hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-16 14:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

V 3.5 RC 1

Browse Source
This commit is contained in:
Romain Neutron
2011-12-05 00:23:28 +01:00
parent 6f1ee368aa
commit 4c5b7eb658
5563 changed files with 466984 additions and 985416 deletions
Download Patch File Download Diff File Expand all files Collapse all files

335
lib/classes/random.class.php
View File

@@ -1,127 +1,216 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2010 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
class random
{
function cleanTokens()
{
$conn = connection::getInstance();
$date = new DateTime();
$date = phraseadate::format_mysql($date);
$sql = 'SELECT * FROM tokens WHERE expire_on < "'.$date.'" AND datas IS NOT NULL AND type="download"';
if($rs = $conn->query($sql))
{
while($row = $conn->fetch_assoc($rs))
{
switch($row['type'])
{
case 'download':
$file = GV_RootPath.'tmp/download/'.$row['value'].'.zip';
if(is_file($file))
unlink($file);
break;
}
}
$conn->free_result($rs);
}
$sql = 'UPDATE tokens SET datas=NULL WHERE expire_on < "'.$date.'"';
$conn->query($sql);
$date = new DateTime('-4 days');
$date = phraseadate::format_mysql($date);
$sql = 'DELETE FROM tokens WHERE expire_on < "'.$date.'"';
$conn->query($sql);
}
public static function generatePassword ($length = 8)
{
$password = "";
$possible = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$i = 0;
while ($i < $length) {
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
if (!strstr($password, $char)) {
$password .= $char;
$i++;
}
}
return $password;
}
public static function getUrlToken($type,$usr,$end_date=false,$datas='')
{
self::cleanTokens();
$conn = connection::getInstance();
$token = $test = false;
if(!in_array($type,array('password','download', 'email', 'view', 'validate','rss')))
return $token;
if($conn)
{
$n = 1;
while($n<100)
{
$test = self::generatePassword(16);
if($rs = $conn->query('SELECT id FROM tokens WHERE value="'.$conn->escape_string($test).'"'))
{
if($conn->num_rows($rs) == 0)
{
if($conn->query('INSERT INTO tokens (id, value, type, usr_id, created_on, expire_on, datas) VALUES (null, "'.$conn->escape_string($test).'", "'.$conn->escape_string($type).'", "'.$conn->escape_string($usr ? $usr : '-1').'", NOW(), '.($end_date ? '"'.$conn->escape_string($end_date).'"' : 'null').', '.(trim($datas)!=''?('"'.$conn->escape_string($datas).'"'):'NULL').')'))
{
$token = $test;
break;
}
}
}
}
}
return $token;
}
public static function removeToken($token)
{
self::cleanTokens();
$conn = connection::getInstance();
$sql = 'DELETE FROM tokens WHERE id="'.$conn->escape_string($token).'"';
if($conn->query($sql))
return true;
return false;
}
public static function updateToken($token,$datas)
{
self::cleanTokens();
$conn = connection::getInstance();
$sql = 'UPDATE tokens SET datas="'.$conn->escape_string($datas).'" WHERE value="'.$conn->escape_string($token).'"';
if($conn->query($sql))
return true;
return false;
}
public static function helloToken($token)
{
self::cleanTokens();
$ret = false;
$conn = connection::getInstance();
if(!$conn)
return $ret;
$sql = 'SELECT * FROM tokens WHERE value="'.$conn->escape_string($token).'"';
/**
*
*/
const NUMBERS = "0123456789";
/**
*
*/
const LETTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
/**
*
*/
const LETTERS_AND_NUMBERS = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
if($rs = $conn->query($sql))
{
if($row = $conn->fetch_assoc($rs))
{
$ret = $row;
}
$conn->free_result($rs);
}
return $ret;
}
}
/**
*
* @return Void
*/
