LEPTON CMS 7.2.0
feel free to keep it strictly simple...
Loading...
Searching...
No Matches
lepton_securecms.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
20class LEPTON_securecms
21{
22 public string $_salt = '';
23
28 public function __construct()
29 {
30 $this->_generate_salt();
31 }
32
38 public function _generate_salt(): void
39 {
40 LEPTON_handle::register("random_string");
41
42 $salt = random_string(28);
43 $salt .= PHP_VERSION;
44 $salt .= (string)time();
45
46 $this->_salt = $salt;
47 }
48
57 public function createLepToken(): string
58 {
59 if (function_exists('microtime'))
60 {
61 list($usec, $sec) = explode(" ", microtime());
62 $time = (string) ((float) $usec + (float) $sec);
63 }
64 else
65 {
66 $time = (string) time();
67 }
68
69 $token = substr(hash("sha512", $time . $this->_salt), 0, 21) . "z" . substr($time, 0, 10);
70 if (isset($_SESSION['LEPTOKENS']))
71 {
72 $_SESSION['LEPTOKENS'][] = $token;
73 }
74 else
75 {
76 $_SESSION['LEPTOKENS'] = [0 => $token];
77 }
78 return $token;
79 }
80
89 public function checkLepToken(): bool
90 {
91 if (!LEPTOKEN_LIFETIME)
92 {
93 return true;
94 }
95
96 $retval = false;
97
98 if (isset($_GET['leptoken']))
99 {
100 $currentToken= $_GET['leptoken'];
101 }
102 elseif (isset($_GET['amp;leptoken']))
103 {
104 $currentToken= $_GET['amp;leptoken'];
105 }
106 elseif (isset($_POST['leptoken']))
107 {
108 $currentToken= $_POST['leptoken'];
109 }
110 elseif (isset($_POST['amp;leptoken']))
111 {
112 $currentToken= $_POST['amp;leptoken'];
113 }
114 else
115 {
116 return $retval;
117 }
118
119 if (isset($_SESSION['LEPTOKENS']))
120 {
121 // Delete out-dated tokens
122 if ($this->deleteLepTokensByTimeout())
123 {
124 foreach ($_SESSION['LEPTOKENS'] as $index => $value)
125 {
126 if ($currentToken == $value)
127 {
128 $retval = true;
129 break;
130 }
131 }
132
133 // If none match delete all LEPTOKEN
134 if ($retval == false)
135 {
136 unset($_SESSION['LEPTOKENS']);
137 }
138 }
139 }
140
141 return $retval;
142 }
143
144 /*
145 * delete all Tokens in $_SESSION
146 * @access public
147 * for use in frontend addons to prevent backend access
148 *
149 * requirements: an active session must be available and LEPTOKEN must be enabled!
150 *
151 */
152 static public function clearLepTokens(): void
153 {
154 if (isset($_SESSION['LEPTOKENS']) && isset($_SESSION['GROUPS_ID']))
155 {
156 $aTemp = explode(", ", $_SESSION['GROUPS_ID']);
157 if ((!in_array(1, $aTemp)) && ((false === LEPTON_admin::getUserPermission("settings_backend_access")) && (false === LEPTON_admin::getUserPermission("backend_access"))))
158 {
159 unset($_SESSION['LEPTOKENS']);
160 }
161 }
162 }
163
168 private function deleteLepTokensByTimeout(): bool
169 {
170 $timeOut = intval(time() - LEPTOKEN_LIFETIME);
171 foreach ($_SESSION['LEPTOKENS'] as $index => $value)
172 {
173 $tempTerms = explode("z", $value);
174 $tokenTime = intval($tempTerms[1]);
175 if ($tokenTime < $timeOut)
176 {
177 unset($_SESSION['LEPTOKENS']);
178 return false;
179 }
180 }
181
182 return true;
183 }
184}
LEPTON_admin\getUserPermission
static getUserPermission(string $sPermissionName="")
Definition lepton_admin.php:755
LEPTON_handle\register
static register()
Definition lepton_handle.php:729
LEPTON_securecms
Definition lepton_securecms.php:21
LEPTON_securecms\_generate_salt
_generate_salt()
Definition lepton_securecms.php:38
LEPTON_securecms\__construct
__construct()
Definition lepton_securecms.php:28
LEPTON_securecms\createLepToken
createLepToken()
Definition lepton_securecms.php:57
LEPTON_securecms\$_salt
string $_salt
Definition lepton_securecms.php:22
LEPTON_securecms\clearLepTokens
static clearLepTokens()
Definition lepton_securecms.php:152
LEPTON_securecms\checkLepToken
checkLepToken()
Definition lepton_securecms.php:89
random_string
random_string(int $iNumOfChars=8, string $aType="alphanum")
Definition function.random_string.php:76