static function start()
{
include_once __DIR__ . '/sessionDrivers/' . Settings::$sessionDriver . '.php';
//self::$driver = new Settings::$sessionDriver();
//session_set_save_handler(array(self::$driver, 'open'),array(self::$driver, 'close'),array(self::$driver, 'read'),
// array(self::$driver, 'write'),array(self::$driver, 'destroy'),array(self::$driver, 'gc'));
register_shutdown_function('session_write_close');
if (in_array(Settings::$session_hash, hash_algos())) {
ini_set('session.hash_function', Settings::$session_hash);
}
ini_set('session.hash_bits_per_character', Settings::$hash_bits_per_character);
$cookieParams = session_get_cookie_params();
session_set_cookie_params(Settings::$sessionLifetime, $cookieParams["path"], $cookieParams["domain"], Settings::$secure, Settings::$httpOnly);
session_name(Settings::$NAME);
//буферизуем заголовок
ob_start();
//включаем CORS, если указано в настройках /*
if (isset(Settings::$CORS) && Settings::$CORS && !empty($_SERVER['HTTP_ORIGIN'])) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
}
//включаем сессию
session_start();
ob_end_flush();
//посылаем заголовок
}
public static function isAvailable()
{
if (!function_exists('hash_algos') || !function_exists('hash')) {
return false;
}
return in_array(static::getHashName(), hash_algos(), true);
}
/**
* Checks if the algorithm specified exists and throws an exception if it does not
*
* @param string $algorithm Name of the algorithm to validate
*
* @return bool
* @throws InvalidArgumentException if the algorithm doesn't exist
*/
public static function validateAlgorithm($algorithm)
{
if (!in_array($algorithm, hash_algos(), true)) {
throw new InvalidArgumentException("The hashing algorithm specified ({$algorithm}) does not exist.");
}
return true;
}
/**
* @param string $algorithm
* @throws Zend_Crypt_Exception
*/
protected static function _detectHashSupport($algorithm)
{
if (function_exists('hash')) {
self::$_type = self::TYPE_HASH;
if (in_array($algorithm, hash_algos())) {
return;
}
}
if (function_exists('mhash')) {
self::$_type = self::TYPE_MHASH;
if (in_array($algorithm, self::$_supportedAlgosMhash)) {
return;
}
}
if (function_exists('openssl_digest')) {
if ($algorithm == 'ripemd160') {
$algorithm = 'rmd160';
}
self::$_type = self::TYPE_OPENSSL;
if (in_array($algorithm, self::$_supportedAlgosOpenssl)) {
return;
}
}
/**
* @see Zend_Crypt_Exception
*/
require_once 'Zend/Crypt/Exception.php';
throw new Zend_Crypt_Exception('\'' . $algorithm . '\' is not supported by any available extension or native function');
}
private function assertAlgorithmIsSupported(string $algorithm)
{
$algorithms = hash_algos();
if (in_array($algorithm, $algorithms, true) === false) {
throw new InvalidArgumentException(sprintf('The algorithm "%s" is not supported on this system.', $algorithm));
}
}
/**
* This function checks if a password is valid
* @param $crypted Password as appears in password file, optionally prepended with algorithm
* @param $clear Password to check
*/
public static function pwValid($crypted, $clear)
{
assert('is_string($crypted)');
assert('is_string($clear)');
// Match algorithm string ('{SSHA256}', '{MD5}')
if (preg_match('/^{(.*?)}(.*)$/', $crypted, $matches)) {
// LDAP compatibility
$algo = preg_replace('/^(S?SHA)$/', '${1}1', $matches[1]);
$cryptedpw = $matches[2];
if (in_array(strtolower($algo), hash_algos())) {
// Unsalted hash
return $crypted == self::pwHash($clear, $algo);
}
if ($algo[0] == 'S' && in_array(substr(strtolower($algo), 1), hash_algos())) {
$php_algo = substr(strtolower($algo), 1);
// Salted hash
$hash_length = strlen(hash($php_algo, 'whatever', TRUE));
$salt = substr(base64_decode($cryptedpw), $hash_length);
return $crypted == self::pwHash($clear, $algo, $salt);
}
throw new Exception('Hashing algoritm \'' . strtolower($algo) . '\' not supported');
} else {
return $crypted === $clear;
}
}
public function create_hash($string, $hash_method = 'sha1')
{
if (function_exists('hash') && in_array($hash_method, hash_algos())) {
return hash($hash_method, $string);
}
return sha1($string);
}
private function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if (!in_array($algorithm, hash_algos(), true)) {
trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR);
}
if ($count <= 0 || $key_length <= 0) {
trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR);
}
if (function_exists("hash_pbkdf2")) {
if (!$raw_output) {
$key_length = $key_length * 2;
}
return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
}
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for ($i = 1; $i <= $block_count; $i++) {
$last = $salt . pack("N", $i);
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
for ($j = 1; $j < $count; $j++) {
$xorsum ^= $last = hash_hmac($algorithm, $last, $password, true);
}
$output .= $xorsum;
}
if ($raw_output) {
return substr($output, 0, $key_length);
} else {
return bin2hex(substr($output, 0, $key_length));
}
}
function start_session($sessionName = 'PHPSESSID', $secure = false)
{
// Make sure the session cookie is not accessable via javascript.
