Beispiel #1
0
 public function onBeforeWrite()
 {
     if (!$this->owner->NewsletterTrackingToken) {
         $generator = new RandomGenerator();
         $this->owner->NewsletterTrackingToken = $generator->generateHash('md5');
     }
 }
Beispiel #2
0
 /**
  * Ensure we populate these fields before a save.
  */
 public function onBeforeWrite()
 {
     // Run other beforewrites first.
     parent::onBeforeWrite();
     if (!$this->isBrowser()) {
         return false;
     }
     // If this is the first save...
     if (!$this->ID) {
         // Ensure the session exists before querying it.
         if (!Session::request_contains_session_id()) {
             Session::start();
         }
         // Store the sesion and has information in the database.
         $this->SessionID = SecurityToken::getSecurityID();
         if (is_null($this->SessionID)) {
             return false;
         }
         $gen = new RandomGenerator();
         $uniqueurl = substr($gen->randomToken(), 0, 32);
         while (ShortList::get()->filter('URL', $uniqueurl)->count() > 0) {
             $uniqueurl = substr($gen->randomToken(), 0, 32);
         }
         $this->URL = $uniqueurl;
         $this->UserAgent = Controller::curr()->getRequest()->getHeader('User-Agent');
     }
 }
Beispiel #3
0
 /**
  * Generates the One Time code that is passed to the redirect URL as GET param ott
  * Supports extension via extendGenerateOneTime, with a max token length of 255
  */
 public function generateOneTime()
 {
     $randomGen = new RandomGenerator();
     $random = substr($randomGen->randomToken(), 0, 10);
     $this->extend('extendGenerateOneTime', $random);
     $this->OneTimeCode = $random;
 }
Beispiel #4
0
 protected function onBeforeWrite()
 {
     if (!$this->isInDB()) {
         $generator = new RandomGenerator();
         $this->Token = $generator->randomToken();
     }
     parent::onBeforeWrite();
 }
Beispiel #5
0
 /**
  * @return string
  */
 public function generateConfirmationToken()
 {
     $generator = new RandomGenerator();
     $token = $generator->randomToken();
     $hash = self::HashConfirmationToken($token);
     $this->setField('ConfirmationHash', $hash);
     return $token;
 }
Beispiel #6
0
 /**
  * Generates an encrypted random token.
  * @param \Member $user
  * @throws \PasswordEncryptor_NotFoundException
  * @return string
  */
 public static function generate_token($user)
 {
     $generator = new \RandomGenerator();
     $tokenString = $generator->randomToken();
     $e = \PasswordEncryptor::create_for_algorithm('blowfish');
     $salt = $e->salt($tokenString);
     $token = sha1($e->encrypt($tokenString, $salt)) . substr(md5($user->Created . $user->LastEdited . $user->ID), 7);
     return $token;
 }
Beispiel #7
0
 /**
  * Generate and store the authentication tokens required
  * 
  * @TODO Rework this, it's not really any better than storing text passwords
  */
 public function generateTokens()
 {
     $generator = new RandomGenerator();
     $token = $generator->randomToken('sha1');
     $this->owner->Token = $this->owner->encryptWithUserSettings($token);
     $this->authToken = $token;
     $authToken = $generator->randomToken('whirlpool');
     $this->owner->AuthPrivateKey = $authToken;
 }
Beispiel #8
0
 /**
  * @return string
  */
 public function generateConfirmationToken()
 {
     $generator = new RandomGenerator();
     $this->token = $generator->randomToken();
     $hash = self::HashConfirmationToken($this->token);
     $this->setField('ConfirmationHash', $hash);
     Session::set(self::ConfirmationTokenParamName . '_' . $this->Speaker()->ID, $this->token);
     return $this->token;
 }
Beispiel #9
0
 protected function genToken()
 {
     // Generate a new random token (as random as possible)
     require_once dirname(dirname(dirname(__FILE__))) . '/security/RandomGenerator.php';
     $rg = new RandomGenerator();
     $token = $rg->randomToken('md5');
     // Store a file in the session save path (safer than /tmp, as open_basedir might limit that)
