1 |
<?php
|
2 |
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/sid.inc,v 1.3 2006/04/08 07:14:16 dashley Exp $
|
3 |
//********************************************************************************
|
4 |
//Copyright (C) 2006 David T. Ashley
|
5 |
//********************************************************************************
|
6 |
//This program or source file is free software; you can redistribute it and/or
|
7 |
//modify it under the terms of the GNU General Public License as published by
|
8 |
//the Free Software Foundation; either version 2 of the License, or (at your
|
9 |
//option) any later version.
|
10 |
//
|
11 |
//This program or source file is distributed in the hope that it will
|
12 |
//be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13 |
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14 |
//GNU General Public License for more details.
|
15 |
//
|
16 |
//You may have received a copy of the GNU General Public License
|
17 |
//along with this program; if not, write to the Free Software
|
18 |
//Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
19 |
//********************************************************************************
|
20 |
//Dave Ashley, 04/06
|
21 |
//
|
22 |
//This source file provides the code to create and manipulate session
|
23 |
//identifiers (SIDs). The format of the SGUID is documented in the
|
24 |
//FBO-Prime manual.
|
25 |
//
|
26 |
require_once("sguid.inc"); //Necesssary to generate SGUIDs.
|
27 |
require_once("crhsh.inc");
|
28 |
//
|
29 |
//
|
30 |
//--------------------------------------------------------------------------------
|
31 |
//Returns a complete SID (including the "SI" prefix).
|
32 |
//
|
33 |
function SID_sid()
|
34 |
{
|
35 |
return("SI" . SID_sid_raw());
|
36 |
}
|
37 |
//
|
38 |
//
|
39 |
//--------------------------------------------------------------------------------
|
40 |
//Returns a raw SID (without the "SI" prefix).
|
41 |
//
|
42 |
function SID_sid_raw()
|
43 |
{
|
44 |
$sguid = SGUID_sguid();
|
45 |
$crhash = CRHSH_hashva($sguid);
|
46 |
|
47 |
//Convert any lower-case letters in the hash to upper-case. This is canonical form.
|
48 |
$crhash = StrToUpper($crhash);
|
49 |
|
50 |
return($sguid . $crhash);
|
51 |
}
|
52 |
//
|
53 |
//
|
54 |
//--------------------------------------------------------------------------------
|
55 |
//Returns the length of a SID (in characters).
|
56 |
//
|
57 |
function SID_sid_len()
|
58 |
{
|
59 |
return(66);
|
60 |
}
|
61 |
//
|
62 |
//
|
63 |
//--------------------------------------------------------------------------------
|
64 |
//Validates the syntactic form of a SID. Returns 0 if it isn't
|
65 |
//valid or 1 if it is. Note that this validates only the form and the
|
66 |
//hash--the server session state aspect is not validated.
|
67 |
//
|
68 |
function SID_is_syntactically_valid($sid_to_check)
|
69 |
{
|
70 |
//Must be a string.
|
71 |
if (! is_string($sid_to_check))
|
72 |
return(0);
|
73 |
|
74 |
//Must be of the right length.
|
75 |
if (strlen($sid_to_check) != 66)
|
76 |
return(0);
|
77 |
|
78 |
//First two characters must be "SI".
|
79 |
if (substr($sid_to_check, 0, 2) !== "SI")
|
80 |
return(0);
|
81 |
|
82 |
//The encapsulated SGUID must be valid.
|
83 |
if (! SGUID_is_syntactically_valid(SubStr($sid_to_check, 2, 32)))
|
84 |
return(0);
|
85 |
|
86 |
//Generate a hash to match against.
|
87 |
$original_hash = SubStr($sid_to_check, 34, 32);
|
88 |
$comparison_hash = StrToUpper(CRHSH_hashva(SubStr($sid_to_check, 2, 32)));
|
89 |
|
90 |
//Compare the hashes. Note that we don't have to check the string to be sure
|
91 |
//hash chars are digits and hexadecimal digits--the comparison indirectly does
|
92 |
//that for us.
|
93 |
if ($original_hash != $comparison_hash)
|
94 |
return(0);
|
95 |
|
96 |
//If we're here, nothing obvious wrong with it.
|
97 |
return(1);
|
98 |
}
|
99 |
//--------------------------------------------------------------------------------
|
100 |
?>
|