2013-11-01 08:15:14 +08:00
|
|
|
<?php
|
|
|
|
/**
|
2016-07-11 17:58:15 +08:00
|
|
|
* PrivateBin
|
2013-11-01 08:15:14 +08:00
|
|
|
*
|
|
|
|
* a zero-knowledge paste bin
|
|
|
|
*
|
2016-07-11 17:58:15 +08:00
|
|
|
* @link https://github.com/PrivateBin/PrivateBin
|
2013-11-01 08:15:14 +08:00
|
|
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
2016-07-19 19:56:52 +08:00
|
|
|
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
2018-07-01 19:11:32 +08:00
|
|
|
* @version 1.2
|
2013-11-01 08:15:14 +08:00
|
|
|
*/
|
2016-12-13 01:43:23 +08:00
|
|
|
|
2016-12-13 01:49:08 +08:00
|
|
|
namespace PrivateBin\Persistence;
|
2016-07-21 23:09:48 +08:00
|
|
|
|
|
|
|
use Exception;
|
|
|
|
|
2013-11-01 08:15:14 +08:00
|
|
|
/**
|
2016-08-09 17:54:42 +08:00
|
|
|
* ServerSalt
|
2013-11-01 08:15:14 +08:00
|
|
|
*
|
2016-07-11 17:58:15 +08:00
|
|
|
* This is a random string which is unique to each PrivateBin installation.
|
2013-11-01 08:15:14 +08:00
|
|
|
* It is automatically created if not present.
|
|
|
|
*
|
|
|
|
* Salt is used:
|
2016-07-11 17:58:15 +08:00
|
|
|
* - to generate unique VizHash in discussions (which are not reproductible across PrivateBin servers)
|
|
|
|
* - to generate unique deletion token (which are not re-usable across PrivateBin servers)
|
2013-11-01 08:15:14 +08:00
|
|
|
*/
|
2016-08-09 17:54:42 +08:00
|
|
|
class ServerSalt extends AbstractPersistence
|
2013-11-01 08:15:14 +08:00
|
|
|
{
|
2016-08-11 05:15:06 +08:00
|
|
|
/**
|
|
|
|
* file where salt is saved to
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private static $_file = 'salt.php';
|
|
|
|
|
2013-11-01 08:15:14 +08:00
|
|
|
/**
|
2015-08-16 21:55:31 +08:00
|
|
|
* generated salt
|
|
|
|
*
|
2013-11-01 08:15:14 +08:00
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
private static $_salt = '';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* generate a large random hexadecimal salt
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @static
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public static function generate()
|
|
|
|
{
|
2016-08-11 05:15:06 +08:00
|
|
|
$randomSalt = bin2hex(random_bytes(256));
|
2015-08-28 03:41:21 +08:00
|
|
|
return $randomSalt;
|
2013-11-01 08:15:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get server salt
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @static
|
2015-08-28 03:41:21 +08:00
|
|
|
* @throws Exception
|
2013-11-01 08:15:14 +08:00
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public static function get()
|
|
|
|
{
|
2016-07-26 14:19:35 +08:00
|
|
|
if (strlen(self::$_salt)) {
|
|
|
|
return self::$_salt;
|
|
|
|
}
|
2013-11-01 08:15:14 +08:00
|
|
|
|
2016-08-11 05:15:06 +08:00
|
|
|
if (self::_exists(self::$_file)) {
|
|
|
|
if (is_readable(self::getPath(self::$_file))) {
|
|
|
|
$items = explode('|', file_get_contents(self::getPath(self::$_file)));
|
2016-08-09 17:54:42 +08:00
|
|
|
}
|
|
|
|
if (!isset($items) || !is_array($items) || count($items) != 3) {
|
2016-08-11 05:15:06 +08:00
|
|
|
throw new Exception('unable to read file ' . self::getPath(self::$_file), 20);
|
2015-08-28 03:41:21 +08:00
|
|
|
}
|
|
|
|
self::$_salt = $items[1];
|
|
|
|
} else {
|
|
|
|
self::$_salt = self::generate();
|
2013-02-25 00:41:32 +08:00
|
|
|
self::_store(
|
2016-08-11 05:15:06 +08:00
|
|
|
self::$_file,
|
2018-07-29 21:50:36 +08:00
|
|
|
'<?php # |' . self::$_salt . '|'
|
2013-02-25 00:41:32 +08:00
|
|
|
);
|
2013-11-01 08:15:14 +08:00
|
|
|
}
|
2015-08-28 03:41:21 +08:00
|
|
|
return self::$_salt;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* set the path
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @static
|
|
|
|
* @param string $path
|
|
|
|
*/
|
|
|
|
public static function setPath($path)
|
|
|
|
{
|
2016-07-26 14:19:35 +08:00
|
|
|
self::$_salt = '';
|
2015-08-28 03:41:21 +08:00
|
|
|
parent::setPath($path);
|
2013-11-01 08:15:14 +08:00
|
|
|
}
|
|
|
|
}
|