public function setUp() { /* Setup Routine */ $this->_model = zerobin_db::getInstance($this->_options); serversalt::setPath(PATH . 'data'); $this->reset(); }
public function setUp() { /* Setup Routine */ $this->_path = PATH . 'data'; if (!is_dir($this->_path)) { mkdir($this->_path); } $this->_file = $this->_path . DIRECTORY_SEPARATOR . 'vizhash.png'; serversalt::setPath($this->_path); }
/** * get server salt * * @access public * @static * @return string */ public static function get() { if (strlen(self::$_salt)) { return self::$_salt; } $file = 'salt.php'; if (!self::_exists($file)) { self::_store($file, '<?php /* |' . self::generate() . '| */ ?>'); } $items = explode('|', file_get_contents(self::getPath($file))); self::$_salt = $items[1]; return $items[1]; }
/** * Store the paste's data. * * @access public * @throws Exception * @return void */ public function store() { // Check for improbable collision. if ($this->exists()) { throw new Exception('You are unlucky. Try again.', 75); } $this->_data->meta->postdate = time(); $this->_data->meta->salt = serversalt::generate(); // store paste if ($this->_store->create($this->getId(), json_decode(json_encode($this->_data), true)) === false) { throw new Exception('Error saving paste. Sorry.', 76); } }
public function testVizhashGeneratesUniquePngsPerIp() { $vz = new vizhash16x16(); $pngdata = $vz->generate('127.0.0.1'); file_put_contents($this->_file, $pngdata); $finfo = new finfo(FILEINFO_MIME_TYPE); $this->assertEquals('image/png', $finfo->file($this->_file)); $this->assertNotEquals($pngdata, $vz->generate('2001:1620:2057:dead:beef::cafe:babe')); $this->assertEquals($pngdata, $vz->generate('127.0.0.1')); // generating new salt $salt = serversalt::get(); require 'mcrypt_mock.php'; $this->assertNotEquals($salt, serversalt::generate()); }
/** * constructor * * @access public * @return void */ public function __construct() { $this->width = 16; $this->height = 16; $this->salt = serversalt::get(); }
/** * traffic limiter * * Make sure the IP address makes at most 1 request every 10 seconds. * * @access public * @static * @throws Exception * @return bool */ public static function canPass() { // disable limits if set to less then 1 if (self::$_limit < 1) { return true; } $ip = hash_hmac('sha256', self::getIp(), serversalt::get()); $file = 'traffic_limiter.php'; if (!self::_exists($file)) { self::_store($file, '<?php' . PHP_EOL . '$GLOBALS[\'traffic_limiter\'] = array();' . PHP_EOL); } $path = self::getPath($file); require $path; $now = time(); $tl = $GLOBALS['traffic_limiter']; // purge file of expired IPs to keep it small foreach ($tl as $key => $time) { if ($time + self::$_limit < $now) { unset($tl[$key]); } } if (array_key_exists($ip, $tl) && $tl[$ip] + self::$_limit >= $now) { $result = false; } else { $tl[$ip] = time(); $result = true; } self::_store($file, '<?php' . PHP_EOL . '$GLOBALS[\'traffic_limiter\'] = ' . var_export($tl, true) . ';' . PHP_EOL); return $result; }
/** * Delete an existing paste * * @access private * @param string $dataid * @param string $deletetoken * @return void */ private function _delete($dataid, $deletetoken) { // Is this a valid paste identifier? if (!filter::is_valid_paste_id($dataid)) { $this->_error = 'Invalid paste ID.'; return; } // Check that paste exists. if (!$this->_model()->exists($dataid)) { $this->_error = 'Paste does not exist, has expired or has been deleted.'; return; } // Make sure token is valid. if (filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) { $this->_error = 'Wrong deletion token. Paste was not deleted.'; return; } // Paste exists and deletion token is valid: Delete the paste. $this->_model()->delete($dataid); $this->_status = 'Paste was properly deleted.'; }
