Modules

  1. Captcha
    2. Captcha
    3. Captcha_Alpha
    4. Captcha_Basic
    5. Captcha_Black
    6. Captcha_Math
    7. Captcha_Riddle
    8. Captcha_Word
    9. Controller_Captcha
  2. Gleez
    1. Action
      1. Gleez_Action
    2. CSRF
      1. CSRF
      2. Gleez_CSRF
    3. Comment
      1. Comment
      2. Controller_Comments
      3. Gleez_Comment
    4. Controller
      1. Controller_Media
      2. Controller_Welcome
    5. Core/Utils
      1. Gleez_System
      2. System
    6. Email
      1. Email
      2. Gleez_Email
    7. Event
      1. Gleez_Event
    8. Helper
      1. Date
      2. Gleez_Date
    9. Helpers
      1. Arr
      2. Gleez_Arr
    10. Html
      1. AutoLink
      2. Gleez_AutoLink
      3. Gleez_Breadcrumb
    11. Input Filter
      1. Gleez_InputFilter
      2. InputFilter
    12. Install
      1. Controller_Install_Install
    13. Logging
      1. Gleez_Log_File
      2. Gleez_log
      3. Log_File
    14. Menu
      1. Gleez_Menu
      2. Menu
    15. Message
      1. Gleez_Message
      2. Message
    16. ORM
      1. Gleez_ORM_MPTT
      2. Gleez_ORM_Versioned
      3. ORM_MPTT
      4. ORM_Versioned
    17. Path
      1. Gleez_Path
      2. Model_Path
      3. Path
    18. Session
      1. Gleez_Session
      2. Session
    19. Session/Database
      1. Gleez_Session_Database
      2. Session_Db
    20. Tags
      1. Gleez_Tags
      2. Tags
    21. Text
      1. Gleez_Text
      2. Text
  3. Gleez/Database
    1. Drivers
      1. Database_Drizzle
      2. Gleez_Database_Drizzle
    2. Query/Result
      1. Database_Drizzle_Result
      2. Gleez_Database_Drizzle_Result
  4. Gleez/ORM
    2. Gleez_ORM_Core
    3. Model_Comment
    4. Model_Module
    5. Model_Tagging
    6. Model_Widget
    7. Model_action
    8. ORM
  5. Gleez\ACL
    2. ACL
    3. Gleez_ACL
  6. Gleez\Admin\Controller
    2. Controller_Admin
    3. Controller_Admin_Comment
    4. Controller_Admin_Dashboard
    5. Controller_Admin_Format
    6. Controller_Admin_Menu
    7. Controller_Admin_Menu_Item
    8. Controller_Admin_Modules
    9. Controller_Admin_Page
    10. Controller_Admin_Path
    11. Controller_Admin_Setting
    12. Controller_Admin_Tag
    13. Controller_Admin_Taxonomy
    14. Controller_Admin_Term
    15. Controller_Admin_Widget
  7. Gleez\Assets\Core
    2. Assets
    3. Gleez_Assets_Core
  8. Gleez\Assets\Meta
    2. Gleez_Meta
    3. Meta
  9. Gleez\Controller
    2. Controller_Page
  10. Gleez\Core
    2. Gleez
    3. Gleez_Core
    4. Kohana
  11. Gleez\Format
    2. Format
    3. Gleez_Format
  12. Gleez\Helper\Form
    2. Form
    3. Gleez_Form
  13. Gleez\Helpers\HTML
    2. Gleez_HTML
    3. HTML
  14. Gleez\Helpers\URL
    2. Gleez_URL
    3. URL
  15. Gleez\I18n
    2. Gleez_I18n
  16. Gleez\Modules
    2. Gleez_Module
    3. Module
  17. Gleez\OAuth
    2. OAuth2_Client
    3. OAuth2_Exception
    4. OAuth2_Provider
    5. OAuth2_Provider_Facebook
    6. OAuth2_Provider_Github
    7. OAuth2_Provider_Google
    8. OAuth2_Provider_Live
    9. OAuth2_Request
    10. OAuth2_Request_Authorize
    11. OAuth2_Request_Credentials
    12. OAuth2_Request_Data
    13. OAuth2_Request_Token
    14. OAuth2_Response
    15. OAuth2_Token
    16. OAuth2_Token_Access
  18. Gleez\OAuth\Controller
    2. Controller_OAuth_Base
    3. Controller_OAuth_Facebook
    4. Controller_OAuth_Google
    5. Controller_OAuth_Live
  19. Gleez\OAuth\Core
    2. OAuth2
    3. OAuth2_Core
  20. Gleez\ORM
    2. Model_Menu
  21. Gleez\Post
    2. Gleez_Post
    3. Model_Page
    4. Model_Post
    5. Post
  22. Gleez\Request
    2. Gleez_Request
    3. Request
  23. Gleez\Route
    2. Gleez_Route
    3. Route
  24. Gleez\Tags
    2. Model_Tag
  25. Gleez\Template
    2. Controller_Comment
    3. Controller_Tag
    4. Controller_Taxonomy
    5. Gleez_Template
    6. Template
  26. Gleez\Terms
    2. Model_Term
  27. Gleez\Theme
    2. Gleez_Theme
    3. Theme
  28. Gleez\User
    2. Auth
    3. Auth_File
    4. Auth_ORM
    5. Controller_Buddy
    6. Controller_User
    7. Gleez_Auth
    8. Gleez_Auth_File
    9. Gleez_Auth_ORM
    10. Gleez_User
    11. Model_Auth_Role
    12. Model_Auth_User
    13. Model_Auth_User_Token
    14. Model_Buddy
    15. Model_Identity
    16. Model_Request
