TYPO3 CMS  TYPO3_6-2
AbstractFormProtection.php
Go to the documentation of this file.
1 <?php
3 
27 abstract class AbstractFormProtection {
28 
34  protected $sessionToken;
35 
39  protected function getSessionToken() {
40  if ($this->sessionToken === NULL) {
41  $this->sessionToken = $this->retrieveSessionToken();
42  }
43  return $this->sessionToken;
44  }
45 
49  public function __destruct() {
50  unset($this->sessionToken);
51  }
52 
60  public function clean() {
61  unset($this->sessionToken);
62  $this->persistSessionToken();
63  }
64 
78  public function generateToken($formName, $action = '', $formInstanceName = '') {
79  if ($formName == '') {
80  throw new \InvalidArgumentException('$formName must not be empty.', 1294586643);
81  }
82  $tokenId = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac($formName . $action . $formInstanceName . $this->getSessionToken());
83  return $tokenId;
84  }
85 
96  public function validateToken($tokenId, $formName, $action = '', $formInstanceName = '') {
97  $validTokenId = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac(((string) $formName . (string) $action) . (string) $formInstanceName . $this->getSessionToken());
98  if ((string) $tokenId === $validTokenId) {
99  $isValid = TRUE;
100  } else {
101  $isValid = FALSE;
102  }
103  if (!$isValid) {
105  }
106  return $isValid;
107  }
108 
114  protected function generateSessionToken() {
115  return bin2hex(\TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes(32));
116  }
117 
127  abstract protected function createValidationErrorMessage();
128 
134  abstract protected function retrieveSessionToken();
135 
143  abstract public function persistSessionToken();
144 
145 }
generateToken($formName, $action='', $formInstanceName='')
validateToken($tokenId, $formName, $action='', $formInstanceName='')
static hmac($input, $additionalSecret='')