 13:05:26 +00:00			`* @param string $marker`
			`* @param array $args`
			`* @param string\|int $time`
2017-11-03 2017-11-03 13:06:22 +00:00			`*`
intermediate achievements 2017-02-14 13:05:26 +00:00			`* @return string`
			`*/`
Add declaration of argument types and return values 2020-05-24 11:30:48 +00:00			`public function create(string $marker, array $args = [], $time = null): string`
intermediate achievements 2017-02-14 13:05:26 +00:00			`{`
			`unset($args['token'], $args['#']);`
2018-03-08 2018-03-08 12:39:54 +00:00			`\ksort($args);`
AdminGroups, Csrf, Validator, ... 2017-04-09 14:32:49 +00:00			`$marker .= '\|';`
			`foreach ($args as $key => $value) {`
			`$marker .= $key . '\|' . (string) $value . '\|';`
			`}`
2018-03-08 2018-03-08 12:39:54 +00:00			`$time = $time ?: \time();`
AdminGroups, Csrf, Validator, ... 2017-04-09 14:32:49 +00:00			`return $this->secury->hmac($marker, $time . $this->key) . 'f' . $time;`
intermediate achievements 2017-02-14 13:05:26 +00:00			`}`

			`/**`
			`* Проверка токена`
2017-11-03 2017-11-03 13:06:22 +00:00			`*`
new model for user 2017-02-16 13:26:15 +00:00			`* @param mixed $token`
intermediate achievements 2017-02-14 13:05:26 +00:00			`* @param string $marker`
			`* @param array $args`
2017-11-03 2017-11-03 13:06:22 +00:00			`*`
intermediate achievements 2017-02-14 13:05:26 +00:00			`* @return bool`
			`*/`
Add declaration of argument types and return values 2020-05-24 11:30:48 +00:00			`public function verify($token, string $marker, array $args = []): bool`
intermediate achievements 2017-02-14 13:05:26 +00:00			`{`
2018-03-08 2018-03-08 12:39:54 +00:00			`return \is_string($token)`
			`&& \preg_match('%f(\d+)$%D', $token, $matches)`
			`&& $matches[1] < \time()`
			`&& $matches[1] + 1800 > \time()`
			`&& \hash_equals($this->create($marker, $args, $matches[1]), $token);`
intermediate achievements 2017-02-14 13:05:26 +00:00			`}`
			`}`