    17. Model_Role
    18. Model_User
    19. Model_User_Token
    20. User
  29. Gleez\User\Admin\Controller
    2. Controller_Admin_Permission
    3. Controller_Admin_Role
    4. Controller_Admin_User
  30. Gleez\Widget
    2. Gleez_Widget
    3. Gleez_Widgets
    4. Widget
    5. Widget_Admin
    6. Widget_Comment
    7. Widget_Menu
    8. Widget_Static
    9. Widgets
  31. Kohana
    2. Debug
    3. Gleez_View
    4. HTTP_Cache
    5. I18n
    6. Kohana_Config_Writer
    7. Kohana_Core
    8. Request_Client
    9. Request_Client_Curl
    10. Request_Client_External
    11. Request_Client_HTTP
    12. Request_Client_Internal
    13. Request_Client_Stream
    14. Response
    15. UTF8
    16. View
    17. Configuration
      1. Config
      2. Config_File
      3. Config_Group
      4. Kohana_Config_File_Reader
      5. Kohana_Config_Reader
      6. Kohana_Config_Source
    18. Controller
      1. Controller
      2. Controller_AutoComplete
      3. Controller_Feeds_Base
      4. Controller_Feeds_Page
      5. Controller_Resize
      6. Controller_Template
    19. Exceptions
      1. Gleez_Exception
      2. HTTP_Exception
      3. HTTP_Exception_400
      4. HTTP_Exception_401
      5. HTTP_Exception_402
      6. HTTP_Exception_403
      7. HTTP_Exception_404
      8. HTTP_Exception_405
      9. HTTP_Exception_406
      10. HTTP_Exception_407
      11. HTTP_Exception_408
      12. HTTP_Exception_409
      13. HTTP_Exception_410
      14. HTTP_Exception_411
      15. HTTP_Exception_412
      16. HTTP_Exception_413
      17. HTTP_Exception_414
      18. HTTP_Exception_415
      19. HTTP_Exception_416
      20. HTTP_Exception_417
      21. HTTP_Exception_500
      22. HTTP_Exception_501
      23. HTTP_Exception_502
      24. HTTP_Exception_503
      25. HTTP_Exception_504
      26. HTTP_Exception_505
      27. Kohana_Exception
      28. Request_Exception
      29. Session_Exception
      30. UTF8_Exception
      31. Validation_Exception
      32. View_Exception
    20. HTTP
      1. HTTP
      2. HTTP_Header
      3. HTTP_Message
      4. HTTP_Request
      5. HTTP_Response
    21. Helpers
      1. CLI
      2. Cookie
      3. Feed
      4. File
      5. Fragment
      6. Inflector
      7. JSON
      8. Num
      9. Profiler
    22. Logging
      1. Log
      2. Log_StdErr
      3. Log_StdOut
      4. Log_Syslog
      5. Log_Writer
    23. Models
      1. Model
    24. Security
      1. Encrypt
      2. Security
      3. Valid
      4. Validation
    25. Session
      1. Session_Cookie
      2. Session_Native
  32. Kohana/Cache
    2. Cache
    3. Cache_Apc
    4. Cache_Arithmetic
    5. Cache_Exception
    6. Cache_File
    7. Cache_GarbageCollect
    8. Cache_Memcache
    9. Cache_MemcacheTag
    10. Cache_Sqlite
    11. Cache_Tagging
    12. Cache_Wincache
    13. Gleez_Cache
  33. Kohana/Database
    2. DB
    3. Database
    4. Database_Expression
    5. Configuration
      1. Config_Database
      2. Config_Database_Reader
      3. Config_Database_Writer
    6. Drivers
      1. Database_MySQL
      2. Database_PDO
    7. Exceptions
      1. Database_Exception
    8. Models
      1. Model_Database
    9. Query
      1. Database_Query
      2. Database_Query_Builder
      3. Database_Query_Builder_Delete
      4. Database_Query_Builder_Insert
      5. Database_Query_Builder_Join
      6. Database_Query_Builder_Select
      7. Database_Query_Builder_Update
      8. Database_Query_Builder_Where
    10. Query/Result
      1. Database_MySQL_Result
      2. Database_Result
      3. Database_Result_Cached
    11. Session
      1. Session_Database
  34. Kohana/Image
    2. Image
    3. Drivers
      1. Image_GD
      2. Image_Imagick
  35. Kohana/ORM
    2. Gleez_ORM_Validation_Exception
    3. ORM_Validation_Exception
  36. Kohana/Pagination
    2. Gleez_Pagination
    3. Pagination
  37. Kohana/Userguide
    2. Kodoc
    3. Kodoc_Class
    4. Kodoc_Markdown
    5. Kodoc_Method
    6. Kodoc_Method_Param
    7. Kodoc_Property
    8. Controllers
      1. Controller_Userguide
    9. Undocumented
      1. Kodoc_Missing
      2. breadcrumb
      3. gleez_num
  38. User\Widget
    2. Widget_User
  39. [Unknown]
    2. Gleez_Menu_Item
    3. Gleez_Upload
    4. Menu_item
    5. Upload

