WN - Visa ett inlägg - "Kom ihåg mig"

Draqir · 2009-08-22, 17:18

"Kom ihåg mig" - säkraste sättet

VPN kryptering, inbyggt tillägg som stegar igenom fördefinerade sha-256 strängar genom ett tillägg i webbläsaren som bakas in vid varje request... Ehm. En lite mer normal lösning;

Använd mcrypt med t.ex. blowfish på ett liknande sätt

Kod:

 class Cookie {
  private $created;
  private $userid;
  private $version;
  private $td;
  private $cookie;

  private $cypher   = 'blowfish';
  private $mode    = 'cfb';
  private $key = 'choose a better key';

  private $cookiename = 'USERAUTH';
  private $myversion = '1';
  private $expiration = '600'; 
  private $warning  = '300';
  private $glue = '|';

  
  public function __construct($userid = false) {
   $this->td = mcrypt_module_open ($this->cypher, '', $this->mode, '');
   if($userid) {
    $this->userid = $userid;
    return;
   }
   else {
    if(array_key_exists($this->cookiename, $_COOKIE)) {
     $buffer = $this->_unpackage($_COOKIE[$this->cookiename]);
    }
    else {
     throw new AuthException("No Cookie");
    }
   }
  }
  public function set() {
   $cookie = $this->_package();
   set_cookie($this->cookiename, $cookie, 0);
  }
  public function logout() {
   set_cookie($this->cookiename);
  }
  public function validate() {
   if(!$this->version || !$this->created || !$this->userid) {
    throw new AuthException("Malformed cookie");
   }
   if ($this->version != $this->myversion) {
    throw new AuthException("Version mismatch");
   }
   if (time() - $this->created > $this->expiration) {
    throw new AuthException("Cookie expired");
   } else if ( time() - $this->created > $this->resettime) {
    $this->set();
   }
  }

  private function _package() {
   $parts = array($this->myversion, time(), $this->userid);
   $cookie = implode($glue, $parts);
   return $this->_encrypt($cookie);
  }
  private function _unpackage($cookie) {
   $buffer = $this->_decrypt($cookie);
   list($this->version, $this->created, $this->userid) = explode($glue, $buffer);
   if($this->version != $this->myversion ||
     !$this->created ||
     !$this->userid) 
   {
    throw new AuthException();
   }
  }
  private function _encrypt($plaintext) {
   $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
   mcrypt_generic_init ($this->td, $this->key, $iv);
   $crypttext = mcrypt_generic ($this->td, $plaintext);
   mcrypt_generic_deinit ($this->td);
   return $iv.$crypttext;
  }
  private function _decrypt($crypttext) {
   $ivsize = mcrypt_get_iv_size($this->td);
   $iv = substr($crypttext, 0, $ivsize);
   $crypttext = substr($crypttext, $ivsize);
   mcrypt_generic_init ($this->td, $this->key, $iv);
   $plaintext = mdecrypt_generic ($this->td, $crypttext);
   mcrypt_generic_deinit ($this->td);
   return $plaintext;
  }
  private function _reissue() {
   $this->created = time();
  }
 }