PHP 클래스 csrfProtector, TeamPass

파일 보기 프로젝트 열기: nilsteampassnet/TeamPass 1 사용 예제들

공개 프로퍼티들

프로퍼티	타입	설명
$config		* Variable: $config config file for CSRFProtector
$cookieExpiryTime		* Variable: $cookieExpiryTime expiry time for cookie
$requiredConfigurations		* Variable: $requiredConfigurations Contains list of those parameters that are required to be there in config file for csrfp to work

보호된 프로퍼티들

프로퍼티	타입	설명
$requestType		* Variable: $requestType Varaible to store weather request type is post or get

공개 메소드들

메소드	설명
authorizePost ( )	* Function: authorizePost function to authorise incoming post requests
generateAuthToken ( )	* Function: generateAuthToken function to generate random hash of length as given in parameter max length = 128
init ( $length = null, $action = null )	* Function: init
isURLallowed ( )	* Function: isURLallowed Function to check if a url mataches for any urls Listed in config file
ob_handler ( $buffer, $flags )	* Function: ob_handler Rewrites on the fly to add CSRF tokens to them. This can also inject our JavaScript library.
refreshToken ( )	* Function: refreshToken Function to set auth cookie

비공개 메소드들

메소드	설명
failedValidationAction ( )	* Function: failedValidationAction function to be called in case of failed validation performs logging and take appropriate action
getCurrentUrl ( )	* Function: getCurrentUrl Function to return current url of executing page
isValidToken ( $token )	* Function: isValidToken function to check the validity of token in session array Function also clears all tokens older than latest one
logCSRFattack ( )	* Function: logCSRFattack Functio to log CSRF Attack

메소드 상세

authorizePost() 공개 정적인 메소드

Parameters: void Returns: void Throws: logDirectoryNotFoundException - if log directory is not found

public static authorizePost ( )

generateAuthToken() 공개 정적인 메소드

Parameters: length to hash required, int Returns: string, token

public static generateAuthToken ( )

init() 공개 정적인 메소드

function to initialise the csrfProtector work flow Parameters: $length - length of CSRF_AUTH_TOKEN to be generated $action - int array, for different actions to be taken in case of failed validation Returns: void Throws: configFileNotFoundException - when configuration file is not found incompleteConfigurationException - when all required fields in config file are not available

public static init ( $length = null, $action = null )

isURLallowed() 공개 정적인 메소드

Parameters: void Returns: boolean - true is url need no validation, false if validation needed

public static isURLallowed ( )

ob_handler() 공개 정적인 메소드

Parameters: $buffer - output buffer to which all output are stored $flag - INT Return: string, complete output buffer

public static ob_handler ( $buffer, $flags )

refreshToken() 공개 정적인 메소드

Parameters: void Returns: void

public static refreshToken ( )

프로퍼티 상세

$config 공개적으로 정적으로 프로퍼티

* Variable: $config config file for CSRFProtector

public static $config

$cookieExpiryTime 공개적으로 정적으로 프로퍼티

* Variable: $cookieExpiryTime expiry time for cookie

public static $cookieExpiryTime

$requestType 보호되어 있는 정적으로 프로퍼티

* Variable: $requestType Varaible to store weather request type is post or get

protected static $requestType

$requiredConfigurations 공개적으로 정적으로 프로퍼티

* Variable: $requiredConfigurations Contains list of those parameters that are required to be there in config file for csrfp to work

public static $requiredConfigurations