public function read($now = 0)
{
// get cookie
$str = null;
if (isset($_COOKIE[$this->cookie_name])) {
$str = $_COOKIE[$this->cookie_name];
}
if (empty($str) || $str == 'deleted') {
$this->payload = array();
return self::REASON_MISSING;
}
// decode any wrappers
if (SecureString1::b64_chars($str)) {
// if 100% b64 chars, then decode it
$str = SecureString1::b64_urldecode($str);
} else {
// Some proxies will muck with '=' and '&' inspite of
// the spec saying these are ok
if (strpos($str, '%') !== false) {
$str = urldecode($str);
// sometimes double encoding happens
if (strpos($str, '%') !== false) {
$str = urldecode($str);
}
}
}
// Now check for cryptographic integrity
$ok = SecureString1::validate($str, $this->keys);
if (!$ok) {
return self::REASON_INVALID;
}
// from query string to array
parse_str($str, $this->payload);
// cookie is cryptographically valid, but check for policy on age
if ($now === 0) {
$now = time();
}
$created = $this->payload[SecureString1::PREFIX_CREATED];
$elapsed = $now - $created;
if ($elapsed > $this->window) {
return self::REASON_EXPIRED;
}
// Hmmm someone's got a clock skew. I'll you figure out what to do
if ($created > $now) {
return self::REASON_CLOCK_SKEW;
}
// valid
return self::REASON_OK;
}
public function testBase64()
{
$this->assertEquals("MA..", SecureString1::b64_urlencode("0"));
$this->assertEquals("0", SecureString1::b64_urldecode("MA.."));
$this->assertTrue(SecureString1::b64_chars("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_."));
$this->assertFalse(SecureString1::b64_chars("~!@#\$%^&*"));
// go figure, bad input for base64_input doesn't pop an exception
$this->assertEquals('', SecureString1::b64_urldecode("~!@#\$%^&*"));
}