     file_put_contents($this->pathForToken($token), $token);
     return $token;
 }
Beispiel #10
0
 protected function onBeforeWrite()
 {
     if (!$this->isInDB()) {
         $generator = new RandomGenerator();
         $this->Token = $generator->randomToken();
         if ($this->getManagerEmail()) {
             $this->sendEmail();
         }
     }
     parent::onBeforeWrite();
 }
Beispiel #11
0
 function onBeforeWrite()
 {
     parent::onBeforeWrite();
     if (!$this->ValidUntil) {
         $this->setValidInMinutesFromNow();
     }
     if (!$this->RequestedFromIP) {
         $this->RequestedFromIP = $_SERVER['REMOTE_ADDR'];
     }
     if (!$this->UID) {
         $generator = new RandomGenerator();
         $this->UID = $generator->randomToken('sha1');
     }
 }
Beispiel #12
0
 /**
  * @return string
  */
 public function generateConfirmationToken()
 {
     $generator = new RandomGenerator();
     $already_exists = false;
     $repository = new SapphireSpeakerRegistrationRequestRepository();
     do {
         $this->token = $generator->randomToken();
         $already_exists = $repository->existsConfirmationToken($this->token);
     } while ($already_exists);
     $hash = self::HashConfirmationToken($this->token);
     $this->setField('ConfirmationHash', $hash);
     Session::set(self::ConfirmationTokenParamName . '_' . $this->Speaker()->ID, $this->token);
     return $this->token;
 }
Beispiel #13
0
 /**
  * Flags the current comment
  *
  * @return bool
  */
 public function doFlag()
 {
     if (!$this->owner->canFlag()) {
         return false;
     }
     $this->owner->Flagged = true;
     $this->owner->FlaggedAndRemoved = false;
     $random = new RandomGenerator();
     $this->owner->FlaggedSecurityToken = $random->randomToken();
     try {
         $this->owner->write();
     } catch (ValidationException $e) {
         SS_Log::log($e->getMessage(), SS_Log::WARN);
         return false;
     }
     $this->owner->extend('afterFlag');
     return true;
 }
Beispiel #14
0
 public function testMany()
 {
     $output = RandomGenerator::generate();
     $this->assertFalse(is_array($output), 'Output is array');
     $this->assertRegExp('/^([a-zA-Z0-9]{10})$/', $output, 'Single match not ok');
     $output = RandomGenerator::generate(3, 120, RandomGenerator::TYPE_ALPHANUM, 'start:X:end', 8, '-');
     $this->assertTrue(is_array($output), 'Not array');
     if (is_array($output)) $this->assertEquals(count($output), 3, 'Array count not 3');
     foreach ($output as $out) {
         $this->assertRegExp('/^start:([a-zA-Z0-9-]{134}):end$/', $out, 'Element not ok');
     }
 }
Beispiel #15
0
 /**
  * Tests security ID check
  */
 public function testSecurityID()
 {
     // Mock token
     $securityToken = SecurityToken::inst();
     $generator = new RandomGenerator();
     $token = $generator->randomToken('sha1');
     $session = array($securityToken->getName() => $token);
     $tokenError = _t('SpellController.SecurityMissing', 'Your session has expired. Please refresh your browser to continue.');
     // Test request sans token
     $response = $this->get('spellcheck', Injector::inst()->create('Session', $session));
     $this->assertEquals(400, $response->getStatusCode());
     $jsonBody = json_decode($response->getBody());
     $this->assertEquals($tokenError, $jsonBody->error->errstr);
     // Test request with correct token (will fail with an unrelated error)
     $response = $this->get('spellcheck/?SecurityID=' . urlencode($token), Injector::inst()->create('Session', $session));
     $jsonBody = json_decode($response->getBody());
     $this->assertNotEquals($tokenError, $jsonBody->error->errstr);
     // Test request with check disabled
     Config::inst()->update('SpellController', 'enable_security_token', false);
     $response = $this->get('spellcheck', Injector::inst()->create('Session', $session));
     $jsonBody = json_decode($response->getBody());
     $this->assertNotEquals($tokenError, $jsonBody->error->errstr);
 }
Beispiel #16
