public static function match($storage_key) { $dec = Encryption::dec(base64_decode($storage_key), self::getSalt()); return $dec === self::getData(); }
/** * Return the client which is registered in our session. * The client id is encrypted in the session file, * and has a totally different encryption in the * database. */ public function getStoredClient() { $c = self::g('client'); return $c ? Encryption::dec($c, Site::getKey('session')) : ''; }
* * This is a simple example of how to respond to a login request. * */ $auto_login = false; require "../../include/iq.php"; try { /* Validate body */ $body = file_get_contents('php://input'); if (!$body && !isset($_REQUEST['_'])) { throw new RuntimeException("404"); } /* Input is encrypted with the hashed captcha! */ $key = base64_encode(Session::getCurrent()->get(Captcha::KEY_LOGIN)); // Attempt to decrypt if (!($data = Encryption::dec($_REQUEST["_"], $key))) { throw new RuntimeException("Unable to decrypt received data, please check your local key or verification code."); } // Check JSON if (!($jdata = json_decode($data, true))) { throw new RuntimeException("Unable to parse input."); } if (empty($jdata["credentials"])) { throw new RuntimeException("Received credentials are missing."); } // Read credentials $cred_obj = explode(" ", base64_decode($jdata['credentials'])); if (count($cred_obj) < 2) { throw new RuntimeException("Received credentials are malformed."); } // This is where you normally handle the call, i.e.. $res = Api::handleRequest($jdata);