function get_chain_verification_results($chain_length, $url)
{
    $result_array = array();
    $tag = str_replace('.', '_', get_domain_from_url($url));
    for ($x = 0; $x < $chain_length; $x++) {
        $result = file_get_contents(CDIR . $tag . '_result' . $x . '.txt');
        preg_match("/0x\\S+\\s(\\w+)\n/", $result, $matches);
        array_push($result_array, $matches[1]);
    }
    return $result_array;
}
}
// var_dump($urls);
// echo "<br/>urls: [".$urls."]";
// TESTS
// $var_test = ()? PASS:FAIL;
$verify_url_test = $urls == $expected ? PASS : FAIL;
echo "<br/>verify_url_test: [" . $verify_url_test . "]";
$array_test = verify_chain($good_array) == 1 && verify_chain($bad_array) != 1 ? PASS : FAIL;
echo "<br/>array_test: [" . $array_test . "]";
$get_url_test = get_url($bofa_json) == $bofa_url ? PASS : get_url($bofa_json);
echo "<br/>get_url_test: [" . $get_url_test . "]";
$get_empty_url_test = get_url(null) == '' ? PASS : get_url(null);
echo "<br/>get_empty_url_test: [" . $get_empty_url_test . "]";
$match_domains_test = match_urls('www.foo.bar', 'xxx.foo.bar') && match_urls('www.foo.bar', '*.foo.bar') && match_urls('foo.bar', '*.foo.bar') && match_urls('foo.bar', 'www.foo.bar') && match_urls('cert-002.blockchain.info', 'www.blockchain.info') ? PASS : FAIL;
echo "<br/>match_domains_test: [" . $match_domains_test . "]";
$get_domain_from_url_test = get_domain_from_url($bofa_url) == 'www.bankofamerica.com' ? PASS : FAIL;
echo "<br/>get_domain_from_url_test: [" . $get_domain_from_url_test . "]";
$nothing = verify_domain_json(null);
$null_test = $nothing["company_name"] == "" && $nothing["verification_result"] == 'FAIL' && $nothing["url_matching"] == 'false' ? PASS : FAIL;
echo "<br/>null_test: [" . $null_test . "]";
if ($null_test == FAIL) {
    var_dump($nothing);
}
$blank = verify_domain_json('');
$blank_test = $blank["company_name"] == "" && $blank["verification_result"] == 'FAIL' && $blank["url_matching"] == 'false' ? PASS : FAIL;
echo "<br/>blank_test: [" . $blank_test . "]";
if ($blank_test == FAIL) {
    var_dump($blank);
}
$empty = verify_domain_json(' ');
$empty_test = $empty["company_name"] == "" && $empty["verification_result"] == 'FAIL' && $empty["url_matching"] == 'false' ? PASS : FAIL;
function the_marchand($string)
{
    $marchand = explode(';', $string);
    foreach ($marchand as $a_marchand) {
        echo '<a href="' . $a_marchand . '">' . get_domain_from_url($a_marchand) . '</a>';
    }
}
function verify_sns($message, $region, $account, $topics)
{
    $msg = json_decode($message);
    // Check that region, account and topic match
    $topicarn = explode(':', $msg->TopicArn);
    if ($topicarn[3] != $region || $topicarn[4] != $account || !in_array($topicarn[5], $topics)) {
        return false;
    }
    $_region = $topicarn[3];
    $_account = $topicarn[4];
    $_topic = $topicarn[5];
    // Check that the domain in message ends with '.amazonaws.com'
    if (!endswith(get_domain_from_url($msg->SigningCertURL), '.amazonaws.com')) {
        return false;
    }
    // Load certificate and extract public key from it
    $surl = $msg->SigningCertURL;
    $curlOptions = array(CURLOPT_URL => $surl, CURLOPT_VERBOSE => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_SSL_VERIFYPEER => TRUE, CURLOPT_SSL_VERIFYHOST => 2);
    $ch = curl_init();
    curl_setopt_array($ch, $curlOptions);
    $cert = curl_exec($ch);
    $pubkey = openssl_get_publickey($cert);
    if (!$pubkey) {
        return false;
    }
    // Generate a message string for comparison in Amazon-specified format
    $text = "";
    if ($msg->Type == 'Notification') {
        $text .= "Message\n";
        $text .= $msg->Message . "\n";
        $text .= "MessageId\n";
        $text .= $msg->MessageId . "\n";
        if (isset($msg->Subject)) {
            if ($msg->Subject != "") {
                $text .= "Subject\n";
                $text .= $msg->Subject . "\n";
            }
        }
        $text .= "Timestamp\n";
        $text .= $msg->Timestamp . "\n";
        $text .= "TopicArn\n";
        $text .= $msg->TopicArn . "\n";
        $text .= "Type\n";
        $text .= $msg->Type . "\n";
    } elseif ($msg->Type == 'SubscriptionConfirmation') {
        $text .= "Message\n";
        $text .= $msg->Message . "\n";
        $text .= "MessageId\n";
        $text .= $msg->MessageId . "\n";
        $text .= "SubscribeURL\n";
        $text .= $msg->SubscribeURL . "\n";
        $text .= "Timestamp\n";
        $text .= $msg->Timestamp . "\n";
        $text .= "Token\n";
        $text .= $msg->Token . "\n";
        $text .= "TopicArn\n";
        $text .= $msg->TopicArn . "\n";
        $text .= "Type\n";
        $text .= $msg->Type . "\n";
    } else {
        return false;
    }
    // Get a raw binary message signature
    $signature = base64_decode($msg->Signature);
    // ..and finally, verify the message
    if (openssl_verify($text, $signature, $pubkey, OPENSSL_ALGO_SHA1)) {
        return true;
    }
    return false;
}
Beispiel #5
0
|
*/
$config['cookie_prefix'] = '';
$config['cookie_path'] = '/';
$config['cookie_httponly'] = TRUE;
if (defined('CONF_COOKIE_DOMAIN')) {
    //	The developer has specified the specific domain to use for cookies
    $config['cookie_domain'] = CONF_COOKIE_DOMAIN;
} else {
    //	No specific domain has been specified, set a cookie which spans
    //	the use of all specified BASE_URLs, i.e BASE_URL and SECURE_BASE_URL
    $config['cookie_domain'] = '';
    //	Are the BASE_URL and SECURE_BASE_URL on the same domain?
    // if so, cool, if not then...
    $_base_domain = get_domain_from_url(BASE_URL);
    $_secure_base_domain = defined('SECURE_BASE_URL') ? get_domain_from_url(SECURE_BASE_URL) : $_base_domain;
    if ($_base_domain == $_secure_base_domain) {
        //	If the two match, then define it
        $config['cookie_domain'] = $_base_domain;
    } else {
        $_ERROR = 'The <code>BASE_URL</code> and <code>SECURE_BASE_URL</code> constants do not share the same domain, this can cause issues with sessions.';
        include NAILS_PATH . 'errors/startup_error.php';
    }
}
/*
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered