/**
* Confirm an authorisation key is valid
*
* See description of xarSecGenAuthKey for information on
* this function
*
* @access public
* @param string authIdVarName
* @return bool true if the key is valid, false if it is not
* @throws FORBIDDEN_OPERATION
* @todo bring back possibility of time authorized keys
*/
function confirmAuthKey($modName = NULL, $authIdVarName = 'authid')
{
if (!isset($modName)) {
list($modName) = wbRequest::getController();
}
$authid = wbRequest::getVar($authIdVarName);
$rands = wbSession::getVar('rand');
$now = time();
srand((double) microtime() * 1000000);
// convert single rand to array of "timestamp-rand()" strings
if (!is_array($rands)) {
$rands = array();
// session integrity: only keep most recent 64 values
$rands = array_slice($rands, -64);
wbSession::setVar('rand', $rands);
}
// needed in foreach to expire old rand values
$age = wbConfig::get('Session.InactivityTimeout') * 60;
// convert minutes to seconds
// loop through the rands array to find a match
foreach ($rands as $r => $rnd) {
list($timestamp, $rndval) = explode('-', $rnd, 2);
// ignore and get rid of random values older than session activity timeout
if ($now - $age > $timestamp) {
unset($rands[$r]);
continue;
}
// Regenerate static part of key
$partkey = $rndval . strtolower($modName);
if (md5($partkey) == $authid) {
// Match - get rid of it and leave happy
unset($rands[$r]);
// session integrity: only keep most recent 64 values
$rands = array_slice($rands, -64);
wbSession::setVar('rand', $rands);
return true;
}
}
throw new Exception("<p>Operasi yang anda coba lakukan tidak diperkenankan dalam kondisi ini.</p>Anda mungkin telah menekan tombol Back atau Reload pada browser dan mencoba kembali operasi yang tidak boleh diulang, atau cookie tidak diaktifkan pada browser anda");
return false;
}
