示例#1
0
 public function setUp()
 {
     /* Setup Routine */
     $this->_model = zerobin_db::getInstance($this->_options);
     serversalt::setPath(PATH . 'data');
     $this->reset();
 }
示例#2
0
 public function setUp()
 {
     /* Setup Routine */
     $this->_path = PATH . 'data';
     if (!is_dir($this->_path)) {
         mkdir($this->_path);
     }
     $this->_file = $this->_path . DIRECTORY_SEPARATOR . 'vizhash.png';
     serversalt::setPath($this->_path);
 }
示例#3
0
 /**
  * get server salt
  *
  * @access public
  * @static
  * @return string
  */
 public static function get()
 {
     if (strlen(self::$_salt)) {
         return self::$_salt;
     }
     $file = 'salt.php';
     if (!self::_exists($file)) {
         self::_store($file, '<?php /* |' . self::generate() . '| */ ?>');
     }
     $items = explode('|', file_get_contents(self::getPath($file)));
     self::$_salt = $items[1];
     return $items[1];
 }
示例#4
0
 /**
  * Store the paste's data.
  *
  * @access public
  * @throws Exception
  * @return void
  */
 public function store()
 {
     // Check for improbable collision.
     if ($this->exists()) {
         throw new Exception('You are unlucky. Try again.', 75);
     }
     $this->_data->meta->postdate = time();
     $this->_data->meta->salt = serversalt::generate();
     // store paste
     if ($this->_store->create($this->getId(), json_decode(json_encode($this->_data), true)) === false) {
         throw new Exception('Error saving paste. Sorry.', 76);
     }
 }
示例#5
0
 public function testVizhashGeneratesUniquePngsPerIp()
 {
     $vz = new vizhash16x16();
     $pngdata = $vz->generate('127.0.0.1');
     file_put_contents($this->_file, $pngdata);
     $finfo = new finfo(FILEINFO_MIME_TYPE);
     $this->assertEquals('image/png', $finfo->file($this->_file));
     $this->assertNotEquals($pngdata, $vz->generate('2001:1620:2057:dead:beef::cafe:babe'));
     $this->assertEquals($pngdata, $vz->generate('127.0.0.1'));
     // generating new salt
     $salt = serversalt::get();
     require 'mcrypt_mock.php';
     $this->assertNotEquals($salt, serversalt::generate());
 }
示例#6
0
 /**
  * constructor
  *
  * @access public
  * @return void
  */
 public function __construct()
 {
     $this->width = 16;
     $this->height = 16;
     $this->salt = serversalt::get();
 }
示例#7
0
 /**
  * traffic limiter
  *
  * Make sure the IP address makes at most 1 request every 10 seconds.
  *
  * @access public
  * @static
  * @throws Exception
  * @return bool
  */
 public static function canPass()
 {
     // disable limits if set to less then 1
     if (self::$_limit < 1) {
         return true;
     }
     $ip = hash_hmac('sha256', self::getIp(), serversalt::get());
     $file = 'traffic_limiter.php';
     if (!self::_exists($file)) {
         self::_store($file, '<?php' . PHP_EOL . '$GLOBALS[\'traffic_limiter\'] = array();' . PHP_EOL);
     }
     $path = self::getPath($file);
     require $path;
     $now = time();
     $tl = $GLOBALS['traffic_limiter'];
     // purge file of expired IPs to keep it small
     foreach ($tl as $key => $time) {
         if ($time + self::$_limit < $now) {
             unset($tl[$key]);
         }
     }
     if (array_key_exists($ip, $tl) && $tl[$ip] + self::$_limit >= $now) {
         $result = false;
     } else {
         $tl[$ip] = time();
         $result = true;
     }
     self::_store($file, '<?php' . PHP_EOL . '$GLOBALS[\'traffic_limiter\'] = ' . var_export($tl, true) . ';' . PHP_EOL);
     return $result;
 }
示例#8
0
 /**
  * Delete an existing paste
  *
  * @access private
  * @param  string $dataid
  * @param  string $deletetoken
  * @return void
  */
 private function _delete($dataid, $deletetoken)
 {
     // Is this a valid paste identifier?
     if (!filter::is_valid_paste_id($dataid)) {
         $this->_error = 'Invalid paste ID.';
         return;
     }
     // Check that paste exists.
     if (!$this->_model()->exists($dataid)) {
         $this->_error = 'Paste does not exist, has expired or has been deleted.';
         return;
     }
     // Make sure token is valid.
     if (filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) {
         $this->_error = 'Wrong deletion token. Paste was not deleted.';
         return;
     }
     // Paste exists and deletion token is valid: Delete the paste.
     $this->_model()->delete($dataid);
     $this->_status = 'Paste was properly deleted.';
 }
示例#9
0
 /**
  * Delete an existing paste
  *
  * @access private
  * @param  string $dataid
  * @param  string $deletetoken
  * @return void
  */
 private function _delete($dataid, $deletetoken)
 {
     // Is this a valid paste identifier?
     if (!filter::is_valid_paste_id($dataid)) {
         $this->_error = 'Invalid paste ID.';
         return;
     }
     // Check that paste exists.
     if (!$this->_model()->exists($dataid)) {
         $this->_error = self::GENERIC_ERROR;
         return;
     }
     // Get the paste itself.
