当前位置: 首页>>代码示例>>PHP>>正文


PHP ESAPI::getRandomizer方法代码示例

本文整理汇总了PHP中ESAPI::getRandomizer方法的典型用法代码示例。如果您正苦于以下问题:PHP ESAPI::getRandomizer方法的具体用法?PHP ESAPI::getRandomizer怎么用?PHP ESAPI::getRandomizer使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在ESAPI的用法示例。


在下文中一共展示了ESAPI::getRandomizer方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: setCSRFToken

 /**
  * Calls ESAPI to generate a random token which is then set as a hidden form
  * field and sent to the client as a cookie.
  *
  * @return null
  */
 public function setCSRFToken()
 {
     $this->_tokenValue = ESAPI::getRandomizer()->getRandomString($this->_tokenLength, $this->_tokenCharset);
     // set the form element value
     $this->token->setValue($this->_tokenValue);
     // set the token cookie
     setcookie(self::CSRFCOOKIE, "{$this->_tokenValue}", '0', PUBLIC_ROOT . 'send', '', false, false);
 }
开发者ID:louiesabado,项目名称:simple-php-contact-form,代码行数:14,代码来源:Contact.php

示例2: getUniqueRandomReference

 /**
  * Create a new random reference that is guaranteed to be unique.
  *
  *  @return
  *  	a random reference that is guaranteed to be unique
  */
 function getUniqueRandomReference()
 {
     $candidate = null;
     do {
         $candidate = ESAPI::getRandomizer()->getRandomString(6, "123456789");
     } while ($this->itod->offsetExists($candidate));
     return $candidate;
 }
开发者ID:AnvilStriker,项目名称:owasp-esapi-php,代码行数:14,代码来源:RandomAccessReferenceMap.php

示例3: _log

 /**
  * Helper function.
  *
  * If the supplied logging level is at or above the current logging
  * threshold then log the message after optionally encoding any special
  * characters that might be dangerous when viewed by an HTML based log
  * viewer. Also encode any carriage returns and line feeds to prevent log
  * injection attacks. This logs all the supplied parameters: level, event
  * type, whether the event represents success or failure and the log
  * message. In addition, the application name, logger name/category, local
  * IP address and port, the identity of the user and their source IP
  * address, a logging specific user session ID, and the current date/time
  * are also logged.
  * If the supplied logging level is below the current logging threshold then
  * the message will be discarded.
  *
  * @param int       $level     the priority level of the event - an Logger Level
  *                             constant.
  * @param int       $type      the type of the event - an Logger Event constant.
  * @param bool      $success   TRUE indicates this was a successful
  *                             event, FALSE indicates this was a failed event
  *                             (the typical value).
  * @param string    $message   the message to be logged.
  * @param Exception $throwable The throwable Exception.
  *
  * @return does not return a value.
  */
 private function _log($level, $type, $success, $message, $throwable)
 {
     // If this log level is below the threshold we can quit now.
     $logLevel = self::_convertESAPILeveltoLoggerLevel($level);
     if (!$this->_log4php->isEnabledFor($logLevel)) {
         return;
     }
     $encoder = ESAPI::getEncoder();
     $secConfig = ESAPI::getSecurityConfiguration();
     // Add some context to log the message.
     $context = '';
     // The output of log level is handled here instead of providing a
     // LayoutPattern to Log4PHP.  This allows us to print TRACE instead of
     // ALL and WARNING instead of WARN.
     $levelStr = $logLevel->toString();
     if ($levelStr == 'ALL') {
         $levelStr = 'TRACE';
     } elseif ($levelStr == 'WARN') {
         $levelStr = 'WARNING';
     }
     $context .= $levelStr;
     // Application name.
     // $this->appName is set only if it is to be logged.
     if ($this->_appName !== null) {
         $context .= ' ' . $this->_appName;
     }
     // Logger name (Category in Log4PHP parlance)
     $context .= ' ' . $this->_log4phpName;
     // Event Type
     if (!is_string($type)) {
         $type = 'EVENT_UNKNOWN';
     }
     $context .= ' ' . $type;
     // Success or Failure of Event
     if ($success === true) {
         $context .= '-SUCCESS';
     } else {
         $context .= '-FAILURE';
     }
     $request = ESAPI::getHttpUtilities()->getCurrentRequest();
     if ($request === null) {
         $request = new SafeRequest();
         ESAPI::getHttpUtilities()->setCurrentHTTP($request);
     }
     $laddr = $request->getServerName();
     if ($laddr === '') {
         $laddr = 'UnknownLocalHost';
     }
     $lport = $request->getServerPort();
     $ruser = $request->getRemoteUser();
     if ($ruser === '') {
         $ruser = 'AnonymousUser';
     }
     $raddr = $request->getRemoteAddr();
     if ($raddr === '') {
         $raddr = 'UnknownRemoteHost';
     }
     $context .= " {$laddr}:{$lport} {$ruser}@{$raddr}";
     // create a random session number for the user to represent the
     // user's session, if it doesn't exist already
     $userSessionIDforLogging = 'SessionUnknown';
     if (isset($_SESSION)) {
         if (isset($_SESSION['DefaultAuditor']) && isset($_SESSION['DefaultAuditor']['SessionIDForLogging'])) {
             $userSessionIDforLogging = $_SESSION['DefaultAuditor']['SessionIDForLogging'];
         } else {
             try {
                 $userSessionIDforLogging = (string) ESAPI::getRandomizer()->getRandomInteger(0, 1000000);
                 $_SESSION['DefaultAuditor']['SessionIDForLogging'] = $userSessionIDforLogging;
             } catch (Exception $e) {
                 // continue
             }
         }
     }
//.........这里部分代码省略.........
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:101,代码来源:DefaultAuditor.php