$httponly = true;
// Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
$session_hash = 'sha512';
// Check if hash is available
if (in_array($session_hash, hash_algos())) {
// Set the has function.
ini_set('session.hash_function', $session_hash);
}
// 많은 해시의 문자 비트.
// The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
ini_set('session.hash_bits_per_character', 5);
// 쿠키 만이 아닌 URL 변수를 사용하여 세션을 강제로.
ini_set('session.use_only_cookies', 1);
// 세션 쿠키의 매개 변수를 가져옴
$cookieParams = session_get_cookie_params();
// 매개 변수를 설정합니다
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
// 세션을 시작
session_name($sessionName);
// Now we cat start the session
session_start();
/**
* TODO::
* 이 줄은 세션을 다시 생성하고 기존 하나를 삭제합니다.
* 또한 데이터베이스에 새로운 암호화 키를 생성한다.
*/
// session_regenerate_id ( true );
}
public function data()
{
$tests = array();
$knownAlgorithms = hash_algos();
foreach (self::$data as $algorithm => $value) {
// Some algorithms are not available in earlier versions of PHP so
// theres no need to have tests for them.
if (!in_array($algorithm, $knownAlgorithms)) {
continue;
}
$raw = explode(',', $algorithm);
$a = ucfirst($raw[0]);
// passes
$v = hash($algorithm, $value);
$tests["{$algorithm} lower"] = array("isAValid{$a}", $v);
$tests["{$algorithm} upper"] = array("isAValid{$a}", strtoupper($v));
$tests["not {$algorithm} lower"] = array("isNotAValid{$a}", $v, "hash \"{$v}\" is not a valid {$raw['0']}");
$tests["not {$algorithm} upper"] = array("isNotAValid{$a}", strtoupper($v), "hash \"" . strtoupper($v) . "\" is not a valid {$raw['0']}");
// failures
$tests["{$algorithm} too short"] = array("isAValid{$a}", '0', "hash \"0\" is a valid {$raw['0']}");
$tests["{$algorithm} too long"] = array("isAValid{$a}", "0{$v}", "hash \"0{$v}\" is a valid {$raw['0']}");
$tests["{$algorithm} bad character"] = array("isAValid{$a}", "z" . substr($v, 1), "hash \"z" . substr($v, 1) . "\" is a valid {$raw['0']}");
$tests["not {$algorithm} too short"] = array("isNotAValid{$a}", '0');
$tests["not {$algorithm} too long"] = array("isNotAValid{$a}", "0{$v}");
$tests["not {$algorithm} bad character"] = array("isNotAValid{$a}", "z" . substr($v, 1));
}
return $tests;
}
public function __construct($config_array)
{
$expected_keys = array("key_byte_size", "checksum_hash_function", "checksum_byte_size");
if (sort($expected_keys) !== true) {
throw Ex\CannotPerformOperationException("sort() failed.");
}
$actual_keys = array_keys($config_array);
if (sort($actual_keys) !== true) {
throw Ex\CannotPerformOperationException("sort() failed.");
}
if ($expected_keys !== $actual_keys) {
throw new Ex\CannotPerformOperationException("Trying to instantiate a bad key configuration.");
}
$this->key_byte_size = $config_array["key_byte_size"];
$this->checksum_hash_function = $config_array["checksum_hash_function"];
$this->checksum_byte_size = $config_array["checksum_byte_size"];
if (!\is_int($this->key_byte_size) || $this->key_byte_size <= 0) {
throw new Ex\CannotPerformOperationException("Invalid key byte size.");
}
if (\in_array($this->checksum_hash_function, \hash_algos()) === false) {
throw new Ex\CannotPerformOperationException("Invalid hash function name.");
}
if (!\is_int($this->checksum_byte_size) || $this->checksum_byte_size <= 0) {
throw new Ex\CannotPerformOperationException("Invalid checksum byte size.");
}
}
/**
* Hash encode a string
*
* @todo Remove in version 3.1+.