     $paste = $this->_model()->read($dataid);
     // See if paste has expired.
     if (isset($paste->meta->expire_date) && $paste->meta->expire_date < time()) {
         // Delete the paste
         $this->_model()->delete($dataid);
         $this->_error = self::GENERIC_ERROR;
         return;
     }
     if ($deletetoken == 'burnafterreading') {
         if (isset($paste->meta->burnafterreading) && $paste->meta->burnafterreading) {
             // Delete the paste
             $this->_model()->delete($dataid);
             $this->_return_message(0, $dataid);
         } else {
             $this->_return_message(1, 'Paste is not of burn-after-reading type.');
         }
         return;
     }
     // Make sure token is valid.
     serversalt::setPath($this->_conf['traffic']['dir']);
     if (!filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) {
         $this->_error = 'Wrong deletion token. Paste was not deleted.';
         return;
     }
     // Paste exists and deletion token is valid: Delete the paste.
     $this->_model()->delete($dataid);
     $this->_status = 'Paste was properly deleted.';
 }
示例#10
0
 /**
  * set the path
  *
  * @access public
  * @static
  * @param  string $path
  * @return void
  */
 public static function setPath($path)
 {
     self::$_salt = '';
     parent::setPath($path);
 }
示例#11
0
 /**
  * Delete an existing paste
  *
  * @access private
  * @param  string $dataid
  * @param  string $deletetoken
  * @return void
  */
 private function _delete($dataid, $deletetoken)
 {
     try {
         $paste = $this->_model->getPaste($dataid);
         if ($paste->exists()) {
             // accessing this property ensures that the paste would be
             // deleted if it has already expired
             $burnafterreading = $paste->isBurnafterreading();
             if ($deletetoken == 'burnafterreading') {
                 if ($burnafterreading) {
                     $paste->delete();
                     $this->_return_message(0, $dataid);
                 } else {
                     $this->_return_message(1, 'Paste is not of burn-after-reading type.');
                 }
             } else {
                 // Make sure the token is valid.
                 serversalt::setPath($this->_conf->getKey('dir', 'traffic'));
                 if (filter::slow_equals($deletetoken, $paste->getDeleteToken())) {
                     // Paste exists and deletion token is valid: Delete the paste.
                     $paste->delete();
                     $this->_status = 'Paste was properly deleted.';
                 } else {
                     $this->_error = 'Wrong deletion token. Paste was not deleted.';
                 }
             }
         } else {
             $this->_error = self::GENERIC_ERROR;
         }
     } catch (Exception $e) {
         $this->_error = $e->getMessage();
     }
 }
示例#12
0
文件: paste.php 项目: kolobus/ZeroBin 
 /**
  * Generate the "delete" token.
  *
  * The token is the hmac of the pastes ID signed with the server salt.
  * The paste can be deleted by calling:
  * http://example.com/zerobin/?pasteid=<pasteid>&deletetoken=<deletetoken>
  *
  * @access public
  * @return string
  */
 public function getDeleteToken()
 {
     return hash_hmac('sha1', $this->getId(), serversalt::get());
 }
示例#13
0
 /**
  * @expectedException Exception
  * @expectedExceptionCode 10
  */
 public function testPermissionShenanigans()
 {
     // try creating an invalid path
     chmod($this->_invalidPath, 00);
     serversalt::setPath($this->_invalidPath . DIRECTORY_SEPARATOR . 'baz');
     serversalt::get();
 }
示例#14
0
 /**
  * @runInSeparateProcess
  */
 public function testDelete()
 {
     $this->reset();
     $this->_model->create(helper::getPasteId(), helper::getPaste());
     $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
     $_GET['pasteid'] = helper::getPasteId();
     $_GET['deletetoken'] = hash_hmac('sha1', helper::getPasteId(), serversalt::get());
     ob_start();
     new zerobin();
     $content = ob_get_contents();
     $this->assertTag(array('id' => 'status', 'content' => 'Paste was properly deleted'), $content, 'outputs deleted status correctly');
     $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
 }
示例#15
0
 /**
  * @runInSeparateProcess
  */
 public function testDeleteWithPost()
 {
     $this->reset();
     $this->_model->create(helper::getPasteId(), helper::getPaste());
     $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data');
     $_POST = array('action' => 'delete', 'deletetoken' => hash_hmac('sha1', helper::getPasteId(), serversalt::get()));
     $_SERVER['QUERY_STRING'] = helper::getPasteId();
     $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
     $_SERVER['REQUEST_METHOD'] = 'POST';
     ob_start();
     new zerobin();
     $content = ob_get_contents();
     $response = json_decode($content, true);
     $this->assertEquals(0, $response['status'], 'outputs status');
     $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted');
 }