function yourls_check_signature()
{
global $yourls_user_passwords;
foreach ($yourls_user_passwords as $valid_user => $valid_password) {
if (yourls_auth_signature($valid_user) == $_REQUEST['signature']) {
yourls_set_user($valid_user);
return true;
}
}
return false;
}
yourls_e('actual value:');
?>
$time = <?php
$time = time();
echo $time;
?>
</tt>
$signature = md5( $timestamp . '<?php
echo yourls_auth_signature();
?>
' );
<tt>// <?php
yourls_e('actual value:');
?>
$signature = "<?php
$sign = md5($time . yourls_auth_signature());
echo $sign;
?>
"</tt>
?>
</code></pre>
<p><?php
yourls_e('Now use parameters <tt>signature</tt> and <tt>timestamp</tt> in your API requests. Example:');
?>
</p>
<p><code><?php
echo YOURLS_SITE;
?>
/yourls-api.php?timestamp=<strong>$timestamp</strong>&signature=<strong>$signature</strong>&action=...</code></p>
<p><?php
yourls_e('Actual values:');
/**
* Check auth against signature. Sets user if applicable, returns bool
*
* @since 1.4.1
* @return bool False if signature missing or invalid, true if valid
*/
function yourls_check_signature()
{
if (!isset($_REQUEST['signature']) or empty($_REQUEST['signature'])) {
return false;
}
// Check signature against all possible users
global $yourls_user_passwords;
foreach ($yourls_user_passwords as $valid_user => $valid_password) {
if (yourls_auth_signature($valid_user) == $_REQUEST['signature']) {
yourls_set_user($valid_user);
return true;
}
}
// Signature doesn't match known user
return false;
}
