function yourls_check_signature() { global $yourls_user_passwords; foreach ($yourls_user_passwords as $valid_user => $valid_password) { if (yourls_auth_signature($valid_user) == $_REQUEST['signature']) { yourls_set_user($valid_user); return true; } } return false; }
yourls_e('actual value:'); ?> $time = <?php $time = time(); echo $time; ?> </tt> $signature = md5( $timestamp . '<?php echo yourls_auth_signature(); ?> ' ); <tt>// <?php yourls_e('actual value:'); ?> $signature = "<?php $sign = md5($time . yourls_auth_signature()); echo $sign; ?> "</tt> ?> </code></pre> <p><?php yourls_e('Now use parameters <tt>signature</tt> and <tt>timestamp</tt> in your API requests. Example:'); ?> </p> <p><code><?php echo YOURLS_SITE; ?> /yourls-api.php?timestamp=<strong>$timestamp</strong>&signature=<strong>$signature</strong>&action=...</code></p> <p><?php yourls_e('Actual values:');
/** * Check auth against signature. Sets user if applicable, returns bool * * @since 1.4.1 * @return bool False if signature missing or invalid, true if valid */ function yourls_check_signature() { if (!isset($_REQUEST['signature']) or empty($_REQUEST['signature'])) { return false; } // Check signature against all possible users global $yourls_user_passwords; foreach ($yourls_user_passwords as $valid_user => $valid_password) { if (yourls_auth_signature($valid_user) == $_REQUEST['signature']) { yourls_set_user($valid_user); return true; } } // Signature doesn't match known user return false; }