Skip to content

Fix returnedPHP(PHP0408) #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix returnedPHP(PHP0408) #9

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b920fb9
Update php-csrf.php
NaysKutzu Oct 14, 2023
9c79dc2
Update php-csrf.php
NaysKutzu Oct 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 51 additions & 33 deletions php-csrf.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
*
* MIT License
*
* Copyright (c) 2023 Grammatopoulos Athanasios-Vasileios
* Copyright (c) 2019-2023 Grammatopoulos Athanasios-Vasileios NaysKutzu
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
Expand Down Expand Up @@ -43,7 +43,9 @@
* // You can use as a group name the form name
* echo $csrf_tokens->input(<name of the group>);
*/
class CSRF {

class CSRF
{

private $name;
private $hashes;
Expand All @@ -58,7 +60,8 @@ class CSRF {
* @param integer $hashTime2Live Default seconds hash before expiration
* @param integer $hashSize Default hash size in chars
*/
function __construct ($session_name='csrf-lib', $input_name='key-awesome', $hashTime2Live=0, $hashSize=64) {
function __construct($session_name = 'csrf-lib', $input_name = 'key-awesome', $hashTime2Live = 0, $hashSize = 64)
{
// Session mods
$this->name = $session_name;
// Form input name
Expand All @@ -78,9 +81,11 @@ function __construct ($session_name='csrf-lib', $input_name='key-awesome', $hash
* @param integer $max_hashes Clear old context hashes if more than this number
* @return CSRF_Hash
*/
private function generateHash ($context='', $time2Live=-1, $max_hashes=5) {
private function generateHash($context = '', $time2Live = -1, $max_hashes = 5)
{
// If no time2live (or invalid) use default
if ($time2Live < 0) $time2Live = $this->hashTime2Live;
if ($time2Live < 0)
$time2Live = $this->hashTime2Live;
// Generate new hash
$hash = new CSRF_Hash($context, $time2Live, $this->hashSize);
// Save it
Expand All @@ -99,7 +104,8 @@ private function generateHash ($context='', $time2Live=-1, $max_hashes=5) {
* @param integer $max_hashes max hashes to get
* @return array array of hashes as strings
*/
public function getHashes ($context='', $max_hashes=-1) {
public function getHashes($context = '', $max_hashes = -1)
{
$len = count($this->hashes);
$hashes = array();
// Check in the hash list
Expand All @@ -118,7 +124,8 @@ public function getHashes ($context='', $max_hashes=-1) {
* @param integer $max_hashes ignore first x hashes
* @return integer number of deleted hashes
*/
public function clearHashes ($context='', $max_hashes=0) {
public function clearHashes($context = '', $max_hashes = 0)
{
$ignore = $max_hashes;
$deleted = 0;
// Check in the hash list
Expand All @@ -141,9 +148,10 @@ public function clearHashes ($context='', $max_hashes=0) {
* @param integer $max_hashes Clear old context hashes if more than this number
* @return integer html input element code as a string
*/
public function input ($context='', $time2Live=-1, $max_hashes=5) {
public function input($context = '', $time2Live = -1, $max_hashes = 5): string
{
// Generate hash
$hash = $this->generateHash ($context, $time2Live, $max_hashes);
$hash = $this->generateHash($context, $time2Live, $max_hashes);
// Generate html input string
return '<input type="hidden" name="' . htmlspecialchars($this->inputName) . '" id="' . htmlspecialchars($this->inputName) . '" value="' . htmlspecialchars($hash->get()) . '"/>';
}
Expand All @@ -156,9 +164,10 @@ public function input ($context='', $time2Live=-1, $max_hashes=5) {
* @param integer $max_hashes Clear old context hashes if more than this number
* @return integer html script element code as a string
*/
public function script ($context='', $name='', $declaration='var', $time2Live=-1, $max_hashes=5) {
public function script($context = '', $name = '', $declaration = 'var', $time2Live = -1, $max_hashes = 5): string
{
// Generate hash
$hash = $this->generateHash ($context, $time2Live, $max_hashes);
$hash = $this->generateHash($context, $time2Live, $max_hashes);
// Variable name
if (strlen($name) === 0) {
$name = $this->inputName;
Expand All @@ -175,9 +184,10 @@ public function script ($context='', $name='', $declaration='var', $time2Live=-1
* @param integer $max_hashes Clear old context hashes if more than this number
* @return integer html script element code as a string
*/
public function javascript ($context='', $name='', $declaration='var', $time2Live=-1, $max_hashes=5) {
public function javascript($context = '', $name = '', $declaration = 'var', $time2Live = -1, $max_hashes = 5): string
{
// Generate hash
$hash = $this->generateHash ($context, $time2Live, $max_hashes);
$hash = $this->generateHash($context, $time2Live, $max_hashes);
// Variable name
if (strlen($name) === 0) {
$name = $this->inputName;
Expand All @@ -193,9 +203,10 @@ public function javascript ($context='', $name='', $declaration='var', $time2Liv
* @param integer $max_hashes Clear old context hashes if more than this number
* @return integer hash as a string
*/
public function string ($context='', $time2Live=-1, $max_hashes=5) {
public function string($context = '', $time2Live = -1, $max_hashes = 5): string
{
// Generate hash
$hash = $this->generateHash ($context, $time2Live, $max_hashes);
$hash = $this->generateHash($context, $time2Live, $max_hashes);
// Generate html input string
return $hash->get();
}
Expand All @@ -205,16 +216,15 @@ public function string ($context='', $time2Live=-1, $max_hashes=5) {
* @param string $context Name of the form
* @return boolean Valid or not
*/
public function validate ($context='', $hash = null) {
public function validate($context = '', $hash = null)
{
// If hash was not given, find hash
if (is_null($hash)) {
if (isset($_POST[$this->inputName])) {
$hash = $_POST[$this->inputName];
}
else if (isset($_GET[$this->inputName])) {
} else if (isset($_GET[$this->inputName])) {
$hash = $_GET[$this->inputName];
}
else {
} else {
return false;
}
}
Expand All @@ -233,7 +243,8 @@ public function validate ($context='', $hash = null) {
/**
* Load hash list
*/
private function _load () {
private function _load()
{
$this->hashes = array();
// If there are hashes on the session
if (isset($_SESSION[$this->name])) {
Expand All @@ -256,12 +267,14 @@ private function _load () {
/**
* Save hash list
*/
private function _save () {
private function _save()
{
$_SESSION[$this->name] = serialize($this->hashes);
}
}