0
 public static function generate($options = array())
 {
     $options = self::_normalizeOptions($options);
     extract(array_merge(self::$defaultOptions, self::$_options, $options));
     self::$_options = array();
     $unique = false;
     $first_alaphabet = false;
     for ($i = 0; $i < strlen($type); $i++) {
         switch ($type[$i]) {
             case 'u':
                 $unique = true;
                 break;
             case 'f':
                 $first_alaphabet = true;
         }
     }
     $result = '';
     $result_length = 0;
     do {
         $c = self::generateCharacter($possible, $options);
         if ($first_alaphabet && $result_length == 0 && preg_match('/[a-z]/i', $possible)) {
             if (!preg_match('/[a-z]/', strtolower($c))) {
                 continue;
             }
         }
         if ($unique && strstr($result, $c)) {
             if ($result_length === strlen($possible)) {
                 trigger_error('Possible characters length is less than max length');
             }
             continue;
         }
         $result .= $c;
         $result_length++;
         if ($random_length) {
             $minLength = isset($random_length['min']) ? $random_length['min'] : 1;
             if ($minLength <= $result_length) {
                 $rand = $generator(1, $length);
                 if ($result_length < $rand) {
                     return $result;
                 }
             }
         }
     } while ($result_length < $length);
     return $result;
 }
Beispiel #17
0
 public function actionCreate()
 {
     $model = new Clients();
     $account = new Accounts();
     $preference = new Preferences();
     if (isset($_POST['Clients'], $_POST['Accounts'], $_POST['Preferences'])) {
         $model->attributes = $_POST['Clients'];
         $account->attributes = $_POST['Accounts'];
         $preference->attributes = $_POST['Preferences'];
         $model->login_name = $account->login_name;
         $model->client_code = RandomGenerator::generateString(AdminGlobals::CLIENT_CODE_LENGTH);
         $model->subscription_status = "active";
         $preference->prepaid_passwd = RandomGenerator::generateString(AdminGlobals::PREPAID_PASSWD_LENGTH);
         $account->account_name = $model->client_name;
         $account->email = $model->email;
         $account->is_visible = 0;
         $valid = $model->validate();
         $valid = $account->validate() && $valid;
         $valid = $preference->validate() && $valid;
         if ($valid) {
             $transaction = Yii::app()->db->beginTransaction();
             $success = $model->save(false);
             if ($success) {
                 $account->client_id = $preference->client_id = $model->id;
             }
             $success = $success && $account->save(false);
             $success = $success && $preference->save(false);
             if ($success) {
                 $transaction->commit();
                 if (Yii::app()->request->isAjaxRequest) {
                     $this->renderPartial('view', array('model' => $this->loadModel($model->id), 'account' => $account, 'preference' => $preference), false, true);
                     Yii::app()->end();
                 }
                 $this->redirect(array('view', 'id' => $model->id));
             }
             $transaction->rollBack();
         }
     }
     if (Yii::app()->request->isAjaxRequest) {
         $this->renderPartial('create', array('model' => $model, 'account' => $account, 'preference' => $preference), false, true);
         Yii::app()->end();
     }
     $this->render('create', array('model' => $model, 'account' => $account, 'preference' => $preference));
 }
Beispiel #18
0
 /**
  * Generate an auto login token which can be used to reset the password,
  * at the same time hashing it and storing in the database.
  *
  * @param int $lifetime The lifetime of the auto login hash in days (by default 2 days)
  *
  * @returns string Token that should be passed to the client (but NOT persisted).
