/**
* Insert a CSRF prevention token to a form
*
* @param boolean $echo - output to stdout? If false, return a string.
* @return string
*/
public static function insertToken($echo = true)
{
$ret = '';
if (!isset($_SESSION[self::SESSION_INDEX])) {
$_SESSION[self::SESSION_INDEX] = [];
}
list($index, $token) = self::generateToken();
$ret .= "<!--\n--><input type=\"hidden\" name=\"" . self::FORM_INDEX . "\" value=\"" . Resonant\Secure::noHTML($index) . "\" />";
if (self::$hmac_ip !== false) {
// Use HMAC to only allow this particular IP to send this request
$token = \base64_encode(\hash_hmac(self::HASH_ALGO, isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', \base64_decode($token), true));
}
$ret .= "<!--\n--><input type=\"hidden\" name=\"" . self::FORM_TOKEN . "\" value=\"" . Resonant\Secure::noHTML($token) . "\" />";
if ($echo) {
echo $ret;
return '';
}
return $ret;
}
echo "\n## random(\$min, \$max)\n";
$charset = array_merge(range('a', 'z'), range('2', '7'));
$buffer = '';
for ($i = 0; $i < 16; ++$i) {
// Get a random index
$n = \Resonantcore\Lib\Secure::random(0, 31);
// Append a random character from $charset to buffer
$buffer .= $charset[$n];
}
echo $buffer . "\n";
unset($buffer);
/* Secure::random_bytes($num) */
echo "\n## random_bytes(\$num)\n";
echo base64_encode(\Resonantcore\Lib\Secure::random_bytes(32)) . "\n";
/* Secure::noHTML($str) */
echo "\n## noHTML(\$str)\n";
$buffer = \Resonantcore\Lib\Secure::noHTML('<br />');
if ($buffer === '<br />') {
echo "No HTML succeeded!\n";
}
unset($buffer);
/* Secure::file_valid($file, $jail_dir) */
echo "\n## file_valid(\$file, \$jail_dir)\n";
$buffer = \Resonantcore\Lib\Secure::file_valid($_SERVER['PHP_SELF'], BASE);
var_dump($buffer);
unset($buffer);
/* Secure::random_positive_int() */
echo "\n## random_positive_int()\n";
$buffer = \Resonantcore\Lib\Secure::random_positive_int();
var_dump($buffer);
unset($buffer);
