Location: PHPKode > scripts > Hash > hash/class_hash.inc.php
<?php

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// CLASS NAME:  HASH                                                                                           //
// LANGUAGE:    PHP                                                                                            //
// AUTHOR:      Penseur Martien                                                                                //
// EMAIL:       penseur.martien<no spam>@@ifrance.com                                                          //
// VERSION:     0.1                                                                                            //
// DATE:        08/01/2004                                                                                     //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// History:                                                                                                    //
//----------                                                                                                   //
//  Date        Version   Actions                                                                              //
// ----------------------------------------------------------------------------------------------------------- //
//  08/01/2004  0.1       Test version                                                                         //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Need to work:                                                                                               //
// biblio_mysql.inc.php: library of function to manipulate mysql database                                      //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// What the class do:                                                                                          //
// Let make a hash string to a ressource and then check this access. Prevent from link stolen                  //
// * Construct a hash string from:                                                                             //
//   * session id of the user                                                                                  //
//   * private data of the server                                                                              //
//   * private data of the website                                                                             //
//   * item to check                                                                                           //
//   * timestamp of the query                                                                                  //
//   * a max number of access                                                                                  //
//   * a max duration                                                                                          //
//                                                                                                             //
// * Next, in the other page, the class can check the valid hash passig through page parameter, depending of   //
//   * the item to check                                                                                       //
//   * the session id of the user                                                                              //
//   * the private data of the server                                                                          //
//   * the private data of the website                                                                         //
//   * the moment saved in database for this hash                                                              //
//   * moment and number of the access                                                                         //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////

require_once("parametres_base.inc.php");
require_once("biblio_mysql.inc.php");

$database_name="site";
$database_table="autorisations";

// SQL string to create the table
$sql_create="CREATE TABLE IF NOT EXISTS `$database_table` ("
								."`hash` varchar( 32 ) NOT NULL default '',"
								."`hash_item` varchar( 32 ) NOT NULL default '',"
								."`moment` bigint( 20 ) NOT NULL default '0',"
								."`nb_max_access` bigint( 20 ) NOT NULL default '-1',"
								."`max_timestamp` bigint( 20 ) NOT NULL default '-1',"
								."`timestamp_delete` bigint( 20 ) NOT NULL default '2592000',"
								."PRIMARY KEY ( `hash` )"
								.") TYPE = MYISAM ";

class hash {
	var $hash_data_server; // hash of the string data_server
	var $hash_data_site; // hash of the string data_website
	var $hash_ident_user; // hash of the session id
	var $max_duration; // max number of second of existence of a row
	function hash($data_server,$data_site,$max_duration=2592000) {
		global $database_name,$database_table;
		mysql_delete($database_name,$database_table,"`timestamp_delete`<".mktime()); // delete of ancient rows
		$this->hash_ident_user= md5(session_id());
		$this->hash_data_server=md5($data_server);
		$this->hash_data_site=md5($data_site);
		$this->max_duration=$max_duration;
	}
	
	function make_hash($items,$nb_max_access=1,$duration=-1) {
		global $database_name,$database_table;
		if (!is_array($items))
			$items=array($items); // transform items to an array if not
		for ($i=0;$i<count($items);$i++) {
			$moment=mktime();
			$hash_moment=md5($moment);
			$hash_item=md5($items[$i]);
			// hash is depending of:
			$hash[$i]=md5(	$this->hash_data_server // a private data from the server
										.	$this->hash_data_site		// a private data from the site
										.	$this->hash_ident_user	// a hash of uid
										.	$hash_item							// a hash of the item
										.	$hash_moment);					// a hash of the timestamp
			// 	store authorisation for:
			//	* this session
			//	* this hash
			//	* this moment
			//	* a number of access (or unlimited if equal to -1)
			//	* a certain duration	(or unlimited if equal to -1)
			if (mysql_select_value($database_name,"SELECT '".$hash[$i]."' FROM $database_table WHERE (hash='".$hash[$i]."')",-1)==-1)
				mysql_insert($database_name,$database_table,
											array('hash','hash_item','moment','nb_max_access','max_timestamp','timestamp_delete'),
											array($hash[$i],$hash_item,$moment,$nb_max_access,($duration==-1)?-1:($moment+$duration),$moment+$this->max_duration));
		}
		return $hash;
	}
	function check_hash($hash,$item) {
		global $database_name,$database_table;
		$data=mysql_rawquery($database_name,"SELECT * FROM $database_table WHERE (hash='$hash') LIMIT 0,1");
		if (count($data)==0) // no authorisation => false
			return false;
		else {
			$moment=mktime();
			$hash_item=md5($item);
			$nb_max_access=$data[0]['nb_max_access'];
			$max_timestamp=$data[0]['max_timestamp'];
			$hash_moment=md5($data[0]['moment']);
			$hash_temp=md5(		$this->hash_data_server
											.	$this->hash_data_site
											.	$this->hash_ident_user
											.	$hash_item
											.	$hash_moment);
			if (	($hash==$hash_temp)
					&&(		($max_timestamp==-1)
							||($moment<=$max_timestamp))
					) { // access = ok // don't have to verify nb_max_access because if line present, nb_max_access>=0
				if ($nb_max_access!=-1)
					if ($nb_max_access>1) // have to decrease nb_max_access in row
						mysql_update($database_name,$database_table,array('nb_max_access'),array($nb_max_access-1),"hash='$hash'");
					else // delete row because no other access will be accepted
						mysql_delete($database_name,$database_table,"hash='$hash'");
				return true; // and return ok
			}
			else
				if (	($hash==$hash_temp) // hash ok, but...
						&&($moment>$max_timestamp)) // it's too late
						mysql_delete($database_name,$database_table,"hash='$hash'"); // => delete row 
				return false; // hash is invalid or too late => return nok
		}
	}
}

?>
Return current item: Hash