function print_layout() { $php_self = $_SERVER['PHP_SELF']; $public_key = get_session_var('public_key', true); $private_key = get_session_var('private_key', true); $document = get_session_var('document', true); $signature = get_session_var('signature', true); $plain_text = get_session_var('plain_text', true); $enc_text = get_session_var('enc_text', true); $is_sign_valid = get_session_var('is_sign_valid', true); echo <<<END <html> <head> <title>Crypt_RSA example of usage</title> <style type="text/css"> form { margin: 10px; padding: 10px; background: #ccc; border: 1px solid; } textarea { margin-bottom: 10px; } </style> </head> <body> <h1>Crypt_RSA example of usage</h1> <form action="{$php_self}?task=generate_key_pair" method="POST"> <div> <h1>Key generation</h1> Select key length: <select name="key_length"> <option value="32">32 bit</option> <option value="64">64 bit</option> <option value="128">128 bit</option> <option value="256">256 bit</option> <option value="512">512 bit</option> <option value="1024">1024 bit</option> <option value="2048">2048 bit</option> </select><br/> Public key:<br/> <textarea style="height:100px;width:90%">{$public_key}</textarea><br/> Private key:<br/> <textarea style="height:100px;width:90%">{$private_key}</textarea><br/> <input type="submit" value="Start"> </div> </form> <form action="{$php_self}?task=create_sign" method="POST"> <div> <h1>Signing document</h1> Document:<br/> <textarea style="height:100px;width:90%" name="document">{$document}</textarea><br/> Private key:<br/> <textarea style="height:100px;width:90%" name="private_key">{$private_key}</textarea><br/> Signature:<br/> <textarea style="height:100px;width:90%">{$signature}</textarea><br/> <input type="submit" value="Sign"> </div> </form> <form action="{$php_self}?task=validate_sign" method="POST"> <div> <h1>Validating document sign</h1> Document:<br/> <textarea style="height:100px;width:90%" name="document">{$document}</textarea><br/> Signature:<br/> <textarea style="height:100px;width:90%" name="signature">{$signature}</textarea><br/> Public key:<br/> <textarea style="height:100px;width:90%" name="public_key">{$public_key}</textarea><br/> Result: <span style="font-size:2em">{$is_sign_valid}</span><br/> <input type="submit" value="Validate"> </div> </form> <form action="{$php_self}?task=encrypt" method="POST"> <div> <h1>Encrypting</h1> Plain text:<br/> <textarea style="height:100px;width:90%" name="plain_text">{$plain_text}</textarea><br/> Public key:<br/> <textarea style="height:100px;width:90%" name="public_key">{$public_key}</textarea><br/> Encrypted text:<br/> <textarea style="height:100px;width:90%">{$enc_text}</textarea><br/> <input type="submit" value="Encrypt"> </div> </form> <form action="{$php_self}?task=decrypt" method="POST"> <div> <h1>Decrypting</h1> Encrypted text:<br/> <textarea style="height:100px;width:90%" name="enc_text">{$enc_text}</textarea><br/> Private key:<br/> <textarea style="height:100px;width:90%" name="private_key">{$private_key}</textarea><br/> Plain text:<br/> <textarea style="height:100px;width:90%">{$plain_text}</textarea><br/> <input type="submit" value="Decrypt"> </div> </form> END; }
/** * Validate CSRF tokens, POST and GET. * User will get logged out in case error reporting does not stop script. * * @access public * @param string $token_prefix (default: 'csrf_') * @return void */ function validate_csrf_tokens($token_prefix = 'csrf_') { if ($_SERVER['REQUEST_METHOD'] === 'POST' && count($_POST)) { if (empty($_POST[$token_prefix . 'token_name']) || empty($_POST[$token_prefix . 'token_value'])) { trigger_error('No CSRF token found, probable invalid request.', E_USER_ERROR); logout_user('csrf-post-invalid', 'danger'); } if (!validate_session_token($_POST[$token_prefix . 'token_name'], $_POST[$token_prefix . 'token_value'])) { trigger_error('Validating the CSRF token failed, probable an outdated request.', E_USER_ERROR); logout_user('csrf-post-failed', 'danger'); } } else { validate_csrf_get_token('csrftoken'); } // Purge cached tokens if ($cached_tokens = get_session_var('cached_unique_tokens')) { $now = time(); $timespan = 60 * 15; // 15 Minutes foreach ($cached_tokens as $unique_name => $time) { if ($time < $now - $timespan) { unset_session_var($unique_name); unset_cached_token($unique_name); } } } }