/** * Verifies an s2Member-generated signature; in a full URL, a partial URI, or in just a query string. * * @package s2Member\Utilities * @since 111106 * * @param str $url_uri_query A full URL, a partial URI, or just a query string. Must have an s2Member-generated signature to validate. * @param bool $check_time Optional. Defaults to false. If true, s2Member will also check if the signature has expired, based on ``$exp_secs``. * @param str|int $exp_secs Optional. Defaults to (int)10. If ``$check_time`` is true, s2Member will check if the signature has expired, based on ``$exp_secs``. * @param str $sig_var Optional. The name of the s2Member-generated signature variable. Defaults to `_s2member_sig`. * @return bool True if the s2Member-generated signature is OK, else false. */ public static function s2member_sig_ok($url_uri_query = FALSE, $check_time = FALSE, $exp_secs = FALSE, $sig_var = FALSE) { $url_uri_query = $query = c_ws_plugin__s2member_utils_strings::trim((string) $url_uri_query, false, "?&="); if (preg_match("/^(?:[a-z]+\\:\\/\\/|\\/)/i", $url_uri_query)) { $query = trim(c_ws_plugin__s2member_utils_urls::parse_url($url_uri_query, PHP_URL_QUERY), "?&="); } /**/ $check_time = $check_time ? true : false; $exp_secs = is_numeric($exp_secs) ? (int) $exp_secs : 10; $sig_var = $sig_var && is_string($sig_var) ? $sig_var : "_s2member_sig"; /**/ $key = c_ws_plugin__s2member_utils_encryption::key(); /**/ if (preg_match_all("/" . preg_quote($sig_var, "/") . "\\=([0-9]+)-([^&\$]+)/", $query, $sigs)) { $query = c_ws_plugin__s2member_utils_urls::remove_s2member_sigs($query, $sig_var); /**/ wp_parse_str($query, $vars); $vars = c_ws_plugin__s2member_utils_arrays::remove_0b_strings(c_ws_plugin__s2member_utils_strings::trim_deep($vars)); $vars = serialize(c_ws_plugin__s2member_utils_arrays::ksort_deep($vars)); /**/ ($time = $sigs[1][$i = count($sigs[1]) - 1]) . ($sig = $sigs[2][$i]) . ($valid_sig = md5($key . $time . $vars)); /**/ if ($check_time) { return $sig === $valid_sig && $time >= strtotime("-" . $exp_secs . " seconds"); } else { /* Ignoring time? Just need to compare signatures in this case. */ return $sig === $valid_sig; } } else { /* Return false. No ``$query``, or no ``$sigs``. */ return false; } }
/** * Verifies an s2Member-generated signature; in a full URL, a partial URI, or in just a query string. * * @package s2Member\Utilities * @since 111106 * * @param string $url_uri_query A full URL, a partial URI, or just a query string. Must have an s2Member-generated signature to validate. * @param bool $check_time Optional. Defaults to false. If true, s2Member will also check if the signature has expired, based on ``$exp_secs``. * @param string|int $exp_secs Optional. Defaults to (int)10. If ``$check_time`` is true, s2Member will check if the signature has expired, based on ``$exp_secs``. * @param string $sig_var Optional. The name of the s2Member-generated signature variable. Defaults to `_s2member_sig`. * @return bool True if the s2Member-generated signature is OK, else false. */ public static function s2member_sig_ok($url_uri_query = FALSE, $check_time = FALSE, $exp_secs = FALSE, $sig_var = FALSE) { $url_uri_query = $query = c_ws_plugin__s2member_utils_strings::trim((string) $url_uri_query, false, '?&='); if (preg_match('/^(?:[a-z]+\\:\\/\\/|\\/)/i', $url_uri_query)) { // Is this a full URL or a partial URI? $query = trim(c_ws_plugin__s2member_utils_urls::parse_url($url_uri_query, PHP_URL_QUERY), '?&='); } $check_time = (bool) $check_time; // Check time? $exp_secs = is_numeric($exp_secs) ? (int) $exp_secs : 10; $sig_var = $sig_var && is_string($sig_var) ? $sig_var : '_s2member_sig'; $key = c_ws_plugin__s2member_utils_encryption::key(); // Obtain key. if (preg_match_all('/' . preg_quote($sig_var, '/') . '\\=([0-9]+)-([^&$]+)/', $query, $sigs)) { $query = c_ws_plugin__s2member_utils_urls::remove_s2member_sigs($query, $sig_var); wp_parse_str($query, $vars); // Parse the query string into an array of ``$vars``. $vars = c_ws_plugin__s2member_utils_arrays::remove_0b_strings(c_ws_plugin__s2member_utils_strings::trim_deep($vars)); $vars = serialize(c_ws_plugin__s2member_utils_arrays::ksort_deep($vars)); $i = count($sigs[1]) - 1; // Last one. $time = $sigs[1][$i]; // Timestamp. $sig = $sigs[2][$i]; // Signature. $valid_sig = md5($key . $time . $vars); if ($check_time) { // This must NOT be older than ``$exp_secs`` seconds ago. return $sig === $valid_sig && $time >= strtotime('-' . $exp_secs . ' seconds'); } return $sig === $valid_sig; } return false; // False, it's NOT ok. }