search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*prechod na novsiu verziu ZF
[sport-group.git] / library / Zend / Form / Element / Hash.php
blobcd617c0100a4f8c92aac42d6131ba18e47aab7d4
1 <?php
2 /**
3 * Zend Framework
4 *
5 * LICENSE
6 *
7 * This source file is subject to the new BSD license that is bundled
8 * with this package in the file LICENSE.txt.
9 * It is also available through the world-wide-web at this URL:
10 * http://framework.zend.com/license/new-bsd
11 * If you did not receive a copy of the license and are unable to
12 * obtain it through the world-wide-web, please send an email
13 * to license@zend.com so we can send you a copy immediately.
14 *
15 * @category Zend
16 * @package Zend_Form
17 * @subpackage Element
18 * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
19 * @license http://framework.zend.com/license/new-bsd New BSD License
20 */
21
22 /** Zend_Form_Element_Xhtml */
23 require_once 'Zend/Form/Element/Xhtml.php';
24
25 /**
26 * CSRF form protection
27 *
28 * @category Zend
29 * @package Zend_Form
30 * @subpackage Element
31 * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com)
32 * @license http://framework.zend.com/license/new-bsd New BSD License
33 * @version $Id: Hash.php 16218 2009-06-21 19:44:04Z thomas $
34 */
35 class Zend_Form_Element_Hash extends Zend_Form_Element_Xhtml
36 {
37 /**
38 * Use formHidden view helper by default
39 * @var string
40 */
41 public $helper = 'formHidden';
42
43 /**
44 * Actual hash used.
45 *
46 * @var mixed
47 */
48 protected $_hash;
49
50 /**
51 * Salt for CSRF token
52 * @var string
53 */
54 protected $_salt = 'salt';
55
56 /**
57 * @var Zend_Session_Namespace
58 */
59 protected $_session;
60
61 /**
62 * TTL for CSRF token
63 * @var int
64 */
65 protected $_timeout = 300;
66
67 /**
68 * Constructor
69 *
70 * Creates session namespace for CSRF token, and adds validator for CSRF
71 * token.
72 *
73 * @param string|array|Zend_Config $spec
74 * @param array|Zend_Config $options
75 * @return void
76 */
77 public function __construct($spec, $options = null)
78 {
79 parent::__construct($spec, $options);
80
81 $this->setAllowEmpty(false)
82 ->setRequired(true)
83 ->initCsrfValidator();
84 }
85
86 /**
87 * Set session object
88 *
89 * @param Zend_Session_Namespace $session
90 * @return Zend_Form_Element_Hash
91 */
92 public function setSession($session)
93 {
94 $this->_session = $session;
95 return $this;
96 }
97
98 /**
99 * Get session object
100 *
101 * Instantiate session object if none currently exists
102 *
103 * @return Zend_Session_Namespace
104 */
105 public function getSession()
106 {
107 if (null === $this->_session) {
108 require_once 'Zend/Session/Namespace.php';
109 $this->_session = new Zend_Session_Namespace($this->getSessionName());
110 }
111 return $this->_session;
112 }
113
114 /**
115 * Initialize CSRF validator
116 *
117 * Creates Session namespace, and initializes CSRF token in session.
118 * Additionally, adds validator for validating CSRF token.
119 *
120 * @return Zend_Form_Element_Hash
121 */
122 public function initCsrfValidator()
123 {
124 $session = $this->getSession();
125 if (isset($session->hash)) {
126 $rightHash = $session->hash;
127 } else {
128 $rightHash = null;
129 }
130
131 $this->addValidator('Identical', true, array($rightHash));
132 return $this;
133 }
134
135 /**
136 * Salt for CSRF token
137 *
138 * @param string $salt
139 * @return Zend_Form_Element_Hash
140 */
141 public function setSalt($salt)
142 {
143 $this->_salt = (string) $salt;
144 return $this;
145 }
146
147 /**
148 * Retrieve salt for CSRF token
149 *
150 * @return string
151 */
152 public function getSalt()
153 {
154 return $this->_salt;
155 }
156
157 /**
158 * Retrieve CSRF token
159 *
160 * If no CSRF token currently exists, generates one.
161 *
162 * @return string
163 */
164 public function getHash()
165 {
166 if (null === $this->_hash) {
167 $this->_generateHash();
168 }
169 return $this->_hash;
170 }
171
172 /**
173 * Get session namespace for CSRF token
174 *
175 * Generates a session namespace based on salt, element name, and class.
176 *
177 * @return string
178 */
179 public function getSessionName()
180 {
181 return __CLASS__ . '_' . $this->getSalt() . '_' . $this->getName();
182 }
183
184 /**
185 * Set timeout for CSRF session token
186 *
187 * @param int $ttl
188 * @return Zend_Form_Element_Hash
189 */
190 public function setTimeout($ttl)
191 {
192 $this->_timeout = (int) $ttl;
193 return $this;
194 }
195
196 /**
197 * Get CSRF session token timeout
198 *
199 * @return int
200 */
201 public function getTimeout()
202 {
203 return $this->_timeout;
204 }
205
206 /**
207 * Override getLabel() to always be empty
208 *
209 * @return null
210 */
211 public function getLabel()
212 {
213 return null;
214 }
215
216 /**
217 * Initialize CSRF token in session
218 *
219 * @return void
220 */
221 public function initCsrfToken()
222 {
223 $session = $this->getSession();
224 $session->setExpirationHops(1, null, true);
225 $session->setExpirationSeconds($this->getTimeout());
226 $session->hash = $this->getHash();
227 }
228
229 /**
230 * Render CSRF token in form
231 *
232 * @param Zend_View_Interface $view
233 * @return string
234 */
235 public function render(Zend_View_Interface $view = null)
236 {
237 $this->initCsrfToken();
238 return parent::render($view);
239 }
240
241 /**
242 * Generate CSRF token
243 *
244 * Generates CSRF token and stores both in {@link $_hash} and element
245 * value.
246 *
247 * @return void
248 */
249 protected function _generateHash()
250 {
251 $this->_hash = md5(
252 mt_rand(1,1000000)
253 . $this->getSalt()
254 . $this->getName()
255 . mt_rand(1,1000000)
256 );
257 $this->setValue($this->_hash);
258 }
259 }
web app to help groups of people to provide some collective sport