Esempi in PHP per Wikia::verifyUserSecretKey

Esempio n. 1

File: Unsubscribe.body.php Progetto: schwarer2006/wikia

 /**
  * Show the special page
  *
  * @param $subpage Mixed: parameter passed to the page or null
  */
 public function execute($subpage)
 {
     global $wgRequest, $wgUser, $wgOut;
     $this->setHeaders();
     $hash_key = $wgRequest->getText('key', null);
     $email = $token = $timestamp = null;
     if (!empty($hash_key)) {
         #$hask_key = urldecode ( $hash_key );
         $data = Wikia::verifyUserSecretKey($hash_key, 'sha256');
         error_log("data = " . print_r($data, true));
         if (!empty($data)) {
             $username = isset($data['user']) ? $data['user'] : null;
             $token = isset($data['token']) ? $data['token'] : null;
             $timestamp = isset($data['signature1']) ? $data['signature1'] : null;
             $oUser = User::newFromName($username);
             $email = $oUser->getEmail();
         }
     } else {
         $email = $wgRequest->getText('email', null);
         $token = $wgRequest->getText('token', null);
         $timestamp = $wgRequest->getText('timestamp', null);
     }
     if ($email == null || $token == null || $timestamp == null) {
         #give up now, abandon all hope.
         $wgOut->addWikiMsg('unsubscribe-badaccess');
         return;
     }
     #validate timestamp isnt spoiled (you only have 7 days)
     $timeCutoff = strtotime("7 days ago");
     if ($timestamp <= $timeCutoff) {
         $wgOut->addWikiMsg('unsubscribe-badtime');
         // $wgOut->addHTML("timestamp={$timestamp}\n"); #DEVL (remove before release)
         // $wgOut->addHTML("timeCutoff={$timeCutoff}\n"); #DEVL (remove before release)
         return;
     }
     #generate what the token SHOULD be
     $shouldToken = wfGenerateUnsubToken($email, $timestamp);
     if ($token != $shouldToken) {
         $wgOut->addWikiMsg('unsubscribe-badtoken');
         // $wgOut->addHTML("shouldtoken={$shouldToken}\n"); #DEVL (remove before release)
         return;
     }
     #does the non-blank email they gave us look like an email?
     if (Sanitizer::validateEmail($email) == false) {
         #email wasnt blank, but didnt look like any email
         $wgOut->addWikiMsg('unsubscribe-bademail');
         // $wgOut->addHTML("email={$email}\n"); #DEVL (remove before release)
         return;
     }
     #at this point, the 3 params check out.
     #is this their 2nd pass at this?
     $confirmed = $wgRequest->getBool('confirm', null);
     if ($wgRequest->wasPosted() && $confirmed) {
         #this is the 2nd round, they pushed the button, so do it
         $this->procUnsub($email);
     } else {
         #this is 1st pass, give them a button to push
         $this->showInfo($email, $token, $timestamp);
     }
 }