ossn.lib.securitytoken.php
Go to the documentation of this file.
1 <?php
2 /**
3  * Open Source Social Network
4  *
5  * @package (Informatikon.com).ossn
6  * @author OSSN Core Team <[email protected]>
7  * @copyright 2014 iNFORMATIKON TECHNOLOGIES
8  * @license General Public Licence http://www.opensource-socialnetwork.org/licence
9  * @link http://www.opensource-socialnetwork.org/licence
10  */
11 /**
12  * Generate token using timestamp
13  *
14  * @param array $timestamp current timestamp
15  * @return string
16  */
17 function ossn_generate_action_token($timestamp){
18  if(!isset($timestamp) && empty($timestamp)){
19  $timestamp = time();
20  }
21  $site_screat = ossn_site_settings('site_key');
22  $session_id = session_id();
23  return md5($timestamp . $site_screat . $session_id);
24 }
25 /**
26  * Build url from parts
27  *
28  * @param array $parts Url parts
29  * @return string
30  */
31 function ossn_build_token_url($parts){
32  $scheme = isset($parts['scheme']) ? "{$parts['scheme']}://" : '';
33  $host = isset($parts['host']) ? "{$parts['host']}" : '';
34  $port = isset($parts['port']) ? ":{$parts['port']}" : '';
35  $path = isset($parts['path']) ? "{$parts['path']}" : '';
36  $query = isset($parts['query']) ? "?{$parts['query']}" : '';
37 
38  $string = $scheme . $host . $port . $path . $query;
39  return $string;
40 }
41 /**
42  * Add action tokens to url
43  *
44  * @param string $url Full complete url
45  *
46  * @return string
47  */
48 function ossn_add_tokens_to_url($url){
49  $params = parse_url($url);
50 
51  $query = array();
52  if(isset($params['query'])){
53  parse_str($params['query'], $query);
54  }
55  $tokens['ossn_ts'] = time();
56  $tokens['ossn_token'] = ossn_generate_action_token($tokens['ossn_ts']);
57  $tokens = array_merge($query, $tokens);
58 
59  $query = http_build_query($tokens);
60 
61  $params['query'] = $query;
62  return ossn_build_token_url($params);
63 }
64 /**
65  * Validate given tokens
66  *
67  * @return (bool)
68  */
70  $ossnts = input('ossn_ts');
71  $ossntoken = input('ossn_token');
72  if(empty($ossnts) || empty($ossntoken)){
73  return false;
74  }
75  $generate = ossn_generate_action_token($ossnts);
76  if($ossntoken == $generate){
77  return true;
78  }
79  return false;
80 }
81 /**
82  * Validate an action token on requested action.
83  *
84  * Calls to actions will automatically validate tokens. If token is invalid
85  * the action stops and user will be redirected with warning of invalid token.
86  *
87  * @param string $callback Name of callback
88  * @param string $type Type of callback
89  * @param array $params
90  *
91  * @access private
92  * @return void
93  */
94 function ossn_action_validate_callback($callback, $type, $params){
95  $action = $params['action'];
96  $bypass = array();
97  $bypass = ossn_call_hook('action', 'validate:bypass', null, $bypass);
98 
99  //validate post request also
101 
102  if(!in_array($action, $bypass)){
103  if(!ossn_validate_actions()){
104  if(ossn_is_xhr()){
105  header("HTTP/1.0 404 Not Found");
106  exit;
107  } else {
108  ossn_trigger_message(ossn_print('ossn:securitytoken:failed'), 'error');
109  redirect(REF);
110  }
111  }
112  }
113 
114 }
115 ossn_register_callback('action', 'load', 'ossn_action_validate_callback');