  *
  * @todo Make it possible to handle database errors such as a "duplicate key" error
  */
 public function generateAutologinTokenAndStoreHash($lifetime = 2)
 {
     do {
         $generator = new RandomGenerator();
         $token = $generator->randomToken();
         $hash = $this->encryptWithUserSettings($token);
     } while (DataObject::get_one('Member', "\"AutoLoginHash\" = '{$hash}'"));
     $this->AutoLoginHash = $hash;
     $this->AutoLoginExpired = date('Y-m-d', time() + 86400 * $lifetime);
     $this->write();
     return $token;
 }
Beispiel #19
0
<?php

include 'random-generator.class.php';
header('Content-Type: text/plain');
$seed = 12345;
$generator = new RandomGenerator($seed);
echo "seed : {$seed}\n";
for ($n = 0; $n < 100; $n++) {
    $value = $generator->random() % 100;
    echo "{$n} : {$value}\n";
}
Beispiel #20
0
 /**
  * Returns a unique filename, including project/environment/timestamp details.
  * @return string
  */
 public function generateFilename(DNDataTransfer $dataTransfer)
 {
     $generator = new RandomGenerator();
     $filter = FileNameFilter::create();
     return sprintf('%s-%s-%s-%s-%s', $filter->filter(strtolower($this->OriginalEnvironment()->Project()->Name)), $filter->filter(strtolower($this->OriginalEnvironment()->Name)), $dataTransfer->Mode, date('Ymd'), sha1($generator->generateEntropy()));
 }
Beispiel #21
0
 /**
  * Generates an encrypted random token
  * and an expiry date
  * 
  * @param  boolean $expired Set to true to generate an outdated token
  * @return array            token data array('token' => HASH, 'expire' => EXPIRY_DATE)
  */
 private function generateToken($expired = false)
 {
     $life = $this->tokenConfig['life'];
     if (!$expired) {
         $expire = time() + $life;
     } else {
         $expire = time() - $life * 2;
     }
     $generator = new RandomGenerator();
     $tokenString = $generator->randomToken();
     $e = PasswordEncryptor::create_for_algorithm('blowfish');
     //blowfish isn't URL safe and maybe too long?
     $salt = $e->salt($tokenString);
     $token = $e->encrypt($tokenString, $salt);
     return array('token' => substr($token, 7), 'expire' => $expire);
 }
Beispiel #22
0
	/**
	 * Return a string value stored in the {@link Member->Salt} property.
	 * 
	 * @uses RandomGenerator
	 * 
	 * @param String $password Cleartext password
	 * @param Member $member (Optional)
	 * @return String Maximum of 50 characters
	 */
	function salt($password, $member = null) {
		$generator = new RandomGenerator();
		return substr($generator->generateHash('sha1'), 0, 50);
	}
Beispiel #23
0
	function testGenerateHashWithAlgorithm() {
		$r = new RandomGenerator();
		$this->assertNotNull($r->generateHash('md5'));
		$this->assertNotEquals($r->generateHash(), $r->generateHash('md5'));
	}
Beispiel #24
0
 /**
  * Generates new random key
  *
  * @param integer $length
  *
  * @return string
  */
 protected function generate($length = null)
 {
     $generator = new RandomGenerator();
     $result = $generator->randomToken('sha256');
     if ($length !== null) {
         return substr($result, 0, $length);
     }
     return $result;
 }
Beispiel #25
0
 /**
  * Generate an auto login token which can be used to reset the password,
  * at the same time hashing it and storing in the database.
  *
  * @param int $lifetime The lifetime of the auto login hash in days (by default 2 days)
  *
  * @returns string Token that should be passed to the client (but NOT persisted).
