gnh1201/reasonableframework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update security.php

Browse Source
This commit is contained in:
Namhyeon Go 2018-05-27 01:51:17 +09:00 committed by GitHub
parent f097642beb
commit 881cf3686b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
system/security.php
View File

@ -21,7 +21,7 @@ if(!function_exists("check_token_abuse")) {
if(!function_exists("make_random_id")) { if(!function_exists("make_random_id")) {
function make_random_id($length = 10) { function make_random_id($length = 10) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$charactersLength = strlen($characters); $charactersLength = strlen($characters);
$randomString = ''; $randomString = '';
for ($i = 0; $i < $length; $i++) { for ($i = 0; $i < $length; $i++) {
@ -85,17 +85,10 @@ if(!function_exists("check_login_session")) {
$flag = false; $flag = false;
$session_name = get_password($ss_key); $session_name = get_password($ss_key);
$session_file = $config['session_dir'] . '/' . protect_dir_path($session_name); $session_stored_name = read_storage_file($session_name, array(
$session_stored_key = ""; "storage_type" => get_value_in_array("session_dir", $config, "session"),
));
if(file_exists($session_file)) { $flag = !check_token_abuse($session_stored_name, $session_name);
$fh = fopen($session_file, 'r');
if($session_stored_key = fread($fh, filesize($session_file))) {
if(!check_token_abuse($session_stored_key, $session_name)) {
$flag = true;
}
}
}
return $flag; return $flag;
} }
@ -106,14 +99,14 @@ if(!function_exists("store_login_session")) {
$flag = false; $flag = false;
$session_name = get_password($ss_key); $session_name = get_password($ss_key);
$session_file = $config['session_dir'] . '/' . protect_dir_path($session_name); $fw = write_storage_file($session_name, array(
"filename" => $session_name,
"storage_type" => get_value_in_array("session_dir", $config, "session"),
"chmod" => 0777,
));
$fh = fopen($session_file, 'w'); if($fw) {
if($fh !== false) { $flag = check_login_session($ss_key, $config);
if(fwrite($fh, $session_name)) {
$flag = check_login_session($ss_key, $config);
}
@chmod($session_file, 0777);
} }
return $flag; return $flag;
@ -126,7 +119,7 @@ if(!function_exists("process_safe_login")) {
$flag = false; $flag = false;
$ss_key = get_session("ss_key"); $ss_key = get_session("ss_key");
$user_id = 0; $user_id = 0;
$stored_password = ""; $stored_password = "";
if(!array_key_empty("user_id", $user_profile)) { if(!array_key_empty("user_id", $user_profile)) {
@ -155,18 +148,24 @@ if(!function_exists("process_safe_login")) {
} }
if(!function_exists("check_empty_requests")) { if(!function_exists("check_empty_requests")) {
function check_empty_requests($no_empty_fields, $method_get=true) { function check_empty_requests($fieldnames, $method="get") {
$requests = get_requests(); $requests = get_requests();
$errors = array(); $errors = array();
$check_data = $method_get ? $requests['_GET'] : $requests['_POST'];
foreach($no_empty_fields as $fieldname) { if(is_bool($method)) {
if(array_key_empty($fieldname, $check_data)) { $method = $method ? "get" : "post";
$errors[] = array( }
"fieldname" => $fieldname,
"message" => "{$fieldname}: can not empty." if(array_key_exists($method, $requests)) {
); $data = $requests[$method];
foreach($fieldnames as $fieldname) {
if(array_key_empty($fieldname, $data)) {
$errors[] = array(
"fieldname" => $fieldname,
"message" => "{$fieldname}: can not empty."
);
}
} }
} }