API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 11th, 2017
59
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.20 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.     class Session {
  3.         private static $Instance;
  4.  
  5.         /**
  6.          * @var User Holds an instance to the user's data object
  7.          */
  8.         public $User;
  9.         public $SessionID;
  10.  
  11.         /**
  12.          * @var string The user's authorization ID
  13.          */
  14.         public $AuthUser;
  15.  
  16.         /**
  17.          * @var string The user's authorization password (encrypted)
  18.          */
  19.         public $AuthPass;
  20.  
  21.         /**
  22.          * @var string The user's real password - kept private
  23.          */
  24.         private $AuthRealPassword;
  25.        
  26.         private $Key;
  27.        
  28.         public function AuthenticateSession() {
  29.             //echo ('Attempting to authenticate,<br/>');
  30.             //print_r($this);
  31.             //echo ('<br/>Cookies are:<br/>');
  32.             //print_r($_COOKIE);
  33.             //echo ('<br/>');
  34.             $this->Decrypt(); //Take the given password and decrypt it;
  35.             $LDAP = LDAP::Inst();
  36.             //print_r($LDAP);
  37.            
  38.            
  39.             if ($this->AuthUser && $LDAP->Bind($this->AuthUser,$this->AuthRealPassword)) {
  40.                 //Session has succesfully auth'd against ldap.
  41.                
  42.                 //echo ('<br/>Bound!<br/>');
  43.                
  44.                 //Attempt to get the user object logged in to - if not, the user isn't a DB user and should be created.
  45.                 $DOM = DataObjectManager::Inst();
  46.                 $User = new User();
  47.                 if (!$User->FetchUserFromAuthName($this->AuthUser)) {
  48.                     //We need to create a new user, extracting first name and last name from AD;
  49.                    
  50.                     //echo ('<br/>Searching LDAP<br/>');
  51.                    
  52.                     if ($LDAPUserData = $LDAP->ReadUserData($this->AuthUser)) {
  53.                         $User->AuthType = 'LDAP';
  54.                         $User->AuthID = $this->AuthUser;
  55.                         $User->AuthPassword = 'NULL';
  56.                         $User->Forenames = $LDAPUserData['FirstName'];
  57.                         $User->Surname = $LDAPUserData['LastName'];
  58.                         $User->Active = 1;
  59.                         if (!$User->Create()) {
  60.                             throw new CriticalException("Failed to create user {$this->AuthUser} from unknown LDAP user.");
  61.                         }
  62.                        
  63.                     }
  64.                     else {
  65.                         //print_r($LDAPUserData);
  66.                         throw new CriticalException("Failed to find user {$this->AuthUser} on AD when bound.");
  67.                     }
  68.                 }
  69.                 $UserID = $User->ID;
  70.                 $DOM->RegisterDataObject($User);
  71.                 $this->User = $DOM->FetchDataObject('User',$UserID);
  72.                
  73.                 //Set session cookies;
  74.                 $this->WriteSessionCookie();
  75.                 return true;
  76.             }
  77.             else {
  78.                 //echo '<br/>auth failed...<br/>';
  79.                 //Auth failed, so destroy any cookies set.
  80.                 //$this->DeleteSessionCookie();
  81.                 $this->AuthUser = false;
  82.                 $this->AuthPass = false;
  83.                 $this->AuthRealPassword = false;
  84.                 return false;
  85.             }
  86.            
  87.         }
  88.        
  89.         public function ClearSession() {
  90.             $this->AuthUser = false;
  91.             $this->AuthPass = false;
  92.             $this->AuthRealPassword = false;
  93.             $this->DeleteSessionCookie();
  94.            
  95.             return true;
  96.         }
  97.        
  98.         public function SetRealPassword($pass) {
  99.             $this->AuthRealPassword = $pass;
  100.             $this->Encrypt();
  101.         }
  102.        
  103.         private function WriteSessionCookie() {
  104.             $conf = Config::Inst();
  105.             setcookie($conf->CookieUserName,$this->AuthUser,time() + 216000,'/');
  106.             setcookie($conf->CookieUserPass,$this->AuthPass,time() + 216000,'/');
  107.             setcookie($conf->CookieSession,$this->Session,time() + 216000,'/');
  108.         }
  109.        
