05e50649eba9b971e9abfde2d1b9b055e000226e
[Packages/TYPO3.CMS.git] / typo3 / sysext / rsaauth / sv1 / storage / class.tx_rsaauth_split_storage.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2009-2011 Dmitry Dulepov <dmitry@typo3.org>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25
26 /**
27 * This class contains a "split" storage for the data. It keeps part of the data
28 * in the database, part in the database.
29 *
30 * @author Dmitry Dulepov <dmitry@typo3.org>
31 * @package TYPO3
32 * @subpackage tx_rsaauth
33 */
34 class tx_rsaauth_split_storage extends tx_rsaauth_abstract_storage {
35
36 /**
37 * Creates an instance of this class. It checks and initializes PHP
38 * sessions if necessary.
39 *
40 * @return void
41 */
42 public function __construct() {
43 if (session_id() === '') {
44 session_start();
45 }
46 }
47
48 /**
49 * Obtains a key from the database
50 *
51 * @return string The key or NULL
52 * @see tx_rsaauth_abstract_storage::get()
53 */
54 public function get() {
55 $result = NULL;
56
57 list($keyId, $keyPart1) = $_SESSION['tx_rsaauth_key'];
58 if (t3lib_utility_Math::canBeInterpretedAsInteger($keyId)) {
59
60 // Remove expired keys (more than 30 minutes old)
61 $GLOBALS['TYPO3_DB']->exec_DELETEquery('tx_rsaauth_keys',
62 'crdate<' . ($GLOBALS['EXEC_TIME'] - 30 * 60));
63
64 // Get our value
65 $row = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('key_value',
66 'tx_rsaauth_keys', 'uid=' . $keyId);
67 if (is_array($row)) {
68 $result = $keyPart1 . $row['key_value'];
69 }
70 }
71 return $result;
72 }
73
74 /**
75 * Adds a key to the storage or removes existing key
76 *
77 * @param string $key The key
78 * @return void
79 * @see tx_rsaauth_abstract_storage::put()
80 */
81 public function put($key) {
82 if ($key == NULL) {
83 // Remove existing key
84 list($keyId) = $_SESSION['tx_rsaauth_key'];
85
86 if (t3lib_utility_Math::canBeInterpretedAsInteger($keyId)) {
87 $GLOBALS['TYPO3_DB']->exec_DELETEquery('tx_rsaauth_keys',
88 'uid=' . $keyId);
89 unset($_SESSION['tx_rsaauth_key']);
90 }
91 }
92 else {
93 // Add key
94
95 // Get split point. First part is always smaller than the second
96 // because it goes to the file system
97 $keyLength = strlen($key);
98 $splitPoint = rand(intval($keyLength/10), intval($keyLength/2));
99
100 // Get key parts
101 $keyPart1 = substr($key, 0, $splitPoint);
102 $keyPart2 = substr($key, $splitPoint);
103
104 // Store part of the key in the database
105 //
106 // Notice: we may not use TCEmain below to insert key part into the
107 // table because TCEmain requires a valid BE user!
108 $time = $GLOBALS['EXEC_TIME'];
109 $GLOBALS['TYPO3_DB']->exec_INSERTquery('tx_rsaauth_keys', array(
110 'pid' => 0,
111 'crdate' => $time,
112 'key_value' => $keyPart2
113 ));
114 $keyId = $GLOBALS['TYPO3_DB']->sql_insert_id();
115
116 // Store another part in session
117 $_SESSION['tx_rsaauth_key'] = array($keyId, $keyPart1);
118 }
119
120 // Remove expired keys (more than 30 minutes old)
121 $GLOBALS['TYPO3_DB']->exec_DELETEquery('tx_rsaauth_keys',
122 'crdate<' . ($GLOBALS['EXEC_TIME'] - 30 * 60));
123 }
124 }
125 ?>