function test_verifyMd5Hash()
{
//Arrange
$prefix = null;
$sharedKey = "zaqxswcdevfrbgtnhymjukiloZAQCDEFRBGTNHYMJUKILOPlkjhgfdsapoiuytrewqmnbvcx";
$expectedPlaceInqueue = 7810;
$expectedQueueId = "fe070f51-5548-403c-9f0a-2626c15cb81b";
$placeInQueueEncrypted = "3d20e598-0304-474f-87e8-371a34073d3b";
$unixTimestamp = 1360241766;
$expectedTimeStamp = new DateTime("2013-02-07 12:56:06", new DateTimeZone("UTC"));
$expectedCustomerId = "somecust";
$expectedEventId = "someevent";
$expectedOriginalUrl = "http://www.example.com/test.aspx?prop=value";
$expectedRedirectType = RedirectType::Queue;
$urlNoHash = $expectedOriginalUrl . "?" . $prefix . "c=somecust&" . $prefix . "e=someevent&" . $prefix . "q=" . $expectedQueueId . "&" . $prefix . "p=" . $placeInQueueEncrypted . "&" . $prefix . "ts=" . $unixTimestamp . "&" . $prefix . "rt=queue&" . $prefix . "h=";
$expectedHash = md5(utf8_encode($urlNoHash . $sharedKey));
$url = $urlNoHash . $expectedHash;
$urlProvider = new MockUrlProvider($url, $expectedOriginalUrl, $expectedQueueId, $placeInQueueEncrypted, (string) $unixTimestamp, $expectedCustomerId, $expectedEventId, "queue");
//Act
$knownUser = QueueIT\Security\KnownUserFactory::verifyMd5Hash($sharedKey, $urlProvider, $prefix);
$this->assertNotNull($knownUser);
$this->assertEqual($expectedQueueId, $knownUser->getQueueId());
$this->assertEqual($expectedPlaceInqueue, $knownUser->getPlaceInQueue());
$this->assertEqual($expectedTimeStamp, $knownUser->getTimeStamp());
$this->assertEqual($expectedCustomerId, $knownUser->getCustomerId());
$this->assertEqual($expectedEventId, $knownUser->getEventId());
$this->assertEqual($expectedRedirectType, $knownUser->getRedirectType());
$this->assertEqual($expectedOriginalUrl, $knownUser->getOriginalUrl());
}
public static function verifyMd5Hash($secretKey = null, $urlProvider = null, $queryStringPrefix = null)
{
global $defaultQueryStringPrefix, $defaultSecretKey, $defaultUrlProviderFactory;
if ($urlProvider == null) {
$urlProvider = $defaultUrlProviderFactory();
}
if ($secretKey == null) {
$secretKey = $defaultSecretKey;
}
if ($queryStringPrefix == null) {
$queryStringPrefix = $defaultQueryStringPrefix;
}
if ($secretKey == null) {
throw new InvalidArgumentException("Secret key is null");
}
try {
if ($urlProvider->getQueueId($queryStringPrefix) == null && $urlProvider->getPlaceInQueue($queryStringPrefix) == null && $urlProvider->getTimeStamp($queryStringPrefix) == null) {
return null;
}
if ($urlProvider->getQueueId($queryStringPrefix) == null || $urlProvider->getPlaceInQueue($queryStringPrefix) == null || $urlProvider->getTimeStamp($queryStringPrefix) == null) {
throw new InvalidKnownUserUrlException();
}
KnownUserFactory::verifyUrl($urlProvider->getUrl(), $secretKey);
return new Md5KnownUser($urlProvider->getQueueId($queryStringPrefix), KnownUserFactory::decryptPlaceInQueue($urlProvider->getPlaceInQueue($queryStringPrefix)), KnownUserFactory::decodeTimestamp($urlProvider->getTimeStamp($queryStringPrefix)), $urlProvider->getCustomerId($queryStringPrefix), $urlProvider->getEventId($queryStringPrefix), KnownUserFactory::decodeRedirectType($urlProvider->getRedirectType($queryStringPrefix)), $urlProvider->getOriginalUrl($queryStringPrefix));
} catch (KnownUserException $e) {
$e->setValidationUrl($urlProvider->getUrl());
$e->setOriginalUrl($urlProvider->getOriginalUrl($queryStringPrefix));
throw $e;
}
}
<?php
require_once '../QueueIT.Security/SessionValidationController.php';
require_once 'CurrentBaseUrl.php';
