61 lines
1.4 KiB
PHP
61 lines
1.4 KiB
PHP
<?php
|
|
/**
|
|
* @file security.php
|
|
* @date 2018-01-18
|
|
* @author Go Namhyeon <gnh1201@gmail.com>
|
|
* @brief Security module for VSPF
|
|
*/
|
|
|
|
if(!function_exists("check_token_abuse")) {
|
|
function check_token_abuse($_post_token, $_sess_token) {
|
|
$abuse = false;
|
|
|
|
$_check_token = $_post_token . $_sess_token;
|
|
if(empty($_check_token) || $_post_token != $_sess_token) {
|
|
$abuse = true;
|
|
}
|
|
|
|
return $abuse;
|
|
}
|
|
}
|
|
|
|
if(!function_exists("make_random_id")) {
|
|
function make_random_id($length = 10) {
|
|
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
|
$charactersLength = strlen($characters);
|
|
$randomString = '';
|
|
for ($i = 0; $i < $length; $i++) {
|
|
$randomString .= $characters[rand(0, $charactersLength - 1)];
|
|
}
|
|
return $randomString;
|
|
}
|
|
}
|
|
|
|
if(!function_exists("set_session_token")) {
|
|
function set_session_token() {
|
|
$random_id = make_random_id(10);
|
|
$_SESSION['random_id'] = $random_id;
|
|
|
|
return $random_id;
|
|
}
|
|
}
|
|
|
|
if(!function_exists("get_session_token")) {
|
|
function get_session_token() {
|
|
return $_SESSION['random_id'];
|
|
}
|
|
}
|
|
|
|
if(!function_exists("check_token_abuse_by_requests")) {
|
|
function check_token_abuse_by_requests($name, $requests) {
|
|
return check_token_abuse($requests['_POST'][$name], $_SESSION[$name]);
|
|
}
|
|
}
|
|
|
|
if(!function_exists("session_safe_login")) {
|
|
function session_safe_login($user_name) {
|
|
$_SESSION['ss_user_name'] = $user_name;
|
|
$_SESSION['ss_key'] = make_random_id(10);
|
|
}
|
|
}
|