Beispiel #1
0
function print_layout()
{
    $php_self = $_SERVER['PHP_SELF'];
    $public_key = get_session_var('public_key', true);
    $private_key = get_session_var('private_key', true);
    $document = get_session_var('document', true);
    $signature = get_session_var('signature', true);
    $plain_text = get_session_var('plain_text', true);
    $enc_text = get_session_var('enc_text', true);
    $is_sign_valid = get_session_var('is_sign_valid', true);
    echo <<<END

<html>
<head>
    <title>Crypt_RSA example of usage</title>
    <style type="text/css">
        form { margin: 10px; padding: 10px; background: #ccc; border: 1px solid; }
        textarea { margin-bottom: 10px; }
    </style>
</head>

<body>
<h1>Crypt_RSA example of usage</h1>
<form action="{$php_self}?task=generate_key_pair" method="POST">
    <div>
        <h1>Key generation</h1>

        Select key length:
        <select name="key_length">
            <option value="32">32 bit</option>
            <option value="64">64 bit</option>
            <option value="128">128 bit</option>
            <option value="256">256 bit</option>
            <option value="512">512 bit</option>
            <option value="1024">1024 bit</option>
            <option value="2048">2048 bit</option>
        </select><br/>

        Public key:<br/>
        <textarea style="height:100px;width:90%">{$public_key}</textarea><br/>

        Private key:<br/>
        <textarea style="height:100px;width:90%">{$private_key}</textarea><br/>

        <input type="submit" value="Start">
    </div>
</form>

<form action="{$php_self}?task=create_sign" method="POST">
    <div>
        <h1>Signing document</h1>

        Document:<br/>
        <textarea style="height:100px;width:90%" name="document">{$document}</textarea><br/>

        Private key:<br/>
        <textarea style="height:100px;width:90%" name="private_key">{$private_key}</textarea><br/>

        Signature:<br/>
        <textarea style="height:100px;width:90%">{$signature}</textarea><br/>

        <input type="submit" value="Sign">
    </div>
</form>

<form action="{$php_self}?task=validate_sign" method="POST">
    <div>
        <h1>Validating document sign</h1>

        Document:<br/>
        <textarea style="height:100px;width:90%" name="document">{$document}</textarea><br/>

        Signature:<br/>
        <textarea style="height:100px;width:90%" name="signature">{$signature}</textarea><br/>

        Public key:<br/>
        <textarea style="height:100px;width:90%" name="public_key">{$public_key}</textarea><br/>

        Result: <span style="font-size:2em">{$is_sign_valid}</span><br/>

        <input type="submit" value="Validate">
    </div>
</form>

<form action="{$php_self}?task=encrypt" method="POST">
    <div>
        <h1>Encrypting</h1>

        Plain text:<br/>
        <textarea style="height:100px;width:90%" name="plain_text">{$plain_text}</textarea><br/>

        Public key:<br/>
        <textarea style="height:100px;width:90%" name="public_key">{$public_key}</textarea><br/>

        Encrypted text:<br/>
        <textarea style="height:100px;width:90%">{$enc_text}</textarea><br/>

        <input type="submit" value="Encrypt">
    </div>
</form>

<form action="{$php_self}?task=decrypt" method="POST">
    <div>
        <h1>Decrypting</h1>

        Encrypted text:<br/>
        <textarea style="height:100px;width:90%" name="enc_text">{$enc_text}</textarea><br/>

        Private key:<br/>
        <textarea style="height:100px;width:90%" name="private_key">{$private_key}</textarea><br/>

        Plain text:<br/>
        <textarea style="height:100px;width:90%">{$plain_text}</textarea><br/>

        <input type="submit" value="Decrypt">
    </div>
</form>
END;
}
Beispiel #2
0
/**
 * Validate CSRF tokens, POST and GET.
 * User will get logged out in case error reporting does not stop script.
 *
 * @access public
 * @param string $token_prefix (default: 'csrf_')
 * @return void
 */
function validate_csrf_tokens($token_prefix = 'csrf_')
{
    if ($_SERVER['REQUEST_METHOD'] === 'POST' && count($_POST)) {
        if (empty($_POST[$token_prefix . 'token_name']) || empty($_POST[$token_prefix . 'token_value'])) {
            trigger_error('No CSRF token found, probable invalid request.', E_USER_ERROR);
            logout_user('csrf-post-invalid', 'danger');
        }
        if (!validate_session_token($_POST[$token_prefix . 'token_name'], $_POST[$token_prefix . 'token_value'])) {
            trigger_error('Validating the CSRF token failed, probable an outdated request.', E_USER_ERROR);
            logout_user('csrf-post-failed', 'danger');
        }
    } else {
        validate_csrf_get_token('csrftoken');
    }
    // Purge cached tokens
    if ($cached_tokens = get_session_var('cached_unique_tokens')) {
        $now = time();
        $timespan = 60 * 15;
        // 15 Minutes
        foreach ($cached_tokens as $unique_name => $time) {
            if ($time < $now - $timespan) {
                unset_session_var($unique_name);
                unset_cached_token($unique_name);
            }
        }
    }
}