Gleez_CSRF

Cross-Site Request Forgery helper.

package
Gleez
category
CSRF
author
Sandeep Sangamreddi - Gleez
copyright
© 2012 Gleez Technologies
license
http://gleezcms.org/license

Class declared in MODPATH/gleez/classes/gleez/csrf.php on line 11.

Constants

  • None

Properties

Methods

Properties

public static integer $csrf_ttl

Token time to live in seconds, 30 minutes

integer 1800

Methods

public static key( ) (defined in Gleez_CSRF)

User specefic key used to generate unqiue tokens.

The user specefic private key.

Return Values

Source Code

static function key()
{
        $token  = Session::instance()->id();
        $secret = self::_private_key();
        return sha1($secret . $token);
}

public static token( [ string $id = string(0) "" , string $action = string(0) "" , integer $time = integer 0 ] ) (defined in Gleez_CSRF)

Get CSRF token

Parameters

  • string $id = string(0) "" - Custom token id, e.g. uid
  • string $action = string(0) "" - Optional action
  • integer $time = integer 0 - Used only internally

Return Values

  • string

Source Code

public static function token($id = '', $action = '', $time = 0)
{
        // Get id string for token, could be uid or ip etc
        if (!$id) $id = Request::$client_ip;

        // Get time to live
        if (!$time) $time = ceil(time() / self::$csrf_ttl);

        return sha1($time . self::key() . $id . $action);
}

public static valid( [ string $token = bool FALSE , string $action = string(0) "" , string $id = string(0) "" ] ) (defined in Gleez_CSRF)

Validate CSRF token

Parameters

  • string $token = bool FALSE - $token
  • string $action = string(0) "" - $id Custom token id, e.g. uid
  • string $id = string(0) "" - $action Optional action

Return Values

  • boolean

Source Code

public static function valid($token = false, $action = '', $id = '')
{
token and action from Form POST
        if (!$token)  $token  = Arr::get($_REQUEST, '_token');
        if (!$action) $action = Arr::get($_REQUEST, '_action');

        // Get time to live
        $time = ceil(time() / self::$csrf_ttl);

        // Check token validity
        return ($token === self::token($id, $action, $time) || $token === self::token($id, $action, $time - 1));
}

private static _private_key( ) (defined in Gleez_CSRF)

Ensure the private key variable used to generate tokens is set.

The private key.

Return Values

Source Code

private static function _private_key()
{
g = Kohana::$config->load('site');

        if ( !($key = $config->get('gleez_private_key')) )
        {
                $key = sha1(uniqid(mt_rand(), true)) . md5(uniqid(mt_rand(), true));
                $config->set('gleez_private_key', $key);
        }
        
        return $key;
}
Documentation comments powered by Disqus