* @deprecated 3.0.0 Use PHP's native hash() instead.
* @param string $str
* @param string $type = 'sha1'
* @return string
*/
function do_hash($str, $type = 'sha1')
{
if (!in_array(strtolower($type), hash_algos())) {
$type = 'md5';
}
return hash($type, $str);
}
/**
* Get the supported algorithm
*
* @return array
*/
public static function getSupportedAlgorithms()
{
if (empty(self::$supportedAlgorithms)) {
self::$supportedAlgorithms = hash_algos();
}
return self::$supportedAlgorithms;
}
/**
* @return Symfony\Component\Config\Definition\Builder\TreeBuilder
*/
public function getConfigTreeBuilder()
{
$treeBuilder = new TreeBuilder();
$rootNode = $treeBuilder->root('coder');
$rootNode->children()->scalarNode('secret_key')->isRequired()->cannotBeEmpty()->end()->integerNode('mac_length')->min(1)->defaultValue(6)->end()->integerNode('key_length')->min(1)->defaultValue(4)->end()->scalarNode('algo')->defaultValue('sha1')->validate()->ifNotInArray(hash_algos())->thenInvalid('Invalid algo "%s"')->end()->end();
return $treeBuilder;
}
/**
* @param string $algorithm
*
* @return bool|void
*/
public static function setAlgorithm($algorithm)
{
if (!in_array($algorithm, hash_algos())) {
return false;
}
self::$algorithm = (string) $algorithm;
}
/**
* @brief Constructor
*
* @param String $algo The algorithm
*/
public function __construct($algo)
{
$algo = strtolower($algo);
// Check for support
if (extension_loaded('hash')) {
// We got the hashing support, so let's check if the algorithm is
// supported.
if (arr::hasValue(hash_algos(), $algo)) {
$this->module = self::MOD_HASH;
$this->algo = $algo;
return;
}
}
if (extension_loaded('mhash')) {
// No hash support but mhash support, can it handle the algorithm?
$num = mhash_count();
for ($i = 0; $i <= $num; $i++) {
if (mhash_get_hash_name($i) == $algo) {
$this->module = self::MOD_MHASH;
$this->algo = $algo;
return;
}
}
}
// Fall back on legacy spport here, is the algorithm one of the
// by php supported ones?
if (arr::hasValue(array('md5', 'sha1', 'crc32'), $algo)) {
$this->module = self::MOD_PHP;
$this->algo = $algo;
return;
}
// No support, throw exception
throw new SecurityException("Request for unsupported hash algorithm");
}
/**
* @param string $hash_algorithm
*
* @throws \InvalidArgumentException
*/
public function setHashAlgorithm($hash_algorithm)
{
if (!in_array($hash_algorithm, hash_algos())) {
throw new \InvalidArgumentException(sprintf('Hash algorithm "%s" is not supported. Please use one of the algorithms listed by function "hash_algos".', $hash_algorithm));
}
$this->hash_algorithm = $hash_algorithm;
}
function decode($str)
{
$res = "";
$length = (int) strlen($str);
$res .= decode_line("md5", md5($str), "input");
$res .= decode_line("sha1", sha1($str), "input");
$res .= decode_line("base64 encode", base64_encode($str), "textarea");
$res .= decode_line("base64 decode", base64_decode($str), "textarea");
$res .= decode_line("hex to string", @pack("H*", $str), "textarea");
$res .= decode_line("string to hex", bin2hex($str), "textarea");
$ascii = "";
for ($i = 0; $i < $length; $i++) {
$ascii .= ord(substr($str, $i, 1)) . " ";
}
$res .= decode_line("ascii char", trim($ascii), "textarea");
$res .= decode_line("reversed", strrev($str), "textarea");
$res .= decode_line("lowercase", strtolower($str), "textarea");
$res .= decode_line("uppercase", strtoupper($str), "textarea");
$res .= decode_line("urlencode", urlencode($str), "textarea");
$res .= decode_line("urldecode", urldecode($str), "textarea");
$res .= decode_line("rawurlencode", rawurlencode($str), "textarea");
$res .= decode_line("rawurldecode", rawurldecode($str), "textarea");
$res .= decode_line("htmlentities", html_safe($str), "textarea");
if (function_exists('hash_algos')) {
$algos = hash_algos();
foreach ($algos as $algo) {
if ($algo == 'md5' || $algo == 'sha1') {
continue;
}
$res .= decode_line($algo, hash($algo, $str), "input");
}
}
return $res;
}
/**
* @param string $algorithm A PHP built-in hashing algorithm as defined by hash_algos()
* @throws Exception
*/
public function __construct($algorithm)
{
if (!in_array($algorithm, hash_algos())) {
throw new Exception(sprintf('Hash algorithm "%s" not found in hash_algos()', $algorithm));
}
$this->algorithm = $algorithm;
}
/**
* Choose an algorithm.