use QueueIT\Security\SessionValidationController, QueueIT\Security\KnownUserFactory, QueueIT\Security\ExpiredValidationException, QueueIT\Security\KnownUserValidationException, QueueIT\Security\AcceptedConfirmedResult, QueueIT\Security\EnqueueResult;
KnownUserFactory::configure('a774b1e2-8da7-4d51-b1a9-7647147bb13bace77210-a488-4b6f-afc9-8ba94551a7d7');
try {
$result = SessionValidationController::validateRequest('ticketania', 'codeonly', true);
// Check if user must be enqueued
if ($result instanceof EnqueueResult) {
header('Location: ' . $result->getRedirectUrl());
}
if ($result instanceof AcceptedConfirmedResult) {
$cancelLink = $result->getQueue()->getCancelUrl(currentBaseUrl() . '/cancel.php?eventid=' . $result->getQueue()->getEventId());
}
} catch (ExpiredValidationException $ex) {
// Known user has has expired - Show error page and use GetCancelUrl to get user back in the queue
header('Location: error.php?queuename=default&t=' . urlencode($ex->getKnownUser()->getOriginalUrl()));
} catch (KnownUserValidationException $ex) {
// Known user is invalid - Show error page and use GetCancelUrl to get user back in the queue
header('Location: error.php?queuename=default&t=' . urlencode($ex->getPrevious()->getOriginalUrl()));
}
//Buffer larger content areas like the main page content
ob_start();
?>
<h3>Setting up the queue:</h3>
<ol class="round">
<li class="one">
<h5>Add configuration using code</h5>
All configuration that is supported using the configuration section is also
supported in code. In this example it is configured in the
function test_verifyMd5Hash_KnownUserException()
{
//Arrange
$prefix = null;
$sharedKey = "zaqxswcdevfrbgtnhymjukiloZAQCDEFRBGTNHYMJUKILOPlkjhgfdsapoiuytrewqmnbvcx";
$expectedPlaceInqueue = 7810;
$expectedQueueId = "fe070f51-5548-403c-9f0a-2626c15cb81b";
$placeInQueueEncrypted = "3d20e598-0304-474f-87e8-371a34073d3b";
$unixTimestamp = 1360241766;
$expectedTimeStamp = new DateTime("2013-02-07 12:56:06", new DateTimeZone("UTC"));
$expectedCustomerId = "somecust";
$expectedEventId = "someevent";
$expectedOriginalUrl = "http://www.example.com/test.aspx?prop=value";
$urlNoHash = $expectedOriginalUrl . "?" . $prefix . "c=somecust&" . $prefix . "e=someevent&" . $prefix . "q=" . $expectedQueueId . "&" . $prefix . "p=" . $placeInQueueEncrypted . "&" . $prefix . "ts=" . $unixTimestamp . "&" . $prefix . "h=";
$expectedHash = "INVALIDHASHxxxxxxxxxxxxxxxxxxxx";
$url = $urlNoHash . $expectedHash;
$urlProvider = new MockUrlProvider($url, $expectedOriginalUrl, $expectedQueueId, $placeInQueueEncrypted, (string) $unixTimestamp, $expectedCustomerId, $expectedEventId);
//Act
try {
$knownUser = KnownUserFactory::verifyMd5Hash($sharedKey, $urlProvider, $prefix);
} catch (QueueIT\Security\KnownUserException $e) {
$this->assertEqual($url, $e->getValidationUrl());
$this->assertEqual($expectedOriginalUrl, $e->getOriginalUrl());
}
}
{
$ssl = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on";
$pageURL = 'http';
if ($ssl) {
$pageURL .= "s";
}
$pageURL .= "://";
if (!$ssl && $_SERVER["SERVER_PORT"] != "80" || $ssl && $_SERVER["SERVER_PORT"] != "443") {
$pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . '/link.php';
} else {
$pageURL .= $_SERVER["SERVER_NAME"] . '/link.php';
}
return $pageURL;
}
try {
$knownUser = KnownUserFactory::verifyMd5Hash();
if ($knownUser == null) {
header('Location: link.php');
}
if ($knownUser->getTimeStamp()->getTimestamp() < time() - 180) {
header('Location: link.php');
}
} catch (KnownUserException $ex) {
header('Location: error.php?queuename=link&t=' . urlencode(getLinkUrl()));
}
//Buffer larger content areas like the main page content
ob_start();
?>
<h3>Setting up the queue:</h3>
<ol class="round">
<li class="one">
