Location: PHPKode > projects > Escher CMS > eschercms-0.9.2/escher/sparkplug/plugs/sparknonce/sparknonce.php
<?php

/*
Copyright 2009-2011 Sam Weiss
All Rights Reserved.

This file is part of Spark/Plug.

Spark/Plug is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

if (!defined('spark/plug'))
{
	header('HTTP/1.1 403 Forbidden');
	exit('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don\'t have permission to access the requested resource on this server.</p></body></html>');
}

// -----------------------------------------------------------------------------

class SparkNonceModel extends SparkModel
{
	private $_lifetime;			// nonce lifetime in seconds
	private $_nonceTable;		// nonce table name
	private $_nonceFields;		// nonce column names

	// --------------------------------------------------------------------------

	public function __construct($params = NULL)
	{
		parent::__construct($params);
		
		// load nonce config
		
		$config = $this->config->get('nonce');

		// allow params to override config settings

		$this->_lifetime = isset($params['nonce_lifetime']) ? $params['nonce_lifetime'] : (isset($config['lifetime']) ? $config['lifetime'] : 600);
		$this->_nonceTable = isset($params['nonce_table']) ? $params['nonce_table'] : (isset($config['table']) ? $config['table'] : 'nonce');
		$this->_nonceFields = isset($params['nonce_fields']) ? $params['nonce_fields'] : (isset($config['fields']) ? $config['fields'] : array('nonce'=>'nonce', 'used'=>'used', 'expires'=>'expires'));
	}

	//---------------------------------------------------------------------------
	
	public function newNonce()
	{
		$db = $this->loadDB();
		
		$this->expireNonces();

		$row = array
		(
			$this->_nonceFields['nonce'] => ($nonce = SparkUtil::make_nonce()),
			$this->_nonceFields['expires'] => $db->getFunction('date')->now()->interval($this->_lifetime, iSparkDBQueryFunctionDate::kSeconds)->add(),
		);

		$db->insertRow($this->_nonceTable, $row);

		return $nonce;
	}

	//---------------------------------------------------------------------------
	
	public function getNonce($nonce)
	{
		$db = $this->loadDB();
		
		$this->expireNonces();

		return $db->selectRow($this->_nonceTable, '*', $db->quoteIdentifier($this->_nonceFields['nonce']).'=?', $nonce);
	}

	//---------------------------------------------------------------------------
	
	public function useNonce($nonce)
	{
		$db = $this->loadDB();
		
		$row = array
		(
			$this->_nonceFields['used'] => 1,
			$this->_nonceFields['expires'] => $db->getFunction('date')->now()->interval($this->_lifetime, iSparkDBQueryFunctionDate::kSeconds)->add(),
		);
				
		return $db->updateRows($this->_nonceTable, $row, $db->quoteIdentifier($this->_nonceFields['nonce']).'=?', $nonce);
	}

	//---------------------------------------------------------------------------
	
	public function expireNonces()
	{
		$db = $this->loadDB();
		
		$db->deleteRows($this->_nonceTable, $db->quoteIdentifier($this->_nonceFields['expires']).'<=?', $db->getFunction('date')->now());
	}

	// --------------------------------------------------------------------------	
}
Return current item: Escher CMS