class CSRF_Hash {
class CSRF_Hash
{

private $hash;
private $context;
Expand All @@ -272,7 +285,8 @@ class CSRF_Hash {
* @param string $context [description]
* @param integer $time2Live Number of seconds before expiration
*/
function __construct($context, $time2Live=0, $hashSize=64) {
function __construct($context, $time2Live = 0, $hashSize = 64)
{
// Save context name
$this->context = $context;

Expand All @@ -282,8 +296,7 @@ function __construct($context, $time2Live=0, $hashSize=64) {
// Set expiration time
if ($time2Live > 0) {
$this->expire = time() + $time2Live;
}
else {
} else {
$this->expire = 0;
}
}
Expand All @@ -293,15 +306,17 @@ function __construct($context, $time2Live=0, $hashSize=64) {
* @param int $n Size in bytes
* @return string The generated hash
*/
private function _generateHash ($n) {
return bin2hex(openssl_random_pseudo_bytes($n/2));
private function _generateHash($n)
{
return bin2hex(openssl_random_pseudo_bytes($n / 2));
}

/**
* Check if hash has expired
* @return boolean
*/
public function hasExpire () {
public function hasExpire()
{
if ($this->expire === 0 || $this->expire > time()) {
return false;
}
Expand All @@ -312,8 +327,9 @@ public function hasExpire () {
* Verify hash
* @return boolean
*/
public function verify ($hash, $context='') {
if (strcmp($context, $this->context) === 0 && !$this->hasExpire() && hash_equals($hash, $this->hash)) {
public function verify($hash, $context = '')
{
if (strcmp($context, $this->context) === 0 && !$this->hasExpire() && strcmp($hash, $this->hash) === 0) {
return true;
}
return false;
Expand All @@ -323,7 +339,8 @@ public function verify ($hash, $context='') {
* Check Context
* @return boolean
*/
public function inContext ($context='') {
public function inContext($context = '')
{
if (strcmp($context, $this->context) === 0) {
return true;
}
Expand All @@ -334,7 +351,8 @@ public function inContext ($context='') {
* Get hash
* @return string
*/
public function get () {
public function get()
{
return $this->hash;
}
}