TYPO3 CMS  TYPO3_8-7
SplitStorage.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Rsaauth\Storage;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use TYPO3\CMS\Core\Database\ConnectionPool;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Core\Utility\MathUtility;
20 
25 class SplitStorage extends AbstractStorage
26 {
31  public function __construct()
32  {
33  if (session_id() === '') {
34  session_start();
35  }
36  }
37 
44  public function get()
45  {
46  $result = null;
47  list($keyId, $keyPart1) = $_SESSION['tx_rsaauth_key'];
48  if (MathUtility::canBeInterpretedAsInteger($keyId)) {
49  $this->removeExpiredKeys();
50 
51  // Get our value
52  $keyValue = GeneralUtility::makeInstance(ConnectionPool::class)
53  ->getConnectionForTable('tx_rsaauth_keys')
54  ->select(['key_value'], 'tx_rsaauth_keys', ['uid' => $keyId])
55  ->fetchColumn();
56 
57  if ($keyValue !== false) {
58  $result = $keyPart1 . $keyValue;
59  }
60  }
61 
62  return $result;
63  }
64 
71  public function put($key)
72  {
73  $connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable('tx_rsaauth_keys');
74  if ($key == null) {
75  // Remove existing key
76  list($keyId) = $_SESSION['tx_rsaauth_key'];
77  if (MathUtility::canBeInterpretedAsInteger($keyId)) {
78  $connection->delete(
79  'tx_rsaauth_keys',
80  ['uid' => $keyId]
81  );
82  unset($_SESSION['tx_rsaauth_key']);
83  if (empty($_SESSION)) {
84  $sessionName = session_name();
85  $sessionCookie = session_get_cookie_params();
86  session_destroy();
87  // By using setcookie with the second parameter set to false we actually delete the cookie
88  setcookie(
89  $sessionName,
90  false,
91  $sessionCookie['lifetime'],
92  $sessionCookie['path'],
93  $sessionCookie['domain'],
94  $sessionCookie['secure']
95  );
96  }
97  }
98  } else {
99  // Add key
100  // Get split point. First part is always smaller than the second
101  // because it goes to the file system
102  $keyLength = strlen($key);
103  $splitPoint = rand((int)($keyLength / 10), (int)($keyLength / 2));
104  // Get key parts
105  $keyPart1 = substr($key, 0, $splitPoint);
106  $keyPart2 = substr($key, $splitPoint);
107  // Store part of the key in the database
108  //
109  // Notice: we may not use DataHandler below to insert key part into the
110  // table because DataHandler requires a valid BE user!
111  $time = $GLOBALS['EXEC_TIME'];
112  $connection->insert(
113  'tx_rsaauth_keys',
114  [
115  'pid' => 0,
116  'crdate' => $time,
117  'key_value' => $keyPart2
118  ]
119  );
120  $keyId = $connection->lastInsertId('tx_rsaauth_keys');
121  // Store another part in session
122  $_SESSION['tx_rsaauth_key'] = [$keyId, $keyPart1];
123  }
124 
125  $this->removeExpiredKeys();
126  }
127 
133  protected function removeExpiredKeys(): int
134  {
135  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('tx_rsaauth_keys');
136  $count = $queryBuilder->delete('tx_rsaauth_keys')
137  ->where(
138  $queryBuilder->expr()->lt(
139  'crdate',
140  $queryBuilder->createNamedParameter(($GLOBALS['EXEC_TIME'] - 30 * 60), \PDO::PARAM_INT)
141  )
142  )
143  ->execute();
144 
145  return (int)$count;
146  }
147 }
TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance
static makeInstance($className,... $constructorArguments)
Definition: GeneralUtility.php:3945
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:38