Skip to content

Commit 4f56574

Browse files
lonnieezelllonnieezell
committed
App-wide salt now available. Modified the Model to use it.
1 parent 6abeff2 commit 4f56574

File tree

2 files changed

+49
-23
lines changed

2 files changed

+49
-23
lines changed

application/Config/App.php

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -262,24 +262,24 @@ class App extends BaseConfig
262262
| Encryption Key
263263
|--------------------------------------------------------------------------
264264
|
265-
| If you use the Encryption class, or hashed IDs in the model you must set
265+
| If you use the Encryption class you must set
266266
| an encryption key. See the user guide for more info.
267-
|
268-
| This will be available in a global constant, CRYPT_KEY.
269267
*/
270268
public $encryptionKey = '';
271269

272-
//--------------------------------------------------------------------
273-
274-
public function __construct()
275-
{
276-
parent::__construct();
277-
278-
if (! defined('CRYPT_KEY'))
279-
{
280-
define('CRYPT_KEY', $this->encryptionKey);
281-
}
282-
}
270+
/*
271+
|--------------------------------------------------------------------------
272+
| Application Salt
273+
|--------------------------------------------------------------------------
274+
|
275+
| The $salt can be used anywhere within the application that you need
276+
| to provide secure data. It should be different for every application
277+
| and can be of any length, though the more random the characters
278+
| the better.
279+
|
280+
| If you use the Model class' hashedID methods, this must be filled out.
281+
*/
282+
public $salt = '';
283283

284284
//--------------------------------------------------------------------
285285

system/Model.php

Lines changed: 35 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -36,10 +36,13 @@
3636
* @filesource
3737
*/
3838

39+
use CodeIgniter\Config\BaseConfig;
40+
use Config\App;
3941
use Config\Database;
4042
use CodeIgniter\Database\BaseBuilder;
4143
use CodeIgniter\Database\BaseConnection;
4244
use CodeIgniter\Database\ConnectionInterface;
45+
use phpDocumentor\Reflection\DocBlock\Tag\VarTag;
4346

4447
/**
4548
* Class Model
@@ -185,8 +188,9 @@ class Model
185188
* Model constructor.
186189
*
187190
* @param ConnectionInterface $db
191+
* @param BaseConfig $config Config/App()
188192
*/
189-
public function __construct(ConnectionInterface &$db = null)
193+
public function __construct(ConnectionInterface &$db = null, BaseConfig $config = null)
190194
{
191195
if ($db instanceof ConnectionInterface)
192196
{
@@ -197,6 +201,14 @@ public function __construct(ConnectionInterface &$db = null)
197201
$this->db = Database::connect($this->DBGroup);
198202
}
199203

204+
if (is_null($config) || ! isset($config->salt))
205+
{
206+
$config = new App();
207+
}
208+
209+
$this->salt = $config->salt ?: '';
210+
unset($config);
211+
200212
$this->tempReturnType = $this->returnType;
201213
$this->tempUseSoftDeletes = $this->useSoftDeletes;
202214
}
@@ -386,8 +398,14 @@ public function encodeID($id)
386398
}
387399

388400
$id = (int)$id;
389-
if ($id < 1) return false;
390-
if ($id > pow(2,31)) return false;
401+
if ($id < 1)
402+
{
403+
return false;
404+
}
405+
if ($id > pow(2,31))
406+
{
407+
return false;
408+
}
391409

392410
$segment1 = $this->getHash($id,16);
393411
$segment2 = $this->getHash($segment1,8);
@@ -424,17 +442,25 @@ public function decodeID($hash)
424442
return base64_decode($hash);
425443
}
426444

427-
if (! preg_match('/^[A-Z0-9\:\$]{21,23}$/i',$hash)) {return 0;}
445+
if (! preg_match('/^[A-Z0-9\:\$]{21,23}$/i',$hash)) {
446+
return 0;
447+
}
428448
$hash = str_replace(array('$',':'),array('+','/'),$hash);
429449
$bin = base64_decode($hash);
430450
$hex = unpack('H*',$bin); $hex = $hex[1];
431-
if (! preg_match('/^[0-9a-f]{32}$/',$hex)) return 0;
451+
if (! preg_match('/^[0-9a-f]{32}$/',$hex))
452+
{
453+
return 0;
454+
}
432455
$segment1 = substr($hex,0,16);
433456
$segment2 = substr($hex,16,8);
434457
$segment3 = substr($hex,24,8);
435458
$exp2 = $this->getHash($segment1,8);
436459
$exp3 = $this->getHash($segment1.$segment2,8);
437-
if ($segment3 != $exp3) return 0;
460+
if ($segment3 != $exp3)
461+
{
462+
return 0;
463+
}
438464
$v1 = (int)base_convert($segment2,16,10);
439465
$v2 = (int)base_convert($exp2,16,10);
440466
$id = abs($v1-$v2);
@@ -445,8 +471,8 @@ public function decodeID($hash)
445471
//--------------------------------------------------------------------
446472

447473
/**
448-
* Used for our hashed IDs. Requires a CRYPT_KEY to be defined,
449-
* which is handled the first time application/Config/App has been loaded.
474+
* Used for our hashed IDs. Requires $salt to be defined
475+
* within the Config\App file.
450476
*
451477
* @param $str
452478
* @param $len
@@ -455,7 +481,7 @@ public function decodeID($hash)
455481
*/
456482
protected function getHash($str, $len)
457483
{
458-
return substr(sha1($str.CRYPT_KEY),0,$len);
484+
return substr(sha1($str.$this->salt),0,$len);
459485
}
460486

461487
//--------------------------------------------------------------------

0 commit comments

Comments
 (0)