Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Generate secure random strings from the identifier service
Former-commit-id: dc5cd61 Former-commit-id: 5a78c155360aff77f0b0976ca4e7d68d7493a145
- Loading branch information
1 parent
0ae731c
commit b318b8e
Showing
1 changed file
with
78 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,86 +1,109 @@ | ||
<?php | ||
namespace Concrete\Core\Utility\Service; | ||
use Loader; | ||
|
||
use Concrete\Core\Database\Connection\Connection; | ||
use Concrete\Core\Support\Facade\Application; | ||
use Hautelook\Phpass\PasswordHash; | ||
|
||
/** | ||
* @package Helpers | ||
* \@package Helpers | ||
* @subpackage Validation | ||
* | ||
* @author Andrew Embler <andrew@concrete5.org> | ||
* @copyright Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org) | ||
* @license http://www.concrete5.org/license/ MIT License | ||
*/ | ||
|
||
/** | ||
* A helper that allows the creation of unique strings, for use when creating hashes, identifiers. | ||
* @package Helpers | ||
* | ||
* \@package Helpers | ||
* @subpackage Validation | ||
* | ||
* @author Andrew Embler <andrew@concrete5.org> | ||
* @copyright Copyright (c) 2003-2008 Concrete5. (http://www.concrete5.org) | ||
* @license http://www.concrete5.org/license/ MIT License | ||
*/ | ||
class Identifier | ||
{ | ||
|
||
class Identifier { | ||
|
||
private $letters = 'abcefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890'; | ||
|
||
|
||
/** | ||
* Like generate() below, but simply appends an ever increasing number to what you provide | ||
* until it comes back as not found | ||
*/ | ||
public function generateFromBase($string, $table, $key) { | ||
$foundRecord = false; | ||
$db = Loader::db(); | ||
$i = ''; | ||
/** | ||
* Like generate() below, but simply appends an ever increasing number to what you provide | ||
* until it comes back as not found. | ||
*/ | ||
public function generateFromBase($string, $table, $key) | ||
{ | ||
$foundRecord = false; | ||
$db = Application::make(Connection::class); | ||
$i = ''; | ||
$_string = ''; | ||
while ($foundRecord == false) { | ||
$_string = $string . $i; | ||
$cnt = $db->GetOne("select count(" . $key . ") as total from " . $table . " where " . $key . " = ?", array($_string)); | ||
if ($cnt < 1) { | ||
$foundRecord = true; | ||
} else { | ||
if ($i == '') { | ||
$i = 0; | ||
} | ||
$i++; | ||
} | ||
} | ||
return $_string; | ||
} | ||
while ($foundRecord == false) { | ||
$_string = $string . $i; | ||
$cnt = $db->GetOne("select count(" . $key . ") as total from " . $table . " where " . $key . " = ?", | ||
array($_string)); | ||
if ($cnt < 1) { | ||
$foundRecord = true; | ||
} else { | ||
if ($i == '') { | ||
$i = 0; | ||
} | ||
++$i; | ||
} | ||
} | ||
|
||
return $_string; | ||
} | ||
|
||
/** | ||
* Generates a unique identifier for an item in a database table. Used, among other places, in generating | ||
* User hashes for email validation | ||
* User hashes for email validation. | ||
* | ||
* @param string $table | ||
* @param string $key | ||
* @param int $length | ||
* @param bool $lowercase | ||
* | ||
* @return string | ||
*/ | ||
public function generate($table, $key, $length = 12, $lowercase = false) { | ||
$foundHash = false; | ||
$db = Loader::db(); | ||
while ($foundHash == false) { | ||
$string = $this->getString($length); | ||
if ($lowercase) { | ||
$string = strtolower($string); | ||
} | ||
$cnt = $db->GetOne("select count(" . $key . ") as total from " . $table . " where " . $key . " = ?", array($string)); | ||
if ($cnt < 1) { | ||
$foundHash = true; | ||
} | ||
} | ||
return $string; | ||
} | ||
public function generate($table, $key, $length = 12, $lowercase = false) | ||
{ | ||
$foundHash = false; | ||
$db = Application::make(Connection::class); | ||
while ($foundHash == false) { | ||
$string = $this->getString($length); | ||
if ($lowercase) { | ||
$string = strtolower($string); | ||
} | ||
$cnt = $db->GetOne("select count(" . $key . ") as total from " . $table . " where " . $key . " = ?", | ||
array($string)); | ||
if ($cnt < 1) { | ||
$foundHash = true; | ||
} | ||
} | ||
|
||
return $string; | ||
} | ||
|
||
public function getString($length = 12) { | ||
$str = str_repeat($this->letters, 10); | ||
$hash = substr(str_shuffle($str), 0, $length); | ||
return $hash; | ||
} | ||
/** | ||
* Generate a cryptographically secure random string | ||
* @param int $length | ||
* @return string | ||
*/ | ||
public function getString($length = 12) | ||
{ | ||
if (function_exists('random_bytes')) { | ||
$bytes = random_bytes($length / 2); | ||
} else { | ||
$hash = new PasswordHash(8, false); | ||
$bytes = $hash->get_random_bytes($length / 2); | ||
} | ||
|
||
public function deleteKey($table, $keyCol, $uHash){ | ||
$db = Loader::db(); | ||
$db->Execute("DELETE FROM ".$table." WHERE ".$keyCol."=?", array($uHash) ); | ||
} | ||
return bin2hex($bytes); | ||
} | ||
|
||
public function deleteKey($table, $keyCol, $uHash) | ||
{ | ||
$db = Application::make(Connection::class); | ||
$db->Execute("DELETE FROM " . $table . " WHERE " . $keyCol . "=?", array($uHash)); | ||
} | ||
} |