Q49924789 - HTML Form 'conversation' Tracking

<?php
/**
* every 'data edit' form has one of these - without exeception.
*
* This ensures that the form I sent out came from me.
*
* It has:
*    1) A unique @id
*    2) A date time stamp and a lifetime
*
*  Can be automatically generated and checked.
*/

class FormState {

    const MAX_FORM_AGE = 600; // seconds

    const ENC_PASSWORD = '327136823981d9e57652bba2acfdb1f2';
    const ENC_IV       = 'f9928260b550dbb2eecb6e10fcf630ba';

    protected $state = array();

    public function __construct($prevState = '')
    {
        if (!empty($prevState)) {
            $this->reloadState($prevState); // will not be valid if fails
            return;
        }

        $this->setNewForm();
    }

    /**
     * Generate a new unique id and timestanp
     *
     * @param $name - optional name for the form
     */
    public function setNewForm($name = '')
    {
        $this->state = array();
        $this->state['formid'] = sha1(uniqid(true)); // each form has a unique id
        $this->state['when'] = time();

        if (!empty($name)) {
            $this->setAttribute('name', $name);
        }
    }

    /**
     * retrieve attribute value
     *
     * @param $name     attribute name to use
     * @param $default  value to return if attribute does not exist
     *
     * @return string / number
     */
    public function getAttribute($name, $default = null)
    {
            if (isset($this->state[$name])) {
                   return $this->state[$name];
            } else {
                   return $default;
            }
    }

    /**
     * store attribute value
     *
     * @param $name     attribute name to use
     * @param $value    value to save
     */
    public function setAttribute($name, $value)
    {
            $this->state[$name] = $value;
    }

    /**
     * get the array
     */
    public function getAllAttributes()
    {
        return $this->state;
    }

    /**
     * the unique form id
     *
     * @return hex string
     */
    public function getFormId()
    {
        return $this->getAttribute('formid');
    }

    /**
     * Age of the form in seconds
     * @return int seconds
     */
    public function getAge()
    {
        if ($this->isValid()) {
            return time() - $this->state['when'];
        }
        return 0;
    }

    /**
     * check the age of the form
     *
     *@param $ageSeconds is age older than the supplied age
     */
    public function isOutOfDate($ageSeconds = self::MAX_FORM_AGE)
    {
        return $this->getAge() >= $ageSeconds;
    }

    /**
     * was a valid string passed when restoring it
     * @return boolean
     */
    public function isValid()
    {
        return is_array($this->state) && !empty($this->state);
    }

    /** -----------------------------------------------------------------------
     * Encode as string - these are encrypted to ensure they are not tampered with
     */

    public function asString()
    {
        $serialized = serialize($this->state);
        $encrypted = $this->encrypt_decrypt('encrypt', $serialized);

        $result = base64_encode($encrypted);
        return $result;
    }

    /**
     * Restore the saved attributes - it must be a valid string
     *
     * @Param $prevState
     * @return array Attributes
     */
    public function fromString($prevState)
    {
        $encrypted = @base64_decode($prevState);
        if ($encrypted === false) {
           return false;
        }

        $serialized = $this->encrypt_decrypt('decrypt', $encrypted);
        if ($serialized === false) {
           return false;
        }

        $object = @unserialize($serialized);
        if ($object === false) {
           return false;
        }

        if (!is_array($object)) {
            throw new \Exception(__METHOD__ .' failed to return object: '. $object, 500);
        }
        return $object;
    }

    public function __toString()
    {
        return $this->asString();
    }

    /**
     * Restore the previous state of the form
     *    will not be valid if not a valid string
     *
     * @param  $prevState  an encoded serialized array
     * @return bool isValid or not
     */
    public function reloadState($prevState)
    {
        $this->state = array();

        $state = $this->fromString($prevState);
        if ($state !== false) {
            $this->state = $state;
        }

        return $this->isValid();
    }

    /**
     * simple method to encrypt or decrypt a plain text string
     * initialization vector(IV) has to be the same when encrypting and decrypting
     *
     * @param string $action: can be 'encrypt' or 'decrypt'
     * @param string $string: string to encrypt or decrypt
     *
     * @return string
     */
    public function encrypt_decrypt($action, $string)
    {
        $output = false;

        $encrypt_method = "AES-256-CBC";
        $secret_key = self::ENC_PASSWORD;


        // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
        $secret_iv_len = openssl_cipher_iv_length($encrypt_method);
        $secret_iv = substr(self::ENC_IV, 0, $secret_iv_len);

        if ( $action == 'encrypt' ) {
            $output = openssl_encrypt($string, $encrypt_method, $secret_key, OPENSSL_RAW_DATA, $secret_iv);

        } else if( $action == 'decrypt' ) {
            $output = openssl_decrypt($string, $encrypt_method, $secret_key, OPENSSL_RAW_DATA, $secret_iv);
        }

        if ($output === false) {
            // throw new \Exception($action .' failed: '. $string, 500);
        }

        return $output;
    }
}