Security.php
This contains Wizard’s Toolkit functions involving encryption and language translation.
All rights reserved.
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Tags
Table of Contents
- wtkPageProtect() : string
- Add function at top of a page to make page require password to view.
- wtkNoBookmark() : null
- wtkNoBookmark
- wtkGeneratePassword() : password
- Pass in how long of a password you want generated.
- wtkGenerateHash() : password
- Generate a hash that can be used for directing to a web page.
- wtkVerifyHashLink() : password
- Pass in hash and if valid will redirect to associated link.
- wtkLang() : string
- Multi-Lingual functionality
Functions
wtkPageProtect()
Add function at top of a page to make page require password to view.
wtkPageProtect(
string
$fncPagePasscode,
string
$fncHTMLtemplate
)
: string
Page will prompt user for password based on parameter passed to this function. Only after correct password is entered is page visible. Once password is successfully entered a cookie is set allowing access to page for one year.
Parameters
- $fncPagePasscode : string
-
The passcode you require to access the page
- $fncHTMLtemplate : string
-
.htm page to use for HTML template; if blank defaults to /wtk/htm/minibox.htm
Return values
string —Function returns user to a user login page or returns user to the content attempting to access.
wtkNoBookmark()
wtkNoBookmark
wtkNoBookmark(
string
$fncMustFrom
,
string
$fncFailGoTo
) : null
This prevents a page from working if it was bookmarked or the link was sent to someone.
If the referer is not what you expect, you can redirect them to any page.
Pass in what page must be referer as first parameter. The second parameter is where to redirect if refer check fails.
Here is an example:
wtkNoBookmark('mydomain.com', 'no2hackers.php');
Parameters
- $fncMustFrom : string
-
what referer page must be
- $fncFailGoTo : string
-
where to redirect to if referer does not match
Return values
null —wtkGeneratePassword()
Pass in how long of a password you want generated.
wtkGeneratePassword
([
number
$fncPwLength =
8 ]
[,
number
$fncComplex =
'Y'
]) :
password
This excludes 1,l,0,O since those are often difficult to determine when viewed.
Example usage:
$pgNewPW = wtkGeneratePassword(12); // creates 12-character password
Parameters
- $fncPwLength : number = 8
-
default 8 ; length of password to generate
- $fncComplex : number = 'Y'
-
default 'Y' ; includes extra characters like !@#%^*()-+}{>
Return values
password —wtkGenerateHash()
Generate a hash that can be used for directing to a web page.
wtkGenerateHash
(
string
$fncAction
,
string
$fncURL
[,
string
$fncSize =
'big'
][
, string
$fncSave =
'Y' ]
) :
password
This excludes 1,l,0,O since those are often difficult to determine when viewed. if third parameter is skipped or 'big' it uses sha256 to generate a hash. It checks to see if hash aleady exists in wtkLinkLogin table; if it does then new hash is created until an unused one is found.
The URL assigned will be redirected to when the hash is verified.
Example usage:
$pgResult = wtkGenerateHash('subscriber', 'https://yourdomain.com/newUser.php?id=123', 'big', 'Y');
Parameters
- $fncAction : string
-
stored in wtkLinkLogin.ActionNotes as method of categorizing
- $fncURL : string
-
where to redirect to when Hash is used
- $fncSize : string = 'big'
-
defaults to 'big' which generates 64-characters hash otherwise generates 8-character hash
- $fncSave : string = 'Y'
-
defaults to 'Y'; when 'Y' verified unique and saves to
wtkLinkLogin
table
Return values
password —hash
wtkVerifyHashLink()
Pass in hash and if valid will redirect to associated link.
wtkVerifyHashLink(
number $fncHash
) :
password
If unique and has not been visited yet, then set SESSION variable and redirect to GoToUrl . If passed to a Wizard’s Toolkit page, wtkLogin.php will recognize SESSION variable exists and will set Security Level to zero so can open page without logging in.
Also set VisitDate in wtkLinkLogin so can never be used again. Plus set $gloOneUse = true. Page redirected to should have code that checks to see if $gloOneUse == true. If so then change buttons to point to a "Thank you" page.
Example usage:
$pgNewPW = wtkGenerateHash(12); // creates 12-character password
Parameters
- $fncHash : number
-
to check for link redirection
Return values
password —wtkLang()
Multi-Lingual functionality
wtkLang(
string
$fncText
) : string
If no language is chosen it uses default in which case original text is returned. Likewise if a translation does not exist in the current language database it returns the original text. This is called automatically by some Wizard Toolkit functions and can also be called directly by developer. When it is called and the language lookup does not exist, it inserts the request into wtkLanguage data table so it can be added later. Back office administration pages ignore translation calls.
Parameters
- $fncText : string
-
to be translated; maximum 150 characters
Tags
Return values
string —translated text; maximum 250 characters