1929addec6cc6ec5788a314150e3bc3d2f1ce38f
[Packages/TYPO3.CMS.git] / typo3 / sysext / rsaauth / Classes / Storage / SplitStorage.php
1 <?php
2 namespace TYPO3\CMS\Rsaauth\Storage;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Database\DatabaseConnection;
18 use TYPO3\CMS\Core\Utility\MathUtility;
19
20 /**
21 * This class contains a "split" storage for the data. It keeps part of the data
22 * in the database, part in the session.
23 */
24 class SplitStorage extends AbstractStorage
25 {
26 /**
27 * @var DatabaseConnection;
28 */
29 protected $databaseConnection;
30
31 /**
32 * Creates an instance of this class. It checks and initializes PHP
33 * sessions if necessary.
34 *
35 * @param DatabaseConnection $databaseConnection A database connection may be injected here
36 */
37 public function __construct(DatabaseConnection $databaseConnection = null)
38 {
39 if (session_id() === '') {
40 session_start();
41 }
42 $this->databaseConnection = $databaseConnection ?: $GLOBALS['TYPO3_DB'];
43 }
44
45 /**
46 * Obtains a key from the database
47 *
48 * @return string The key or NULL
49 * @see \TYPO3\CMS\Rsaauth\Storage\AbstractStorage::get()
50 */
51 public function get()
52 {
53 $result = null;
54 list($keyId, $keyPart1) = $_SESSION['tx_rsaauth_key'];
55 if (MathUtility::canBeInterpretedAsInteger($keyId)) {
56 // Remove expired keys (more than 30 minutes old)
57 $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'crdate<' . ($GLOBALS['EXEC_TIME'] - 30 * 60));
58 // Get our value
59 $row = $this->databaseConnection->exec_SELECTgetSingleRow('key_value', 'tx_rsaauth_keys', 'uid=' . $keyId);
60 if (is_array($row)) {
61 $result = $keyPart1 . $row['key_value'];
62 }
63 }
64 return $result;
65 }
66
67 /**
68 * Adds a key to the storage or removes existing key
69 *
70 * @param string $key The key
71 * @return void
72 * @see \TYPO3\CMS\Rsaauth\Storage\AbstractStorage::put()
73 */
74 public function put($key)
75 {
76 if ($key == null) {
77 // Remove existing key
78 list($keyId) = $_SESSION['tx_rsaauth_key'];
79 if (MathUtility::canBeInterpretedAsInteger($keyId)) {
80 $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'uid=' . $keyId);
81 unset($_SESSION['tx_rsaauth_key']);
82 }
83 } else {
84 // Add key
85 // Get split point. First part is always smaller than the second
86 // because it goes to the file system
87 $keyLength = strlen($key);
88 $splitPoint = rand((int)($keyLength / 10), (int)($keyLength / 2));
89 // Get key parts
90 $keyPart1 = substr($key, 0, $splitPoint);
91 $keyPart2 = substr($key, $splitPoint);
92 // Store part of the key in the database
93 //
94 // Notice: we may not use TCEmain below to insert key part into the
95 // table because TCEmain requires a valid BE user!
96 $time = $GLOBALS['EXEC_TIME'];
97 $this->databaseConnection->exec_INSERTquery('tx_rsaauth_keys', array(
98 'pid' => 0,
99 'crdate' => $time,
100 'key_value' => $keyPart2
101 ));
102 $keyId = $this->databaseConnection->sql_insert_id();
103 // Store another part in session
104 $_SESSION['tx_rsaauth_key'] = array($keyId, $keyPart1);
105 }
106 // Remove expired keys (more than 30 minutes old)
107 $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'crdate<' . ($GLOBALS['EXEC_TIME'] - 30 * 60));
108 }
109 }