function yourls_check_signature_timestamp() { // Timestamp in PHP : time() // Timestamp in JS: parseInt(new Date().getTime() / 1000) global $yourls_user_passwords; foreach ($yourls_user_passwords as $valid_user => $valid_password) { if ((md5($_REQUEST['timestamp'] . yourls_auth_signature($valid_user)) == $_REQUEST['signature'] or md5(yourls_auth_signature($valid_user) . $_REQUEST['timestamp']) == $_REQUEST['signature']) && yourls_check_timestamp($_REQUEST['timestamp'])) { yourls_set_user($valid_user); return true; } } return false; }
/** * Check auth against signature and timestamp. Sets user if applicable, returns bool * * * @since 1.4.1 * @return bool False if signature or timestamp missing or invalid, true if valid */ function yourls_check_signature_timestamp() { if (!isset($_REQUEST['signature']) or empty($_REQUEST['signature']) or !isset($_REQUEST['timestamp']) or empty($_REQUEST['timestamp'])) { return false; } // Timestamp in PHP : time() // Timestamp in JS: parseInt(new Date().getTime() / 1000) // Check signature & timestamp against all possible users global $yourls_user_passwords; foreach ($yourls_user_passwords as $valid_user => $valid_password) { if ((md5($_REQUEST['timestamp'] . yourls_auth_signature($valid_user)) == $_REQUEST['signature'] or md5(yourls_auth_signature($valid_user) . $_REQUEST['timestamp']) == $_REQUEST['signature']) && yourls_check_timestamp($_REQUEST['timestamp'])) { yourls_set_user($valid_user); return true; } } // Signature doesn't match known user return false; }