class Sec

Class Sec

Constants

JWT_ALG_HS256

JWT_ALG_RS256

Methods

aes_decrypt($string, $key = false) deprecated

No description

string
aes_decrypt_ctr(string $string, string $key = null)

AES Counter Decryption (PHP Based)

string
aes_encrypt($string, $key = false) deprecated

encrypts a string and returns a binary string

string
aes_encrypt_ctr(string $string, string $key = null)

AES Counter Encryption (PHP Based)

mixed
execute_circumventing_rights(mixed $callback, mixed $params = array())

Executes a given callback in CMD mode, thus circumventing any rights DO NOT USE LIGHTLY!!! This primarily aims at allowing reference and link resolval!

string|string[]
filename($filename)

Make sure a filename does not contain any directory characters to prevent unallowed traversals

string
generateJWTToken(string $secret, User $user = null, array $customPayload = [])

Generates a JWT Token.

string
generate_password(int $length = 8, int $strength = 7)

Wrapper for pronouncable password

string
generate_pronouncable_password(int $length = 8, int $strength = 7)

Generate pronouncable password

generate_random_password(int $length = 8, int $strength = 7)

Returns a generated password string

string
generate_totp_secret()

Generates a Secret for TOTP Authentication

int
get_password_score(mixed $password)

Check how good a password is (Score > 4 is acceptable, Score > 7 is good)

init()

No description

string|null
input(string $string, array $options = array('xss', 'sql'))

Filter INPUT based on certain rules:

  • XSS: Encode ALL Special Chars ('"<>& and chars with ASCII value less 32)

array
input_array(array $array, string $filterType = 'intcast')

Takes an array and casts values / escapes values according to type

bool
isValidJWTToken(string $token, string|resource $secretOrPublicKeyInfo = null, string $alg = self::JWT_ALG_HS256, array $header = [], array $payload = [])

Will check the standard security criteria of the supplied JWT Token If no security (expiration, signature) is provided, this method will only decode the token

iv_decrypt()

No description

iv_encrypt($string)

No description

bool
sendContentSecurityPolicyHeaderForUserUpload(string $fileExtension = null)

Send CSP Headers for files that are user uploads to prevent persistent XSS attacks when users upload files Function will send headers based on filetype and system configuration

Details

at line 151
aes_decrypt($string, $key = false) deprecated

deprecated User aes_decrypt_ctr

No description

Parameters

$string
$key

at line 202
string aes_decrypt_ctr(string $string, string $key = null)

AES Counter Decryption (PHP Based)

Parameters

string $string

(Output from aes_encrypt_ctr, with included ::random bytes param)

string $key

Optional Key Extension

Return Value

string

decrypted

at line 139
string aes_encrypt($string, $key = false) deprecated

deprecated Use aes_encrypt_ctr

encrypts a string and returns a binary string

Parameters

$string
$key

Return Value

string

encrypted string

at line 167
string aes_encrypt_ctr(string $string, string $key = null)

AES Counter Encryption (PHP Based)

Parameters

string $string
string $key

Optional Key Extension

Return Value

string

encrypted

at line 370
string calculate_totp_code($secret, null $timeSlice = null)

Parameters

$secret
null $timeSlice

Return Value

string

at line 342
mixed execute_circumventing_rights(mixed $callback, mixed $params = array())

Executes a given callback in CMD mode, thus circumventing any rights DO NOT USE LIGHTLY!!! This primarily aims at allowing reference and link resolval!

Parameters

mixed $callback
mixed $params

Return Value

mixed

at line 561
string|string[] filename($filename)

Make sure a filename does not contain any directory characters to prevent unallowed traversals

Parameters

$filename

Return Value

string|string[]

at line 433
string generateJWTToken(string $secret, User $user = null, array $customPayload = [])

Generates a JWT Token.

Parameters

string $secret
User $user
array $customPayload

Allowing to add or override payload of JWT Token

Return Value

string

See also

https://dev.to/robdwaller/how-to-create-a-json-web-token-using-php-3gml for a JWT PHP How-to
https://jwt.io/ to test the generated JWT

at line 223
string generate_password(int $length = 8, int $strength = 7)

Wrapper for pronouncable password

Parameters

int $length

Length of the password

int $strength

Strength of the password (Set as bits: 1-include Capital Consonants, 2-include capital vowels, 4-include numbers, 8-include special chars)

Return Value

string

Password

at line 259
string generate_pronouncable_password(int $length = 8, int $strength = 7)

Generate pronouncable password

Parameters

int $length

Length of the password

int $strength

Strength of the password (Set as bits: 1-include Capital Consonants, 2-include capital vowels, 4-include numbers, 8-include special chars)

Return Value

string

Password

at line 233
generate_random_password(int $length = 8, int $strength = 7)

Returns a generated password string

Parameters

int $length
int $strength

Strength of the password (Set as bits: 1-include Capital Consonants, 2-include capital vowels, 4-include numbers, 8-include special chars)

at line 401
string generate_totp_secret()

Generates a Secret for TOTP Authentication

Return Value

string

Base32 Secret to be used in TOTP Methods

at line 303
int get_password_score(mixed $password)

Check how good a password is (Score > 4 is acceptable, Score > 7 is good)

Parameters

mixed $password

Return Value

int

score (0 - 12)

at line 16
init()

No description

at line 30
string|null input(string $string, array $options = array('xss', 'sql'))

Filter INPUT based on certain rules:

  • XSS: Encode ALL Special Chars ('"<>& and chars with ASCII value less 32)

Parameters

string $string

array of strings or a string to escape

array $options

Array or simple string like 'sql', 'xss', 'filename', 'nohtml'

Return Value

string|null

escaped string

at line 98
array input_array(array $array, string $filterType = 'intcast')

Takes an array and casts values / escapes values according to type

Parameters

array $array

1-Dim Array

string $filterType

(intcast, sql, xss)

Return Value

array

at line 476
bool isValidJWTToken(string $token, string|resource $secretOrPublicKeyInfo = null, string $alg = self::JWT_ALG_HS256, array $header = [], array $payload = [])

Will check the standard security criteria of the supplied JWT Token If no security (expiration, signature) is provided, this method will only decode the token

Parameters

string $token

The RAW encoded token, e.g. abd3ad.aAD4ad.a9dadkmc-as-ad_d

string|resource $secretOrPublicKeyInfo

Supply Secret for HS256, Supply PublicKey or URL to Keys for RS256

string $alg

HS256 or RS256 are supported

array $header
array $payload

Return Value

bool

at line 418
iv_decrypt()

No description

at line 414
iv_encrypt($string)

No description

Parameters

$string

at line 600
sendContentSecurityPolicyHeader()

Send CSP Header

at line 573
bool sendContentSecurityPolicyHeaderForUserUpload(string $fileExtension = null)

Send CSP Headers for files that are user uploads to prevent persistent XSS attacks when users upload files Function will send headers based on filetype and system configuration

Parameters

string $fileExtension

(e.g. pdf or .pdf )

Return Value

bool