php_library/fboprime/sid.inc

<?php
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/sid.inc,v 1.3 2006/04/08 07:14:16 dashley Exp $
//********************************************************************************
//Copyright (C) 2006 David T. Ashley
//********************************************************************************
//This program or source file is free software; you can redistribute it and/or 
//modify it under the terms of the GNU General Public License as published by
//the Free Software Foundation; either version 2 of the License, or (at your 
//option) any later version.
//
//This program or source file is distributed in the hope that it will 
//be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//GNU General Public License for more details.
//
//You may have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
//********************************************************************************
//Dave Ashley, 04/06
//
//This source file provides the code to create and manipulate session
//identifiers (SIDs).  The format of the SGUID is documented in the 
//FBO-Prime manual.
//
require_once("sguid.inc");       //Necesssary to generate SGUIDs.
require_once("crhsh.inc");
//
//
//--------------------------------------------------------------------------------
//Returns a complete SID (including the "SI" prefix).
//
function SID_sid()
   {
   return("SI" . SID_sid_raw());
   }
//
//
//--------------------------------------------------------------------------------
//Returns a raw SID (without the "SI" prefix).
//
function SID_sid_raw()
   {
   $sguid  = SGUID_sguid();
   $crhash = CRHSH_hashva($sguid);

   //Convert any lower-case letters in the hash to upper-case.  This is canonical form.
   $crhash = StrToUpper($crhash);

   return($sguid . $crhash);
   }
//
//
//--------------------------------------------------------------------------------
//Returns the length of a SID (in characters).
//
function SID_sid_len()
   {
   return(66);
   }
//
//
//--------------------------------------------------------------------------------
//Validates the syntactic form of a SID.  Returns 0 if it isn't
//valid or 1 if it is.  Note that this validates only the form and the
//hash--the server session state aspect is not validated.
//
function SID_is_syntactically_valid($sid_to_check)
   {
   //Must be a string.
   if (! is_string($sid_to_check))
      return(0);

   //Must be of the right length.
   if (strlen($sid_to_check) != 66)
      return(0);

   //First two characters must be "SI".
   if (substr($sid_to_check, 0, 2) !== "SI")
      return(0);

   //The encapsulated SGUID must be valid.
   if (! SGUID_is_syntactically_valid(SubStr($sid_to_check, 2, 32)))
      return(0);

   //Generate a hash to match against.
   $original_hash   = SubStr($sid_to_check, 34, 32);
   $comparison_hash = StrToUpper(CRHSH_hashva(SubStr($sid_to_check, 2, 32)));

   //Compare the hashes.  Note that we don't have to check the string to be sure
   //hash chars are digits and hexadecimal digits--the comparison indirectly does
   //that for us.
   if ($original_hash != $comparison_hash)
      return(0);

   //If we're here, nothing obvious wrong with it.
   return(1);
   }
//--------------------------------------------------------------------------------
?>
1	dashley	35	<?php
2			//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/sid.inc,v 1.3 2006/04/08 07:14:16 dashley Exp $
3			//********************************************************************************
4			//Copyright (C) 2006 David T. Ashley
5			//********************************************************************************
6			//This program or source file is free software; you can redistribute it and/or
7			//modify it under the terms of the GNU General Public License as published by
8			//the Free Software Foundation; either version 2 of the License, or (at your
9			//option) any later version.
10			//
11			//This program or source file is distributed in the hope that it will
12			//be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
13			//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			//GNU General Public License for more details.
15			//
16			//You may have received a copy of the GNU General Public License
17			//along with this program; if not, write to the Free Software
18			//Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19			//********************************************************************************
20			//Dave Ashley, 04/06
21			//
22			//This source file provides the code to create and manipulate session
23			//identifiers (SIDs). The format of the SGUID is documented in the
24			//FBO-Prime manual.
25			//
26			require_once("sguid.inc"); //Necesssary to generate SGUIDs.
27			require_once("crhsh.inc");
28			//
29			//
30			//--------------------------------------------------------------------------------
31			//Returns a complete SID (including the "SI" prefix).
32			//
33			function SID_sid()
34			{
35			return("SI" . SID_sid_raw());
36			}
37			//
38			//
39			//--------------------------------------------------------------------------------
40			//Returns a raw SID (without the "SI" prefix).
41			//
42			function SID_sid_raw()
43			{
44			$sguid = SGUID_sguid();
45			$crhash = CRHSH_hashva($sguid);
46
47			//Convert any lower-case letters in the hash to upper-case. This is canonical form.
48			$crhash = StrToUpper($crhash);
49
50			return($sguid . $crhash);
51			}
52			//
53			//
54			//--------------------------------------------------------------------------------
55			//Returns the length of a SID (in characters).
56			//
57			function SID_sid_len()
58			{
59			return(66);
60			}
61			//
62			//
63			//--------------------------------------------------------------------------------
64			//Validates the syntactic form of a SID. Returns 0 if it isn't
65			//valid or 1 if it is. Note that this validates only the form and the
66			//hash--the server session state aspect is not validated.
67			//
68			function SID_is_syntactically_valid($sid_to_check)
69			{
70			//Must be a string.
71			if (! is_string($sid_to_check))
72			return(0);
73
74			//Must be of the right length.
75			if (strlen($sid_to_check) != 66)
76			return(0);
77
78			//First two characters must be "SI".
79			if (substr($sid_to_check, 0, 2) !== "SI")
80			return(0);
81
82			//The encapsulated SGUID must be valid.
83			if (! SGUID_is_syntactically_valid(SubStr($sid_to_check, 2, 32)))
84			return(0);
85
86			//Generate a hash to match against.
87			$original_hash = SubStr($sid_to_check, 34, 32);
88			$comparison_hash = StrToUpper(CRHSH_hashva(SubStr($sid_to_check, 2, 32)));
89
90			//Compare the hashes. Note that we don't have to check the string to be sure
91			//hash chars are digits and hexadecimal digits--the comparison indirectly does
92			//that for us.
93			if ($original_hash != $comparison_hash)
94			return(0);
95
96			//If we're here, nothing obvious wrong with it.
97			return(1);
98			}
99			//--------------------------------------------------------------------------------
100			?>