}
}
// Inject form field data into the message structure. No checks
// are done on the data over here. Here we just take care of
// putting the data in the right format in the data structure.
foreach ($PHORUM["post_fields"] as $var => $spec) {
// Check the signature of signed fields.
if ($spec[pf_SIGNED]) {
$qvar = htmlspecialchars($var);
if (!isset($_POST["{$var}:signature"])) {
trigger_error("Data signing error: signature for field {$qvar} is missing " . "in the form data.", E_USER_ERROR);
}
if (!isset($_POST["{$var}"])) {
trigger_error("Data signing error: field {$qvar} is missing in the form data.", E_USER_ERROR);
}
if (!phorum_api_sign_check($_POST["{$var}"], $_POST["{$var}:signature"])) {
trigger_error("Data signing error: signature for field {$qvar} " . "is wrong; there was probably tampering with the " . "form data", E_USER_ERROR);
}
}
// Format and store the data based on the configuration.
switch ($spec[pf_TYPE]) {
case "boolean":
$message[$var] = isset($_POST[$var]) && $_POST[$var] ? 1 : 0;
break;
case "integer":
$message[$var] = isset($_POST[$var]) ? (int) $_POST[$var] : NULL;
break;
case "array":
// Serialized arrays are base64 encoded, to prevent special
// character (especially newline) mangling by the browser.
$message[$var] = isset($_POST[$var]) ? unserialize(base64_decode($_POST[$var])) : array();
/**
* @deprecated Replaced by {@link phorum_api_sign_check()}.
*/
function phorum_check_data_signature($data, $signature)
{
return phorum_api_sign_check($data, $signature);
}
