public static function match($storage_key)
{
$dec = Encryption::dec(base64_decode($storage_key), self::getSalt());
return $dec === self::getData();
}
/**
* Return the client which is registered in our session.
* The client id is encrypted in the session file,
* and has a totally different encryption in the
* database.
*/
public function getStoredClient()
{
$c = self::g('client');
return $c ? Encryption::dec($c, Site::getKey('session')) : '';
}
*
* This is a simple example of how to respond to a login request.
*
*/
$auto_login = false;
require "../../include/iq.php";
try {
/* Validate body */
$body = file_get_contents('php://input');
if (!$body && !isset($_REQUEST['_'])) {
throw new RuntimeException("404");
}
/* Input is encrypted with the hashed captcha! */
$key = base64_encode(Session::getCurrent()->get(Captcha::KEY_LOGIN));
// Attempt to decrypt
if (!($data = Encryption::dec($_REQUEST["_"], $key))) {
throw new RuntimeException("Unable to decrypt received data, please check your local key or verification code.");
}
// Check JSON
if (!($jdata = json_decode($data, true))) {
throw new RuntimeException("Unable to parse input.");
}
if (empty($jdata["credentials"])) {
throw new RuntimeException("Received credentials are missing.");
}
// Read credentials
$cred_obj = explode(" ", base64_decode($jdata['credentials']));
if (count($cred_obj) < 2) {
throw new RuntimeException("Received credentials are malformed.");
}
// This is where you normally handle the call, i.e.. $res = Api::handleRequest($jdata);
