/** * Insert a CSRF prevention token to a form * * @param boolean $echo - output to stdout? If false, return a string. * @return string */ public static function insertToken($echo = true) { $ret = ''; if (!isset($_SESSION[self::SESSION_INDEX])) { $_SESSION[self::SESSION_INDEX] = []; } list($index, $token) = self::generateToken(); $ret .= "<!--\n--><input type=\"hidden\" name=\"" . self::FORM_INDEX . "\" value=\"" . Resonant\Secure::noHTML($index) . "\" />"; if (self::$hmac_ip !== false) { // Use HMAC to only allow this particular IP to send this request $token = \base64_encode(\hash_hmac(self::HASH_ALGO, isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', \base64_decode($token), true)); } $ret .= "<!--\n--><input type=\"hidden\" name=\"" . self::FORM_TOKEN . "\" value=\"" . Resonant\Secure::noHTML($token) . "\" />"; if ($echo) { echo $ret; return ''; } return $ret; }
echo "\n## random(\$min, \$max)\n"; $charset = array_merge(range('a', 'z'), range('2', '7')); $buffer = ''; for ($i = 0; $i < 16; ++$i) { // Get a random index $n = \Resonantcore\Lib\Secure::random(0, 31); // Append a random character from $charset to buffer $buffer .= $charset[$n]; } echo $buffer . "\n"; unset($buffer); /* Secure::random_bytes($num) */ echo "\n## random_bytes(\$num)\n"; echo base64_encode(\Resonantcore\Lib\Secure::random_bytes(32)) . "\n"; /* Secure::noHTML($str) */ echo "\n## noHTML(\$str)\n"; $buffer = \Resonantcore\Lib\Secure::noHTML('<br />'); if ($buffer === '<br />') { echo "No HTML succeeded!\n"; } unset($buffer); /* Secure::file_valid($file, $jail_dir) */ echo "\n## file_valid(\$file, \$jail_dir)\n"; $buffer = \Resonantcore\Lib\Secure::file_valid($_SERVER['PHP_SELF'], BASE); var_dump($buffer); unset($buffer); /* Secure::random_positive_int() */ echo "\n## random_positive_int()\n"; $buffer = \Resonantcore\Lib\Secure::random_positive_int(); var_dump($buffer); unset($buffer);