TYPO3 CMS  TYPO3_7-6
SplitStorage.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Rsaauth\Storage;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use TYPO3\CMS\Core\Database\DatabaseConnection;
18 use TYPO3\CMS\Core\Utility\MathUtility;
19 
24 class SplitStorage extends AbstractStorage
25 {
29  protected $databaseConnection;
30 
37  public function __construct(DatabaseConnection $databaseConnection = null)
38  {
39  if (session_id() === '') {
40  session_start();
41  }
42  $this->databaseConnection = $databaseConnection ?: $GLOBALS['TYPO3_DB'];
43  }
44 
51  public function get()
52  {
53  $result = null;
54  list($keyId, $keyPart1) = $_SESSION['tx_rsaauth_key'];
55  if (MathUtility::canBeInterpretedAsInteger($keyId)) {
56  // Remove expired keys (more than 30 minutes old)
57  $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'crdate<' . ($GLOBALS['EXEC_TIME'] - 30 * 60));
58  // Get our value
59  $row = $this->databaseConnection->exec_SELECTgetSingleRow('key_value', 'tx_rsaauth_keys', 'uid=' . $keyId);
60  if (is_array($row)) {
61  $result = $keyPart1 . $row['key_value'];
62  }
63  }
64  return $result;
65  }
66 
74  public function put($key)
75  {
76  if ($key == null) {
77  // Remove existing key
78  list($keyId) = $_SESSION['tx_rsaauth_key'];
79  if (MathUtility::canBeInterpretedAsInteger($keyId)) {
80  $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'uid=' . $keyId);
81  unset($_SESSION['tx_rsaauth_key']);
82  if (empty($_SESSION)) {
83  $sessionName = session_name();
84  $sessionCookie = session_get_cookie_params();
85  session_destroy();
86  // By using setcookie with the second parameter set to false we actually delete the cookie
87  setcookie($sessionName, false, $sessionCookie['lifetime'], $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']);
88  }
89  }
90  } else {
91  // Add key
92  // Get split point. First part is always smaller than the second
93  // because it goes to the file system
94  $keyLength = strlen($key);
95  $splitPoint = rand((int)($keyLength / 10), (int)($keyLength / 2));
96  // Get key parts
97  $keyPart1 = substr($key, 0, $splitPoint);
98  $keyPart2 = substr($key, $splitPoint);
99  // Store part of the key in the database
100  //
101  // Notice: we may not use TCEmain below to insert key part into the
102  // table because TCEmain requires a valid BE user!
103  $time = $GLOBALS['EXEC_TIME'];
104  $this->databaseConnection->exec_INSERTquery('tx_rsaauth_keys', [
105  'pid' => 0,
106  'crdate' => $time,
107  'key_value' => $keyPart2
108  ]);
109  $keyId = $this->databaseConnection->sql_insert_id();
110  // Store another part in session
111  $_SESSION['tx_rsaauth_key'] = [$keyId, $keyPart1];
112  }
113  // Remove expired keys (more than 30 minutes old)
114  $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'crdate<' . ($GLOBALS['EXEC_TIME'] - 30 * 60));
115  }
116 }
TYPO3\CMS\Rsaauth\Storage\SplitStorage\__construct
__construct(DatabaseConnection $databaseConnection=null)
Definition: SplitStorage.php:37
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:31