public function isValid($ignoreValue)
{
//Warning:
//$ignoreValue is not used because it's valid always
//due to unusual behavior of the Ml_Filter_MagicCookies filter
//this had to be done this way in this specific case
$value = filter_input(INPUT_POST, Ml_Model_MagicCookies::hash_name, FILTER_UNSAFE_RAW);
if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) {
$referer = Zend_Uri::factory($_SERVER['HTTP_REFERER']);
if (!in_array($referer->getHost(), $this->_options['allowed_referer_hosts'])) {
$this->_error(self::MSG_REFERER_HOST_INVALID);
return false;
}
}
$last = Ml_Model_MagicCookies::getLast();
$magicCookiesNamespace = new Zend_Session_Namespace('MagicCookies');
if ($last == $value) {
return true;
}
if (!ctype_xdigit($value)) {
$this->_error(self::MSG_MAGIC_COOKIE_INVALID_FORMAT);
return false;
}
$hexValue = preg_replace('/[^a-f0-9]/', '', $value);
//sanitizing
if ($hexValue != $value) {
$this->_error(self::MSG_MAGIC_COOKIE_ERROR);
return false;
}
if (mb_strlen($hexValue) != Ml_Model_MagicCookies::lenght) {
$this->_error(self::MSG_MAGIC_COOKIE_INVALID_SIZE);
return false;
}
$auth = Zend_Auth::getInstance();
$hashInfo = Ml_Model_MagicCookies::getHashInfo($hexValue);
if (!$hashInfo) {
$this->_error(self::MSG_MAGIC_COOKIE_INVALID);
return false;
}
if (!array_key_exists("uid", $hashInfo) || !array_key_exists("session_id", $hashInfo)) {
$this->_error(self::MSG_MAGIC_COOKIE_ERROR);
return false;
}
if (!is_null($hashInfo['uid']) && $hashInfo['uid'] == $auth->getIdentity() || Zend_Session::getId() == $hashInfo['session_id']) {
return true;
}
$this->_error(self::MSG_MAGIC_COOKIE_INVALID);
return false;
}
public function filter($value)
{
return Ml_Model_MagicCookies::getLast();
}