示例4: setCSRFToken

 /**
  * Sets the CSRF Token for the current session.  If the session has not been
  * started at the time this method is called then the token will not be
  * generated.
  */
 public function setCSRFToken()
 {
     if (!isset($_SESSION)) {
         return null;
     }
     if (!array_key_exists('ESAPI', $_SESSION)) {
         $_SESSION['ESAPI'] = array('HTTPUtilities' => array('CSRFToken' => ''));
     } elseif (!array_key_exists('HTTPUtilities', $_SESSION['ESAPI'])) {
         $_SESSION['ESAPI']['HTTPUtilities'] = array('CSRFToken' => '');
     }
     $_SESSION['ESAPI']['HTTPUtilities']['CSRFToken'] = ESAPI::getRandomizer()->getRandomGUID();
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:17,代码来源:DefaultHTTPUtilities.php

示例5: generateStrongPassword

 /**
  * Generate strong password that takes into account the user's information and old password. Implementations
  * should verify that the new password does not include information such as the username, fragments of the
  * old password, and other information that could be used to weaken the strength of the password.
  *
  * @param user
  * 		the user whose information to use when generating password
  * @param oldPassword
  * 		the old password to use when verifying strength of new password.  The new password may be checked for fragments of oldPassword.
  *
  * @return
  * 		a password with strong password strength
  */
 function generateStrongPassword($user = null, $oldPassword = null)
 {
     $randomizer = ESAPI::getRandomizer();
     $letters = $randomizer->getRandomInteger(4, 6);
     $digits = 7 - $letters;
     $passLetters = $randomizer->getRandomString($letters, DefaultEncoder::CHAR_PASSWORD_LETTERS);
     $passDigits = $randomizer->getRandomString($digits, DefaultEncoder::CHAR_PASSWORD_DIGITS);
     $passSpecial = $randomizer->getRandomString(1, DefaultEncoder::CHAR_PASSWORD_SPECIALS);
     $newPassword = $passLetters . $passSpecial . $passDigits;
     if ($this->isValidString($newPassword) && $this->isValidString($user)) {
         $this->logger->info(ESAPILogger::SECURITY, TRUE, "Generated strong password for " . $user->getAccountName());
     }
     return $newPassword;
 }
开发者ID:neelaryan,项目名称:mutillidae,代码行数:27,代码来源:FileBasedAuthenticator.php

示例6: __construct

 public function __construct($accountName)
 {
     $this->setAccountName($accountName);
     //TODO: Not the best way IMHO. I'd rather call the method via factory object each time. Needs discussion..
     $this->IDLE_TIMEOUT_LENGTH = ESAPI::getSecurityConfiguration()->getSessionIdleTimeoutLength();
     $this->ABSOLUTE_TIMEOUT_LENGTH = ESAPI::getSecurityConfiguration()->getSessionAbsoluteTimeoutLength();
     do {
         $id = ESAPI::getRandomizer()->getRandomLong();
         if (ESAPI::getAuthenticator()->getUserById($id) == null && $id != 0) {
             $this->setAccountID($id);
         }
     } while ($this->getAccountID() == 0);
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:13,代码来源:DefaultUser.php

示例7: getRandomAlphaNumString

/**
 * Helper method returns a random string of alphanumeric characters of the
 * supplied length.
 *
 * @param int $len Length of the required string.
 *
 * @return string A string of $len alphanumeric characters.
 */
function getRandomAlphaNumString($len)
{
    if (empty($len)) {
        return null;
    }
    ESAPI::getEncoder();
    return ESAPI::getRandomizer()->getRandomString($len, Encoder::CHAR_ALPHANUMERICS);
}
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:16,代码来源:TestHelpers.php

