Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * every 'data edit' form has one of these - without exeception.
- *
- * This ensures that the form I sent out came from me.
- *
- * It has:
- * 1) A unique @id
- * 2) A date time stamp and a lifetime
- *
- * Can be automatically generated and checked.
- */
- class FormState {
- const MAX_FORM_AGE = 600; // seconds
- const ENC_PASSWORD = '327136823981d9e57652bba2acfdb1f2';
- const ENC_IV = 'f9928260b550dbb2eecb6e10fcf630ba';
- protected $state = array();
- public function __construct($prevState = '')
- {
- if (!empty($prevState)) {
- $this->reloadState($prevState); // will not be valid if fails
- return;
- }
- $this->setNewForm();
- }
- /**
- * Generate a new unique id and timestanp
- *
- * @param $name - optional name for the form
- */
- public function setNewForm($name = '')
- {
- $this->state = array();
- $this->state['formid'] = sha1(uniqid(true)); // each form has a unique id
- $this->state['when'] = time();
- if (!empty($name)) {
- $this->setAttribute('name', $name);
- }
- }
- /**
- * retrieve attribute value
- *
- * @param $name attribute name to use
- * @param $default value to return if attribute does not exist
- *
- * @return string / number
- */
- public function getAttribute($name, $default = null)
- {
- if (isset($this->state[$name])) {
- return $this->state[$name];
- } else {
- return $default;
- }
- }
- /**
- * store attribute value
- *
- * @param $name attribute name to use
- * @param $value value to save
- */
- public function setAttribute($name, $value)
- {
- $this->state[$name] = $value;
- }
- /**
- * get the array
- */
- public function getAllAttributes()
- {
- return $this->state;
- }
- /**
- * the unique form id
- *
- * @return hex string
- */
- public function getFormId()
- {
- return $this->getAttribute('formid');
- }
- /**
- * Age of the form in seconds
- * @return int seconds
- */
- public function getAge()
- {
- if ($this->isValid()) {
- return time() - $this->state['when'];
- }
- return 0;
- }
- /**
- * check the age of the form
- *
- *@param $ageSeconds is age older than the supplied age
- */
- public function isOutOfDate($ageSeconds = self::MAX_FORM_AGE)
- {
- return $this->getAge() >= $ageSeconds;
- }
- /**
- * was a valid string passed when restoring it
- * @return boolean
- */
- public function isValid()
- {
- return is_array($this->state) && !empty($this->state);
- }
- /** -----------------------------------------------------------------------
- * Encode as string - these are encrypted to ensure they are not tampered with
- */
- public function asString()
- {
- $serialized = serialize($this->state);
- $encrypted = $this->encrypt_decrypt('encrypt', $serialized);
- $result = base64_encode($encrypted);
- return $result;
- }
- /**
- * Restore the saved attributes - it must be a valid string
- *
- * @Param $prevState
- * @return array Attributes
- */
- public function fromString($prevState)
- {
- $encrypted = @base64_decode($prevState);
- if ($encrypted === false) {
- return false;
- }
- $serialized = $this->encrypt_decrypt('decrypt', $encrypted);
- if ($serialized === false) {
- return false;
- }
- $object = @unserialize($serialized);
- if ($object === false) {
- return false;
- }
- if (!is_array($object)) {
- throw new \Exception(__METHOD__ .' failed to return object: '. $object, 500);
- }
- return $object;
- }
- public function __toString()
- {
- return $this->asString();
- }
- /**
- * Restore the previous state of the form
- * will not be valid if not a valid string
- *
- * @param $prevState an encoded serialized array
- * @return bool isValid or not
- */
- public function reloadState($prevState)
- {
- $this->state = array();
- $state = $this->fromString($prevState);
- if ($state !== false) {
- $this->state = $state;
- }
- return $this->isValid();
- }
- /**
- * simple method to encrypt or decrypt a plain text string
- * initialization vector(IV) has to be the same when encrypting and decrypting
- *
- * @param string $action: can be 'encrypt' or 'decrypt'
- * @param string $string: string to encrypt or decrypt
- *
- * @return string
- */
- public function encrypt_decrypt($action, $string)
- {
- $output = false;
- $encrypt_method = "AES-256-CBC";
- $secret_key = self::ENC_PASSWORD;
- // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
- $secret_iv_len = openssl_cipher_iv_length($encrypt_method);
- $secret_iv = substr(self::ENC_IV, 0, $secret_iv_len);
- if ( $action == 'encrypt' ) {
- $output = openssl_encrypt($string, $encrypt_method, $secret_key, OPENSSL_RAW_DATA, $secret_iv);
- } else if( $action == 'decrypt' ) {
- $output = openssl_decrypt($string, $encrypt_method, $secret_key, OPENSSL_RAW_DATA, $secret_iv);
- }
- if ($output === false) {
- // throw new \Exception($action .' failed: '. $string, 500);
- }
- return $output;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement