1 <?php
2
3 namespace Alo\Statics;
4
5 if (!defined('GEN_START')) {
6 http_response_code(404);
7 die();
8 }
9
10 11 12 13 14
15 abstract class Security {
16
17 18 19 20 21
22 protected static $ascii_alphanum = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
23
24 25 26 27 28
29 protected static $ascii_rest = [' ', '!', '"', '#', '$', '%', '\'', '(', ')', '*', '+', ',', '.', '/', ':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '^', '_', '`', '-', '{', '|', '}', '~'];
30
31 32 33 34 35
36 const ASCII_ALL = 0;
37
38 39 40 41 42
43 const ASCII_ALPHANUM = 1;
44
45 46 47 48 49
50 const ASCII_NONALPHANUM = 2;
51
52 53 54 55 56 57 58
59 static function un_xss($item) {
60 if (is_array($item)) {
61 foreach ($item as &$v) {
62 $v = escape($item);
63 }
64
65 return $item;
66 } else {
67 return is_scalar($item) ? htmlspecialchars($item, ENT_QUOTES | ENT_HTML5, 'UTF-8', false) : null;
68 }
69 }
70
71 72 73 74 75 76 77 78
79 static function ascii_rand($length, $subset = self::ASCII_ALL) {
80 switch ($subset) {
81 case self::ASCII_ALPHANUM:
82 $subset = self::$ascii_alphanum;
83 break;
84 case self::ASCII_NONALPHANUM:
85 $subset = self::$ascii_rest;
86 break;
87 default:
88 $subset = array_merge(self::$ascii_alphanum, self::$ascii_rest);
89 }
90
91 $count = count($subset) - 1;
92
93 $r = '';
94
95 for ($i = 0; $i < $length; $i++) {
96 $r .= $subset[mt_rand(0, $count)];
97 }
98
99 return $r;
100 }
101
102 103 104 105 106 107 108 109
110 static function tokenGet($token_name, $hash = 'md5') {
111 $token = self::getUniqid($hash, 'token_' . $token_name);
112
113 if (!\Alo::$session) {
114 trigger_error('Session handler not initialised or not assigned to \\Alo::$session. Token not saved in session.', E_USER_WARNING);
115 } else {
116 \Alo::$session->{$token_name} = $token;
117 }
118
119 return $token;
120 }
121
122 123 124 125 126 127 128 129
130 static function tokenValid($token_name, array $data_array = null) {
131 if (!\Alo::$session) {
132 trigger_error('Session handler not initialised or not assigned to \\Alo::$session. FALSE will be returned. ', E_USER_WARNING);
133
134 return false;
135 } else {
136 if ($data_array === null) {
137 $data_array = $_POST;
138 }
139
140 $sess_token = \Alo::$session->{$token_name};
141
142 return $sess_token && \get($data_array[$token_name]) && $sess_token == $data_array[$token_name];
143 }
144 }
145
146 147 148 149 150 151 152
153 static function tokenRemove($token_name) {
154 if (\Alo::$session) {
155 \Alo::$session->delete($token_name);
156
157 return true;
158 }
159
160 return false;
161 }
162
163 164 165 166 167 168
169 static function getFingerprint() {
170 return '$%c0hYlc$kn!rZF' . \get($_SERVER['HTTP_USER_AGENT'])
171 . \get($_SERVER['HTTP_DNT']) . '^#J!kCRh&H4CKav'
172 . \get($_SERVER['HTTP_ACCEPT_LANGUAGE']) . 'h0&ThYYxk4YOD!g' . \get($_SERVER['REMOTE_ADDR']);
173 }
174
175 176 177 178 179 180 181 182 183
184 static function getUniqid($hash = 'md5', $prefix = null, $entropy = 50) {
185 $str = uniqid(mt_rand(PHP_INT_MIN, PHP_INT_MAX) . json_encode([
186 $_COOKIE,
187 $_REQUEST,
188 $_FILES,
189 $_ENV,
190 $_GET,
191 $_POST,
192 $_SERVER
193 ]), true)
194 . $prefix . self::ascii_rand($entropy);
195
196 if (function_exists('\openssl_random_pseudo_bytes')) {
197 $str .= \openssl_random_pseudo_bytes($entropy);
198 }
199
200 return hash($hash, $str);
201 }
202
203 }