  *
  * @todo Make it possible to handle database errors such as a "duplicate key" error
  */
 public function generateValidateHashAndStore($lifetime = 2)
 {
     do {
         $generator = new RandomGenerator();
         $hash = $generator->randomToken();
     } while (DataObject::get_one('Recipient', "\"ValidateHash\" = '{$hash}'"));
     $this->ValidateHash = $hash;
     $this->ValidateHashExpired = date('Y-m-d H:i:s', time() + 86400 * $lifetime);
     $this->write();
     return $hash;
 }
Beispiel #26
0
	/**
	 * @uses RandomGenerator
	 * 
	 * @return String
	 */
	protected function generate() {
		$generator = new RandomGenerator();
		return $generator->generateHash('sha1');
	}
Beispiel #27
0
 /**
  * Creates a new random token and hashes it using the
  * member information
  * @param Member The logged in user
  * @return string The hash to be stored in the database
  */
 public function getNewHash(Member $member)
 {
     $generator = new RandomGenerator();
     $this->setToken($generator->randomToken('sha1'));
     return $member->encryptWithUserSettings($this->token);
 }
Beispiel #28
0
 public function testDisableSecurityTokenAcceptsSubmissionWithoutToken()
 {
     SecurityToken::enable();
     $expectedToken = SecurityToken::inst()->getValue();
     $response = $this->get('FormTest_ControllerWithSecurityToken');
     // can't use submitForm() as it'll automatically insert SecurityID into the POST data
     $response = $this->post('FormTest_ControllerWithSecurityToken/Form', array('Email' => '*****@*****.**', 'action_doSubmit' => 1));
     $this->assertEquals(400, $response->getStatusCode(), 'Submission fails without security token');
     // Generate a new token which doesn't match the current one
     $generator = new RandomGenerator();
     $invalidToken = $generator->randomToken('sha1');
     $this->assertNotEquals($invalidToken, $expectedToken);
     // Test token with request
     $response = $this->get('FormTest_ControllerWithSecurityToken');
     $response = $this->post('FormTest_ControllerWithSecurityToken/Form', array('Email' => '*****@*****.**', 'action_doSubmit' => 1, 'SecurityID' => $invalidToken));
     $this->assertEquals(200, $response->getStatusCode(), 'Submission reloads form if security token invalid');
     $this->assertTrue(stripos($response->getBody(), 'name="SecurityID" value="' . $expectedToken . '"') !== false, 'Submission reloads with correct security token after failure');
     $this->assertTrue(stripos($response->getBody(), 'name="SecurityID" value="' . $invalidToken . '"') === false, 'Submission reloads without incorrect security token after failure');
     $matched = $this->cssParser()->getBySelector('#Form_Form_Email');
     $attrs = $matched[0]->attributes();
     $this->assertEquals('*****@*****.**', (string) $attrs['value'], 'Submitted data is preserved');
     $response = $this->get('FormTest_ControllerWithSecurityToken');
     $tokenEls = $this->cssParser()->getBySelector('#Form_Form_SecurityID');
     $this->assertEquals(1, count($tokenEls), 'Token form field added for controller without disableSecurityToken()');
     $token = (string) $tokenEls[0];
     $response = $this->submitForm('Form_Form', null, array('Email' => '*****@*****.**', 'SecurityID' => $token));
     $this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
 }
Beispiel #29
0
 /**
  * Generate an auto login hash
  *
  * This creates an auto login hash that can be used to reset the password.
  *
  * @param int $lifetime The lifetime of the auto login hash in days (by default 2 days)
  *
  * @todo Make it possible to handle database errors such as a "duplicate key" error
  */
 function generateAutologinHash($lifetime = 2)
 {
     do {
         $generator = new RandomGenerator();
         $hash = $generator->generateHash('sha1');
     } while (DataObject::get_one('Member', "\"AutoLoginHash\" = '{$hash}'"));
     $this->AutoLoginHash = $hash;
     $this->AutoLoginExpired = date('Y-m-d', time() + 86400 * $lifetime);
     $this->write();
 }
Beispiel #30
0
 /**
  * @uses RandomGenerator
  * 
  * @return String
  */
 protected function generate()
 {
     $generator = new RandomGenerator();
     return $generator->randomToken('sha1');
 }