You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.4 KiB
57 lines
1.4 KiB
<?php
|
|
|
|
// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
|
|
//
|
|
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
|
|
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
|
|
// $Id$
|
|
|
|
class Tiki_Security
|
|
{
|
|
private $salt;
|
|
|
|
public static function get()
|
|
{
|
|
$tikilib = TikiLib::lib('tiki');
|
|
return new self($tikilib->get_site_hash());
|
|
}
|
|
|
|
public function __construct($salt)
|
|
{
|
|
$this->salt = $salt;
|
|
}
|
|
|
|
/**
|
|
* Encodes and sign data as a string to be sent to the browser and back to the server,
|
|
* ensuring the content has not been altered. This allows for the controllers to be stateless.
|
|
*/
|
|
public function encode(array $data)
|
|
{
|
|
$hash = $this->getHash($data);
|
|
|
|
return base64_encode(json_encode(['data' => $data, 'hash' => $hash]));
|
|
}
|
|
|
|
public function decode($string)
|
|
{
|
|
if (! $string = base64_decode($string)) {
|
|
return null;
|
|
}
|
|
|
|
if (! $decoded = json_decode($string, true)) {
|
|
return null;
|
|
}
|
|
|
|
$hash = $this->getHash($decoded['data']);
|
|
|
|
if ($hash === $decoded['hash']) {
|
|
return $decoded['data'];
|
|
}
|
|
}
|
|
|
|
private function getHash(array $data)
|
|
{
|
|
$string = json_encode($data);
|
|
return sha1($string . $this->salt);
|
|
}
|
|
}
|