fc0055ea19639af6ca2faba0a7250501116850af
[Packages/TYPO3.CMS.git] / typo3 / sysext / rsaauth / Classes / Storage / SplitStorage.php
1 <?php
2 namespace TYPO3\CMS\Rsaauth\Storage;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2009-2013 Dmitry Dulepov <dmitry@typo3.org>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26 /**
27 * This class contains a "split" storage for the data. It keeps part of the data
28 * in the database, part in the database.
29 *
30 * @author Dmitry Dulepov <dmitry@typo3.org>
31 */
32 class SplitStorage extends \TYPO3\CMS\Rsaauth\Storage\AbstractStorage {
33
34 /**
35 * Creates an instance of this class. It checks and initializes PHP
36 * sessions if necessary.
37 */
38 public function __construct() {
39 if (session_id() === '') {
40 session_start();
41 }
42 }
43
44 /**
45 * Obtains a key from the database
46 *
47 * @return string The key or NULL
48 * @see \TYPO3\CMS\Rsaauth\Storage\AbstractStorage::get()
49 */
50 public function get() {
51 $result = NULL;
52 list($keyId, $keyPart1) = $_SESSION['tx_rsaauth_key'];
53 if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($keyId)) {
54 // Remove expired keys (more than 30 minutes old)
55 $GLOBALS['TYPO3_DB']->exec_DELETEquery('tx_rsaauth_keys', 'crdate<' . ($GLOBALS['EXEC_TIME'] - 30 * 60));
56 // Get our value
57 $row = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('key_value', 'tx_rsaauth_keys', 'uid=' . $keyId);
58 if (is_array($row)) {
59 $result = $keyPart1 . $row['key_value'];
60 }
61 }
62 return $result;
63 }
64
65 /**
66 * Adds a key to the storage or removes existing key
67 *
68 * @param string $key The key
69 * @return void
70 * @see \TYPO3\CMS\Rsaauth\Storage\AbstractStorage::put()
71 */
72 public function put($key) {
73 if ($key == NULL) {
74 // Remove existing key
75 list($keyId) = $_SESSION['tx_rsaauth_key'];
76 if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($keyId)) {
77 $GLOBALS['TYPO3_DB']->exec_DELETEquery('tx_rsaauth_keys', 'uid=' . $keyId);
78 unset($_SESSION['tx_rsaauth_key']);
79 }
80 } else {
81 // Add key
82 // Get split point. First part is always smaller than the second
83 // because it goes to the file system
84 $keyLength = strlen($key);
85 $splitPoint = rand((int)($keyLength / 10), (int)($keyLength / 2));
86 // Get key parts
87 $keyPart1 = substr($key, 0, $splitPoint);
88 $keyPart2 = substr($key, $splitPoint);
89 // Store part of the key in the database
90 //
91 // Notice: we may not use TCEmain below to insert key part into the
92 // table because TCEmain requires a valid BE user!
93 $time = $GLOBALS['EXEC_TIME'];
94 $GLOBALS['TYPO3_DB']->exec_INSERTquery('tx_rsaauth_keys', array(
95 'pid' => 0,
96 'crdate' => $time,
97 'key_value' => $keyPart2
98 ));
99 $keyId = $GLOBALS['TYPO3_DB']->sql_insert_id();
100 // Store another part in session
101 $_SESSION['tx_rsaauth_key'] = array($keyId, $keyPart1);
102 }
103 // Remove expired keys (more than 30 minutes old)
104 $GLOBALS['TYPO3_DB']->exec_DELETEquery('tx_rsaauth_keys', 'crdate<' . ($GLOBALS['EXEC_TIME'] - 30 * 60));
105 }
106
107 }