function checkCsrfToken() { if (!constant_time_compare(CSRF_TOKEN, $_POST['csrf_token'])) { jsonError('Invalid CSRF token'); } }
function is_valid_signature($query_array, $secret_key) { if (!array_key_exists('val', $query_array) || !array_key_exists('sig', $query_array) || !array_key_exists('exp', $query_array) || !array_key_exists('nonce', $query_array)) { return false; } $data = base64_decode($query_array['val']); $nonce = base64_decode($query_array['nonce']); $mac = hash_hmac('md5', $data . '|' . $query_array['exp'] . '|' . $nonce, $secret_key); $sig = $query_array['sig']; //binary and to avoid branch timing issues return (bool) (constant_time_compare($mac, $sig) & time() < (int) $query_array['exp']); }