public static function cleanTokens()
{
try
{
$conn = connection::getPDOConnection();
$date = new DateTime();
$date = phraseadate::format_mysql($date);
$registry = registry::get_instance();
$sql = 'SELECT * FROM tokens WHERE expire_on < :date
AND datas IS NOT NULL AND type="download"';
$stmt = $conn->prepare($sql);
$stmt->execute(array(':date' => $date));
$rs = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
foreach ($rs as $row)
{
switch ($row['type'])
{
case 'download':
$file = $registry->get('GV_RootPath') . 'tmp/download/' . $row['value'] . '.zip';
if (is_file($file))
unlink($file);
break;
}
}
$sql = 'DELETE FROM tokens WHERE expire_on < :date';
$stmt = $conn->prepare($sql);
$stmt->execute(array(':date' => $date));
$stmt->closeCursor();
return true;
}
catch (Exception $e)
{
}
return false;
}
/**
*
* @param int $length
* @param constant $possible
* @return string
*/
public static function generatePassword($length = 8, $possible = SELF::LETTERS_AND_NUMBERS)
{
if (!is_int($length))
throw new Exception_InvalidArgument ();
$password = "";
if (!in_array($possible, array(self::LETTERS_AND_NUMBERS, self::LETTERS, self::NUMBERS)))
$possible = self::LETTERS_AND_NUMBERS;
$i = 0;
$possible_length = strlen($possible);
while ($i < $length)
{
$char = substr($possible, mt_rand(0, $possible_length - 1), 1);
$password .= $char;
$i++;
}
return $password;
}
/**
*
* @param string $type
* @param int $usr
* @param string $end_date
* @param mixed content $datas
* @return boolean
*/
public static function getUrlToken($type, $usr, DateTime $end_date = null, $datas='')
{
self::cleanTokens();
$conn = connection::getPDOConnection();
$token = $test = false;
if (!in_array($type, array('password', 'download', 'mail-download', 'email', 'view', 'validate', 'rss')))
throw new Exception_InvalidArgument();
$n = 1;
$sql = 'SELECT id FROM tokens WHERE value = :test ';
$stmt = $conn->prepare($sql);
while ($n < 100)
{
$test = self::generatePassword(16);
$stmt->execute(array(':test' => $test));
if ($stmt->rowCount() === 0)
{
$token = $test;
break;
}
$n++;
}
$stmt->closeCursor();
if ($token)
{
$sql = 'INSERT INTO tokens (id, value, type, usr_id, created_on, expire_on, datas)
VALUES (null, :token, :type, :usr, NOW(), :end_date, :datas)';
$stmt = $conn->prepare($sql);
$params = array(
':token' => $token
, ':type' => $type
, ':usr' => ($usr ? $usr : '-1')
, ':end_date' => ($end_date instanceof DateTime ? phraseadate::format_mysql($end_date) : null)
, ':datas' => ((trim($datas) != '') ? $datas : null)
);
$stmt->execute($params);
$stmt->closeCursor();
}
return $token;
}
public static function removeToken($token)
{
self::cleanTokens();
try
{
$conn = connection::getPDOConnection();
$sql = 'DELETE FROM tokens WHERE value = :token';
$stmt = $conn->prepare($sql);
$stmt->execute(array(':token' => $token));
$stmt->closeCursor();
return true;
}
catch (Exception $e)
{
}
return false;
}
public static function updateToken($token, $datas)
{
try
{
$conn = connection::getPDOConnection();
$sql = 'UPDATE tokens SET datas = :datas
WHERE value = :token';
$stmt = $conn->prepare($sql);
$stmt->execute(array(':datas' => $datas, ':token' => $token));
$stmt->closeCursor();
return true;
}
catch (Exception $e)
{
}
return false;
}
public static function helloToken($token)
{
self::cleanTokens();
$conn = connection::getPDOConnection();
$sql = 'SELECT * FROM tokens WHERE value = :token ';
$stmt = $conn->prepare($sql);
$stmt->execute(array(':token' => $token));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!$row)
throw new Exception_NotFound('Token not found');
return $row;
}
}