  110.         private function DeleteSessionCookie() {
  111.             $conf = Config::Inst();
  112.             setcookie($conf->CookieUserName,false,time() - 36000,'/');
  113.             setcookie($conf->CookieUserPass,false,time() - 36000,'/');
  114.             setcookie($conf->CookieSession,false,time() - 36000,'/');
  115.         }
  116.  
  117.         /**
  118.          * Using an alorithm and a key, apply mathamatics to a string so we
  119.          * retrieve an unrecognisable message but we can still reverse engineer
  120.          * it to receive the basic plain text input.
  121.          *
  122.          * @param string $string - The input into the RC4 Algorithm
  123.          * @return string - The RC4 Encryption / Decryption of the message
  124.          */
  125.         private function RC4($string) {
  126.             $keylength = strlen($this->Key);
  127.             for($i = 0; $i < 256; $i++) {
  128.                 $s[$i] = $i;
  129.             }
  130.             for ($i = $j = 0; $i < 256; $i++) {
  131.                 $temp = 0;
  132.                 //$j = ($j + ord($this->Key[$i % $keylength] + $s[$i])) & 255;
  133.                
  134.                 // The ord() should only be for the $this->key, Not $this-Key[] + $s[$i]
  135.                 $j = ($j + ord($this->Key[$i % $keylength]) + $s[$i]) & 255;
  136.                
  137.                 $temp = $s[$i];
  138.                 $s[$i] = $s[$j];
  139.                 $s[$j] = $temp;
  140.             }
  141.             $i = $j = 0;
  142.             $n = 0;
  143.             $out = '';
  144.             while($n < strlen($string)) {
  145.                 //echo ('pass ' . $n . '<br />');
  146.                 $i = ($i + 1) & 255;
  147.                 $j = ($j + $s[$i]) & 255;
  148.                 $temp = $s[$j];
  149.                 $s[$j] = $s[$i];
  150.                 $s[$i] = $temp;
  151.                 $out .= chr((ord($string[$n])) ^ ($s[($temp + $s[$j]) & 255]));
  152.                 $n++;
  153.             }
  154.             return $out;
  155.         }
  156.  
  157.         /**
  158.          * Encrypt a plain text message with a key to receive a message which
  159.          * can't be interpreted without a key.
  160.          */
  161.         private function Encrypt() {
  162.             $this->AuthPass = $this->RC4($this->AuthRealPassword);
  163.         }
  164.  
  165.         /**
  166.          * Decrypt the encrypted message to return the message as plain text
  167.          */
  168.         private function Decrypt() {
  169.             $this->AuthRealPassword = $this->RC4($this->AuthPass);
  170.         }
  171.  
  172.         /**
  173.          * This function returns a singleton instance
  174.          * @return Session singleton of itself
  175.          */
  176.         public static function Inst() {
  177.             if(!isset(self::$Instance)) {
  178.                 $c = __CLASS__;
  179.                 self::$Instance = new $c;
  180.             }
  181.             return self::$Instance;
  182.         }
  183.        
  184.         private function __construct() {
  185.             $conf = Config::Inst();
  186.             $this->Key = $conf->RC4Key;
  187.            
  188.             if (isset($_COOKIE[$conf->CookieUserName])) {
  189.                 $this->AuthUser = $_COOKIE[$conf->CookieUserName];
  190.             }
  191.            
  192.             if (isset($_COOKIE[$conf->CookieUserPass])) {
  193.                 $this->AuthPass = $_COOKIE[$conf->CookieUserPass];
  194.                 $this->Decrypt();
  195.             }
  196.            
  197.             if (!isset($_COOKIE[$conf->CookieSession])) {
  198.                 $this->Session = md5(microtime() . $this->AuthUser);
  199.                 setcookie($conf->CookieSession,$this->Session,time() + 216000, '/');
  200.             }
  201.             else {
  202.                 $this->Session = $_COOKIE[$conf->CookieSession];
  203.                
  204.             }
  205.         }
  206.     }
  207.    
  208.     //Test code;
  209.    
  210.     /*$teststring = 'attack at dawn';
  211.     $Auth = Session::Inst();
  212.    
  213.     echo ('Original text:' . $teststring . '<br />');
  214.     $ciphertext = $Auth->Encrypt($teststring);
  215.     echo ('Round 1:' . $ciphertext . '<br />');
  216.     $restring = $Auth->Encrypt($ciphertext);
  217.     echo ('Round 2:' . $restring . '<br />');*/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!