public function testVizhashGeneratesUniquePngsPerIp() { $vz = new vizhash16x16(); $pngdata = $vz->generate('127.0.0.1'); file_put_contents($this->_file, $pngdata); $finfo = new finfo(FILEINFO_MIME_TYPE); $this->assertEquals('image/png', $finfo->file($this->_file)); $this->assertNotEquals($pngdata, $vz->generate('2001:1620:2057:dead:beef::cafe:babe')); $this->assertEquals($pngdata, $vz->generate('127.0.0.1')); // generating new salt $salt = serversalt::get(); require 'mcrypt_mock.php'; $this->assertNotEquals($salt, serversalt::generate()); }
/** * constructor * * @access public * @return void */ public function __construct() { $this->width = 16; $this->height = 16; $this->salt = serversalt::get(); }
/** * traffic limiter * * Make sure the IP address makes at most 1 request every 10 seconds. * * @access public * @static * @throws Exception * @return bool */ public static function canPass() { // disable limits if set to less then 1 if (self::$_limit < 1) { return true; } $ip = hash_hmac('sha256', self::getIp(), serversalt::get()); $file = 'traffic_limiter.php'; if (!self::_exists($file)) { self::_store($file, '<?php' . PHP_EOL . '$GLOBALS[\'traffic_limiter\'] = array();' . PHP_EOL); } $path = self::getPath($file); require $path; $now = time(); $tl = $GLOBALS['traffic_limiter']; // purge file of expired IPs to keep it small foreach ($tl as $key => $time) { if ($time + self::$_limit < $now) { unset($tl[$key]); } } if (array_key_exists($ip, $tl) && $tl[$ip] + self::$_limit >= $now) { $result = false; } else { $tl[$ip] = time(); $result = true; } self::_store($file, '<?php' . PHP_EOL . '$GLOBALS[\'traffic_limiter\'] = ' . var_export($tl, true) . ';' . PHP_EOL); return $result; }
/** * Delete an existing paste * * @access private * @param string $dataid * @param string $deletetoken * @return void */ private function _delete($dataid, $deletetoken) { // Is this a valid paste identifier? if (!filter::is_valid_paste_id($dataid)) { $this->_error = 'Invalid paste ID.'; return; } // Check that paste exists. if (!$this->_model()->exists($dataid)) { $this->_error = 'Paste does not exist, has expired or has been deleted.'; return; } // Make sure token is valid. if (filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) { $this->_error = 'Wrong deletion token. Paste was not deleted.'; return; } // Paste exists and deletion token is valid: Delete the paste. $this->_model()->delete($dataid); $this->_status = 'Paste was properly deleted.'; }
/** * Delete an existing paste * * @access private * @param string $dataid * @param string $deletetoken * @return void */ private function _delete($dataid, $deletetoken) { // Is this a valid paste identifier? if (!filter::is_valid_paste_id($dataid)) { $this->_error = 'Invalid paste ID.'; return; } // Check that paste exists. if (!$this->_model()->exists($dataid)) { $this->_error = self::GENERIC_ERROR; return; } // Get the paste itself. $paste = $this->_model()->read($dataid); // See if paste has expired. if (isset($paste->meta->expire_date) && $paste->meta->expire_date < time()) { // Delete the paste $this->_model()->delete($dataid); $this->_error = self::GENERIC_ERROR; return; } if ($deletetoken == 'burnafterreading') { if (isset($paste->meta->burnafterreading) && $paste->meta->burnafterreading) { // Delete the paste $this->_model()->delete($dataid); $this->_return_message(0, $dataid); } else { $this->_return_message(1, 'Paste is not of burn-after-reading type.'); } return; } // Make sure token is valid. serversalt::setPath($this->_conf['traffic']['dir']); if (!filter::slow_equals($deletetoken, hash_hmac('sha1', $dataid, serversalt::get()))) { $this->_error = 'Wrong deletion token. Paste was not deleted.'; return; } // Paste exists and deletion token is valid: Delete the paste. $this->_model()->delete($dataid); $this->_status = 'Paste was properly deleted.'; }
/** * Generate the "delete" token. * * The token is the hmac of the pastes ID signed with the server salt. * The paste can be deleted by calling: * http://example.com/zerobin/?pasteid=<pasteid>&deletetoken=<deletetoken> * * @access public * @return string */ public function getDeleteToken() { return hash_hmac('sha1', $this->getId(), serversalt::get()); }
/** * @expectedException Exception * @expectedExceptionCode 10 */ public function testPermissionShenanigans() { // try creating an invalid path chmod($this->_invalidPath, 00); serversalt::setPath($this->_invalidPath . DIRECTORY_SEPARATOR . 'baz'); serversalt::get(); }
/** * @runInSeparateProcess */ public function testDelete() { $this->reset(); $this->_model->create(helper::getPasteId(), helper::getPaste()); $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data'); $_GET['pasteid'] = helper::getPasteId(); $_GET['deletetoken'] = hash_hmac('sha1', helper::getPasteId(), serversalt::get()); ob_start(); new zerobin(); $content = ob_get_contents(); $this->assertTag(array('id' => 'status', 'content' => 'Paste was properly deleted'), $content, 'outputs deleted status correctly'); $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted'); }
/** * @runInSeparateProcess */ public function testDeleteWithPost() { $this->reset(); $this->_model->create(helper::getPasteId(), helper::getPaste()); $this->assertTrue($this->_model->exists(helper::getPasteId()), 'paste exists before deleting data'); $_POST = array('action' => 'delete', 'deletetoken' => hash_hmac('sha1', helper::getPasteId(), serversalt::get())); $_SERVER['QUERY_STRING'] = helper::getPasteId(); $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest'; $_SERVER['REQUEST_METHOD'] = 'POST'; ob_start(); new zerobin(); $content = ob_get_contents(); $response = json_decode($content, true); $this->assertEquals(0, $response['status'], 'outputs status'); $this->assertFalse($this->_model->exists(helper::getPasteId()), 'paste successfully deleted'); }