1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
<?php
require_once 'PEAR.php';
/**
* The Horde_Token:: class provides a common abstracted interface into the
* various token generation mediums. It also includes all of the
* functions for retrieving, storing, and checking tokens.
*
* $Horde: framework/Token/Token.php,v 1.33.6.8 2006/04/19 21:14:05 jan Exp $
*
* Copyright 1999-2006 Max Kalika <max@horde.org>
* Copyright 1999-2006 Chuck Hagenbuch <chuck@horde.org>
*
* See the enclosed file COPYING for license information (LGPL). If you
* did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
*
* @author Max Kalika <max@horde.org>
* @author Chuck Hagenbuch <chuck@horde.org>
* @since Horde 1.3
* @package Horde_Token
*/
class Horde_Token {
/**
* Hash of parameters necessary to use the chosen backend.
*
* @var array
*/
var $_params = array();
/**
* Constructor.
*
* @param array $params A hash containing parameters.
*/
function Horde_Token($params = array())
{
}
function encodeRemoteAddress()
{
if (isset($_SERVER['REMOTE_ADDR'])) {
return base64_encode($_SERVER['REMOTE_ADDR']);
} else {
return '';
}
}
/**
* Generates a connection id and returns it.
*
* @param string $seed A unique ID to be included in the token,
* if it needs to be more unique than time (in seconds)
* and the remote IP.
*
* @return string The generated id string.
*/
function generateId($seed = '')
{
return md5(time() . '][' . $seed . '][' . Horde_Token::encodeRemoteAddress());
}
/**
* Checks if the given token has been previously used. First
* purges all expired tokens. Then retrieves current tokens for
* the given ip address. If the specified token was not found,
* adds it.
*
* @param string $token The value of the token to check.
*
* @return boolean True if the token has not been used,
* false otherwise.
*/
function verify($token)
{
$this->purge();
$exists = $this->exists($token);
if (is_a($exists, 'PEAR_Error')) {
return $exists;
} elseif ($exists) {
return false;
} else {
return $this->add($token);
}
}
/**
* This is an abstract method that should be overridden by a
* subclass implementation. The base implementation allows all
* token values.
*/
function exists()
{
return false;
}
/**
* This is an abstract method that should be overridden by a
* subclass implementation. The base implementation allows all
* token values.
*/
function add()
{
return true;
}
/**
* This is an abstract method that should be overridden by a
* subclass implementation. The base implementation allows all
* token values.
*/
function purge()
{
return true;
}
/**
* Attempts to return a concrete Horde_Token instance based on $driver.
*
* @param mixed $driver The type of concrete Horde_Token subclass to
* return. If $driver is an array, then we will look
* in $driver[0]/lib/Token/ for the subclass
* implementation named $driver[1].php.
* @param array $params A hash containing any additional configuration or
* connection parameters a subclass might need.
*
* @return Horde_Token The newly created concrete Horde_Token instance, or
* false an error.
*/
function &factory($driver, $params = array())
{
if (is_array($driver)) {
list($app, $driver) = $driver;
}
$driver = basename($driver);
if (!empty($app)) {
require_once $app . '/lib/Token/' . $driver . '.php';
} elseif (@file_exists(dirname(__FILE__) . '/Token/' . $driver . '.php')) {
require_once dirname(__FILE__) . '/Token/' . $driver . '.php';
} else {
@include_once 'Horde/Token/' . $driver . '.php';
}
$class = 'Horde_Token_' . $driver;
if (class_exists($class)) {
$token = &new $class($params);
} else {
$token = &new Horde_Token($params);
}
return $token;
}
/**
* Attempts to return a reference to a concrete Horde_Token instance based
* on $driver.
*
* It will only create a new instance if no Horde_Token instance with the
* same parameters currently exists.
*
* This should be used if multiple types of token generators (and, thus,
* multiple Horde_Token instances) are required.
*
* This method must be invoked as:
* <code>$var = &Horde_Token::singleton();</code>
*
* @param mixed $driver The type of concrete Horde_Token subclass to
* return. If $driver is an array, then we will look
* in $driver[0]/lib/Token/ for the subclass
* implementation named $driver[1].php.
* @param array $params A hash containing any additional configuration or
* connection parameters a subclass might need.
*
* @return Horde_Token The concrete Horde_Token reference, or false on
* error.
*/
function &singleton($driver, $params = array())
{
static $instances;
if (!isset($instances)) {
$instances = array();
}
$signature = serialize(array($driver, $params));
if (!isset($instances[$signature])) {
$instances[$signature] = &Horde_Token::factory($driver, $params);
}
return $instances[$signature];
}
}
|
