0
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
1 <?php
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
2 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
3 * Core Security
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
4 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
5 * PHP versions 4 and 5
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
6 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
7 * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
8 * Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
9 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
10 * Licensed under The MIT License
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
11 * Redistributions of files must retain the above copyright notice.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
12 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
13 * @copyright Copyright 2005-2010, Cake Software Foundation, Inc. (http://cakefoundation.org)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
14 * @link http://cakephp.org CakePHP(tm) Project
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
15 * @package cake
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
16 * @subpackage cake.cake.libs
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
17 * @since CakePHP(tm) v .0.10.0.1233
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
18 * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
19 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
20
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
21 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
22 * Security Library contains utility methods related to security
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
23 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
24 * @package cake
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
25 * @subpackage cake.cake.libs
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
26 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
27 class Security extends Object {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
28
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
29 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
30 * Default hash method
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
31 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
32 * @var string
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
33 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
34 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
35 var $hashType = null;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
36
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
37 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
38 * Singleton implementation to get object instance.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
39 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
40 * @return object
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
41 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
42 * @static
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
43 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
44 function &getInstance() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
45 static $instance = array();
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
46 if (!$instance) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
47 $instance[0] =& new Security;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
48 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
49 return $instance[0];
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
50 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
51
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
52 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
53 * Get allowed minutes of inactivity based on security level.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
54 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
55 * @return integer Allowed inactivity in minutes
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
56 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
57 * @static
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
58 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
59 function inactiveMins() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
60 switch (Configure::read('Security.level')) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
61 case 'high':
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
62 return 10;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
63 break;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
64 case 'medium':
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
65 return 100;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
66 break;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
67 case 'low':
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
68 default:
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
69 return 300;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
70 break;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
71 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
72 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
73
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
74 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
75 * Generate authorization hash.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
76 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
77 * @return string Hash
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
78 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
79 * @static
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
80 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
81 function generateAuthKey() {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
82 if (!class_exists('String')) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
83 App::import('Core', 'String');
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
84 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
85 return Security::hash(String::uuid());
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
86 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
87
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
88 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
89 * Validate authorization hash.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
90 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
91 * @param string $authKey Authorization hash
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
92 * @return boolean Success
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
93 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
94 * @static
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
95 * @todo Complete implementation
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
96 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
97 function validateAuthKey($authKey) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
98 return true;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
99 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
100
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
101 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
102 * Create a hash from string using given method.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
103 * Fallback on next available method.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
104 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
105 * @param string $string String to hash
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
106 * @param string $type Method to use (sha1/sha256/md5)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
107 * @param boolean $salt If true, automatically appends the application's salt
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
108 * value to $string (Security.salt)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
109 * @return string Hash
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
110 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
111 * @static
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
112 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
113 function hash($string, $type = null, $salt = false) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
114 $_this =& Security::getInstance();
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
115
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
116 if ($salt) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
117 if (is_string($salt)) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
118 $string = $salt . $string;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
119 } else {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
120 $string = Configure::read('Security.salt') . $string;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
121 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
122 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
123
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
124 if (empty($type)) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
125 $type = $_this->hashType;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
126 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
127 $type = strtolower($type);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
128
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
129 if ($type == 'sha1' || $type == null) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
130 if (function_exists('sha1')) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
131 $return = sha1($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
132 return $return;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
133 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
134 $type = 'sha256';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
135 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
136
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
137 if ($type == 'sha256' && function_exists('mhash')) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
138 return bin2hex(mhash(MHASH_SHA256, $string));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
139 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
140
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
141 if (function_exists('hash')) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
142 return hash($type, $string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
143 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
144 return md5($string);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
145 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
146
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
147 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
148 * Sets the default hash method for the Security object. This affects all objects using
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
149 * Security::hash().
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
150 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
151 * @param string $hash Method to use (sha1/sha256/md5)
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
152 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
153 * @return void
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
154 * @static
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
155 * @see Security::hash()
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
156 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
157 function setHash($hash) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
158 $_this =& Security::getInstance();
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
159 $_this->hashType = $hash;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
160 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
161
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
162 /**
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
163 * Encrypts/Decrypts a text using the given key.
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
164 *
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
165 * @param string $text Encrypted string to decrypt, normal string to encrypt
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
166 * @param string $key Key to use
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
167 * @return string Encrypted/Decrypted string
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
168 * @access public
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
169 * @static
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
170 */
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
171 function cipher($text, $key) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
172 if (empty($key)) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
173 trigger_error(__('You cannot use an empty key for Security::cipher()', true), E_USER_WARNING);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
174 return '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
175 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
176
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
177 srand(Configure::read('Security.cipherSeed'));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
178 $out = '';
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
179 $keyLength = strlen($key);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
180 for ($i = 0, $textLength = strlen($text); $i < $textLength; $i++) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
181 $j = ord(substr($key, $i % $keyLength, 1));
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
182 while ($j--) {
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
183 rand(0, 255);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
184 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
185 $mask = rand(0, 255);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
186 $out .= chr(ord(substr($text, $i, 1)) ^ $mask);
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
187 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
188 srand();
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
189 return $out;
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
190 }
|
Shoshi TAMAKI <shoshi@cr.ie.u-ryukyu.ac.jp>
parents:
diff
changeset
|
191 }
|