* @param string $algorithm
* @throws Void_Exception
*/
public function setAlgorithm($algorithm) {
if (in_array($algorithm, hash_algos())) {
$this->_algorithm = $algorithm;
} else {
throw new Void_Auth_Credential_Treatment_Exception(sprintf("Algorithm '%s' not supported by hash extension", $algorithm));
}
}
/**
* @param string $algorithm
* @param string $password
* @param string $salt
* @param integer $count
* @param integer $key_length
* @param bool $raw_output
* @return string
* @throws InvalidArgumentException
*/
public static function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if (!in_array($algorithm, hash_algos(), true)) {
throw new InvalidArgumentException('Invalid hash algorithm');
}
if ($count <= 0 || $key_length <= 0) {
throw new InvalidArgumentException('Invalid parameters');
}
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for ($i = 1; $i <= $block_count; $i++) {
$last = $salt . pack("N", $i);
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
for ($j = 1; $j < $count; $j++) {
$xorsum ^= $last = hash_hmac($algorithm, $last, $password, true);
}
$output .= $xorsum;
}
if ($raw_output) {
return substr($output, 0, $key_length);
} else {
return bin2hex(substr($output, 0, $key_length));
}
}
function validateLogin($pass, $hashed_pass, $salt, $hash_method = 'sha1')
{
if (function_exists('hash') && in_array($hash_method, hash_algos())) {
return $hashed_pass === hash($hash_method, $salt . $pass);
}
return $hashed_pass === sha1($salt . $pass);
}
/**
* Constructor
*
* @access public
*/
function __construct()
{
$this->EE =& get_instance();
// Remove any hash algos that we don't have
// access to in this environment
$this->hash_algos = array_intersect($this->hash_algos, hash_algos());
}
/**
* Hash function for maintenance of salted passwords.
* Kindly taken from one of anonymous contributors (including func __harvest, _scrabmle):
* http://www.php.net/manual/en/function.sha1.php#94326
* and corrected mistakes.
*
* @param string Password to hash
* @param string Hash to compare with
* @param string Hashing algorithm
*
* @return string|boolean Hash of password if there was no hash to check taken or
* if the hashes match. False if they dont.
*/
private static function __hash($password, $obscured = NULL, $algorithm = "sha1")
{
// If hash isn't right length it might get to endless loop
if ($obscured !== null && strlen($obscured) != 40) {
return false;
}
// whether to use user specified algorithm
$mode = in_array($algorithm, hash_algos());
// generate random salt
$salt = uniqid(mt_rand(), true);
// hash it
$salt = $mode ? hash($algorithm, $salt) : sha1($salt);
// get the length
$slen = strlen($salt);
// compute the actual length of salt we will use
// 1/8 to 1/4 of the hash, with shorter passwords producing longer salts
$slen = max($slen >> 3, ($slen >> 2) - strlen($password));
// if we are checking password against a hash, harvest the actual salt from it, otherwise just cut the salt we already have to the proper size
$salt = $obscured ? self::__harvest($obscured, $slen, $password) : substr($salt, 0, $slen);
// hash the password - this is maybe unnecessary
$hash = $mode ? hash($algorithm, $password) : sha1($password);
// place the salt in it
$hash = self::__scramble($hash, $salt, $password);
// and hash it again
$hash = $mode ? hash($algorithm, $hash) : sha1($hash);
// cut the result so we can add salt and maintain the same length
$hash = substr($hash, $slen);
// ... do that
$hash = self::__scramble($hash, $salt, $password);
// and return the result
return $obscured && $obscured !== $hash ? false : $hash;
}
/**
* Return a hashed print from input file or content.
*
* @param string $input
*
* @return string
*/
protected function hashPrint($input)
{
// Get the stronger hashing algorithm available to minimize collision risks
$algos = hash_algos();
$algo = $algos[0];
$number = 0;
foreach ($algos as $hashAlgorithm) {
if (strpos($hashAlgorithm, 'md') === 0) {
$hashNumber = substr($hashAlgorithm, 2);
if ($hashNumber > $number) {
$number = $hashNumber;
$algo = $hashAlgorithm;
}
continue;
}
if (strpos($hashAlgorithm, 'sha') === 0) {
$hashNumber = substr($hashAlgorithm, 3);
if ($hashNumber > $number) {
$number = $hashNumber;
$algo = $hashAlgorithm;
}
continue;
}
}
return rtrim(strtr(base64_encode(hash($algo, $input, true)), '+/', '-_'), '=');
}
public static function isAvailable()
{
if (!function_exists('hash_algos') || !function_exists('hash')) {
return false;
}
return in_array('sha256', hash_algos(), true);
}
function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if (!in_array($algorithm, hash_algos(), true)) {
die('PBKDF2 ERROR: Invalid hash algorithm.');
}
if ($count <= 0 || $key_length <= 0) {
die('PBKDF2 ERROR: Invalid parameters.');
}
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for ($i = 1; $i <= $block_count; $i++) {
// $i encoded as 4 bytes, big endian.