/** * Delete an existing paste * * @access private * @param string $dataid * @param string $deletetoken * @return void */ private function _delete($dataid, $deletetoken) { // Is this a valid paste identifier? if (!filter::is_valid_paste_id($dataid)) { $this->_error = 'Invalid paste ID.'; return; } // Check that paste exists. if (!$this->_model()->exists($dataid)) { $this->_error = self::GENERIC_ERROR; return; } // Get the paste itself. $paste = $this->_model()->read($dataid); // See if paste has expired. if (isset($paste->meta->expire_date) && $paste->meta->expire_date < time()) { // Delete the paste $this->_model()->delete($dataid); $this->_error = self::GENERIC_ERROR; return; } if ($deletetoken == 'burnafterreading') { if (isset($paste->meta->burnafterreading) && $paste->meta->burnafterreading) { // Delete the paste $this->_model()->delete($dataid); $this->_return_message(0, $dataid); } else { $this->_return_message(1, 'Paste is not of burn-after-reading type.'); } return; } // Make sure token is valid. serversalt::setPath($this->_conf['traffic']['dir']); if (!filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) { $this->_error = 'Wrong deletion token. Paste was not deleted.'; return; } // Paste exists and deletion token is valid: Delete the paste. $this->_model()->delete($dataid); $this->_status = 'Paste was properly deleted.'; }
/** * set the path * * @access public * @static * @param string $path * @return void */ public static function setPath($path) { self::$_salt = ''; parent::setPath($path); }
/** * Delete an existing paste * * @access private * @param string $dataid * @param string $deletetoken * @return void */ private function _delete($dataid, $deletetoken) { try { $paste = $this->_model->getPaste($dataid); if ($paste->exists()) { // accessing this property ensures that the paste would be // deleted if it has already expired $burnafterreading = $paste->isBurnafterreading(); if ($deletetoken == 'burnafterreading') { if ($burnafterreading) { $paste->delete(); $this->_return_message(0, $dataid); } else { $this->_return_message(1, 'Paste is not of burn-after-reading type.'); } } else { // Make sure the token is valid. serversalt::setPath($this->_conf->getKey('dir', 'traffic')); if (filter::slow_equals($deletetoken, $paste->getDeleteToken())) { // Paste exists and deletion token is valid: Delete the paste. $paste->delete(); $this->_status = 'Paste was properly deleted.'; } else { $this->_error = 'Wrong deletion token. Paste was not deleted.'; } } } else { $this->_error = self::GENERIC_ERROR; } } catch (Exception $e) { $this->_error = $e->getMessage(); } }
/** * Generate the "delete" token. * * The token is the hmac of the pastes ID signed with the server salt. * The paste can be deleted by calling: * http://example.com/zerobin/?pasteid=<pasteid>&deletetoken=<deletetoken> * * @access public * @return string */ public function getDeleteToken() { return hash_hmac('sha1', $this->getId(), serversalt::get()); }
/** * @expectedException Exception * @expectedExceptionCode 10 */ public function testPermissionShenanigans() { // try creating an invalid path chmod($this->_invalidPath, 00); serversalt::setPath($this->_invalidPath . DIRECTORY_SEPARATOR . 'baz'); serversalt::get(); }
/** * @runInSeparateProcess */ public function testDelete() { $this->reset(); $this->_model->create(helper::getPasteId(), helper::getPaste()); $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data'); $_GET['pasteid'] = helper::getPasteId(); $_GET['deletetoken'] = hash_hmac('sha1', helper::getPasteId(), serversalt::get()); ob_start(); new zerobin(); $content = ob_get_contents(); $this->assertTag(array('id' => 'status', 'content' => 'Paste was properly deleted'), $content, 'outputs deleted status correctly'); $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted'); }
/** * @runInSeparateProcess */ public function testDeleteWithPost() { $this->reset(); $this->_model->create(helper::getPasteId(), helper::getPaste()); $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data'); $_POST = array('action' => 'delete', 'deletetoken' => hash_hmac('sha1', helper::getPasteId(), serversalt::get())); $_SERVER['QUERY_STRING'] = helper::getPasteId(); $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['REQUEST_METHOD'] = 'POST'; ob_start(); new zerobin(); $content = ob_get_contents(); $response = json_decode($content, true); $this->assertEquals(0, $response['status'], 'outputs status'); $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted'); }