function yourls_check_signature_timestamp()
{
// Timestamp in PHP : time()
// Timestamp in JS: parseInt(new Date().getTime() / 1000)
global $yourls_user_passwords;
foreach ($yourls_user_passwords as $valid_user => $valid_password) {
if ((md5($_REQUEST['timestamp'] . yourls_auth_signature($valid_user)) == $_REQUEST['signature'] or md5(yourls_auth_signature($valid_user) . $_REQUEST['timestamp']) == $_REQUEST['signature']) && yourls_check_timestamp($_REQUEST['timestamp'])) {
yourls_set_user($valid_user);
return true;
}
}
return false;
}
/**
* Check auth against signature and timestamp. Sets user if applicable, returns bool
*
*
* @since 1.4.1
* @return bool False if signature or timestamp missing or invalid, true if valid
*/
function yourls_check_signature_timestamp()
{
if (!isset($_REQUEST['signature']) or empty($_REQUEST['signature']) or !isset($_REQUEST['timestamp']) or empty($_REQUEST['timestamp'])) {
return false;
}
// Timestamp in PHP : time()
// Timestamp in JS: parseInt(new Date().getTime() / 1000)
// Check signature & timestamp against all possible users
global $yourls_user_passwords;
foreach ($yourls_user_passwords as $valid_user => $valid_password) {
if ((md5($_REQUEST['timestamp'] . yourls_auth_signature($valid_user)) == $_REQUEST['signature'] or md5(yourls_auth_signature($valid_user) . $_REQUEST['timestamp']) == $_REQUEST['signature']) && yourls_check_timestamp($_REQUEST['timestamp'])) {
yourls_set_user($valid_user);
return true;
}
}
// Signature doesn't match known user
return false;
}