$last = $salt . pack("N", $i);
// first iteration
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
// perform the other $count - 1 iterations
for ($j = 1; $j < $count; $j++) {
$xorsum ^= $last = hash_hmac($algorithm, $last, $password, true);
}
$output .= $xorsum;
}
if ($raw_output) {
return substr($output, 0, $key_length);
} else {
return bin2hex(substr($output, 0, $key_length));
}
}
function wa_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if (!in_array($algorithm, hash_algos(), true)) {
die('PBKDF2 ERROR: Invalid hash algorithm.');
}
if ($count <= 0 || $key_length <= 0) {
die('PBKDF2 ERROR: Invalid parameters.');
}
$hash_length = strlen(hash($algorithm, '', true));
$block_count = ceil($key_length / $hash_length);
$output = '';
for ($i = 1; $i <= $block_count; $i++) {
$last = $salt . pack('N', $i);
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
for ($j = 1; $j < $count; $j++) {
$xorsum ^= $last = hash_hmac($algorithm, $last, $password, true);
}
$output .= $xorsum;
}
if ($raw_output) {
return substr($output, 0, $key_length);
} else {
return bin2hex(substr($output, 0, $key_length));
}
}
function iniciarSesion($session_name, $secure)
{
// Make sure the session cookie is not accessable via javascript.
$httpunico = true;
// Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
$sesion_hash = 'sha512';
// Check if hash is available
if (in_array($sesion_hash, hash_algos())) {
// Set the has function.
ini_set('session.hash_function', $sesion_hash);
}
// How many bits per character of the hash.
// The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
ini_set('session.hash_bits_per_character', 5);
// Force the session to only use cookies, not URL variables.
ini_set('session.use_only_cookies', 1);
// Get session cookie parameters
$cookieParams = session_get_cookie_params();
// Set the parameters
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httpunico);
// Change the session name
session_name($session_name);
// Now we cat start the session
session_start();
// This line regenerates the session and delete the old one.
// It also generates a new encryption key in the database.
}
public static function get_system_requirements()
{
return [['name' => 'Memory limit', 'expected_value' => '640M', 'current_value' => function () {
return ini_get('memory_limit');
}, 'check' => function ($current_value, $expected_value) {
return intval($current_value) >= intval($expected_value);
}], ['name' => 'Max execution time', 'expected_value' => '30', 'current_value' => function () {
return ini_get('max_execution_time');
}, 'check' => function ($current_value, $expected_value) {
return intval($current_value) >= intval($expected_value);
}], ['name' => 'cUrl enabled', 'expected_value' => 'Yes', 'current_value' => function () {
return extension_loaded('curl') ? 'Yes' : 'No';
}, 'check' => function ($current_value, $expected_value) {
return $current_value == 'Yes';
}], ['name' => 'mCrypt enabled', 'expected_value' => 'Yes', 'current_value' => function () {
return extension_loaded('mcrypt') ? 'Yes' : 'No';
}, 'check' => function ($current_value, $expected_value) {
return $current_value == 'Yes';
}], ['name' => 'RIJNDAEL 128 available', 'expected_value' => 'Yes', 'current_value' => function () {
return extension_loaded('mcrypt') && in_array('rijndael-128', mcrypt_list_algorithms()) ? 'Yes' : 'No';
}, 'check' => function ($current_value, $expected_value) {
return $current_value == 'Yes';
}], ['name' => 'CBC mode available', 'expected_value' => 'Yes', 'current_value' => function () {
return extension_loaded('mcrypt') && in_array('cbc', mcrypt_list_modes()) ? 'Yes' : 'No';
}, 'check' => function ($current_value, $expected_value) {
return $current_value == 'Yes';
}], ['name' => 'SHA512 available', 'expected_value' => 'Yes', 'current_value' => function () {
return in_array('sha512', hash_algos()) ? 'Yes' : 'No';
}, 'check' => function ($current_value, $expected_value) {
return $current_value == 'Yes';
}]];
}