示例8: testDecodeFromBase64

 /**
  * Test of decodeFromBase64 method, of class Encoder.
  */
 public function testDecodeFromBase64()
 {
     $instance = ESAPI::getEncoder();
     for ($i = 0; $i < 100; $i++) {
         try {
             $unencoded = ESAPI::getRandomizer()->getRandomString(20, Encoder::CHAR_SPECIALS);
             $encoded = $instance->encodeForBase64($unencoded, ESAPI::getRandomizer()->getRandomBoolean());
             $decoded = $instance->decodeFromBase64($encoded);
             $this->assertEquals($unencoded, $decoded);
         } catch (Exception $unexpected) {
             $this->fail();
         }
     }
     for ($i = 0; $i < 100; $i++) {
         try {
             // get a string of 20 char_specials.
             $unencoded = ESAPI::getRandomizer()->getRandomString(20, Encoder::CHAR_SPECIALS);
             // encode the string of char_specials and then prepend an alplanum
             $encoded = ESAPI::getRandomizer()->getRandomString(1, Encoder::CHAR_ALPHANUMERICS) . $instance->encodeForBase64($unencoded, ESAPI::getRandomizer()->getRandomBoolean());
             // decoding the encoded (and prepended to) string
             $decoded = $instance->decodeFromBase64($encoded);
             // the decoded result should not equal the original string of 20 char_specials.
             $this->assertNotEquals($unencoded, $decoded);
         } catch (Exception $unexpected) {
             $this->fail();
             // Note: java expects an IO exception, but base64_decode() doesn't throw one
         }
     }
     // Test decode single character
     $this->assertEquals('', $instance->decodeFromBase64('0'));
     $this->assertEquals('', $instance->decodeFromBase64('1'));
     $this->assertEquals('', $instance->decodeFromBase64('a'));
     $this->assertEquals('', $instance->decodeFromBase64('A'));
     $this->assertEquals('', $instance->decodeFromBase64('\\'));
     $this->assertEquals('', $instance->decodeFromBase64('+'));
     $this->assertEquals('', $instance->decodeFromBase64('='));
     $this->assertEquals('', $instance->decodeFromBase64('-'));
 }
开发者ID:najamelan,项目名称:PHP-ESAPI,代码行数:41,代码来源:EncoderTest.php

示例9: handleError

 * ------------------------------------------ */
/*
if (!is_object($_SESSION["Objects"]["ESAPIHandler"])){
	$_SESSION["Objects"]["ESAPIHandler"] = new ESAPI(__ROOT__.'/owasp-esapi-php/src/ESAPI.xml');
	$_SESSION["Objects"]["ESAPIEncoder"] = $_SESSION["Objects"]["ESAPIHandler"]->getEncoder();
	$_SESSION["Objects"]["ESAPIRandomizer"] = $_SESSION["Objects"]["ESAPIHandler"]->getRandomizer();
}// end if

// Set up an alias by reference so object can be referenced in memory without copying
$ESAPI = &$_SESSION["Objects"]["ESAPIHandler"];
$Encoder = &$_SESSION["Objects"]["ESAPIEncoder"];
$ESAPIRandomizer = &$_SESSION["Objects"]["ESAPIRandomizer"];
*/
$ESAPI = new ESAPI(__ROOT__ . '/owasp-esapi-php/src/ESAPI.xml');
$Encoder = $ESAPI->getEncoder();
$ESAPIRandomizer = $ESAPI->getRandomizer();
/* ------------------------------------------
 * Test for database availability
 * ------------------------------------------ */
function handleError($errno, $errstr, $errfile, $errline, array $errcontext)
{
    /*
    restore_error_handler();
    restore_exception_handler();
    header("Location: database-offline.php", true, 302);
    exit();
    */
}
// end function
function handleException($exception)
{
开发者ID:neelaryan,项目名称:mutillidae,代码行数:31,代码来源:index.php

示例10: testGetRandomFilenameLengthWithExtension

 function testGetRandomFilenameLengthWithExtension()
 {
     $instance = ESAPI::getRandomizer();
     $result = $instance->getRandomFilename('.php');
     $this->assertEquals(20, strlen($result));
 }
开发者ID:AnvilStriker,项目名称:owasp-esapi-php,代码行数:6,代码来源:RandomizerTest.php


注:本文中的ESAPI::getRandomizer方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。