function test_verifyMd5Hash() { //Arrange $prefix = null; $sharedKey = "zaqxswcdevfrbgtnhymjukiloZAQCDEFRBGTNHYMJUKILOPlkjhgfdsapoiuytrewqmnbvcx"; $expectedPlaceInqueue = 7810; $expectedQueueId = "fe070f51-5548-403c-9f0a-2626c15cb81b"; $placeInQueueEncrypted = "3d20e598-0304-474f-87e8-371a34073d3b"; $unixTimestamp = 1360241766; $expectedTimeStamp = new DateTime("2013-02-07 12:56:06", new DateTimeZone("UTC")); $expectedCustomerId = "somecust"; $expectedEventId = "someevent"; $expectedOriginalUrl = "http://www.example.com/test.aspx?prop=value"; $expectedRedirectType = RedirectType::Queue; $urlNoHash = $expectedOriginalUrl . "?" . $prefix . "c=somecust&" . $prefix . "e=someevent&" . $prefix . "q=" . $expectedQueueId . "&" . $prefix . "p=" . $placeInQueueEncrypted . "&" . $prefix . "ts=" . $unixTimestamp . "&" . $prefix . "rt=queue&" . $prefix . "h="; $expectedHash = md5(utf8_encode($urlNoHash . $sharedKey)); $url = $urlNoHash . $expectedHash; $urlProvider = new MockUrlProvider($url, $expectedOriginalUrl, $expectedQueueId, $placeInQueueEncrypted, (string) $unixTimestamp, $expectedCustomerId, $expectedEventId, "queue"); //Act $knownUser = QueueIT\Security\KnownUserFactory::verifyMd5Hash($sharedKey, $urlProvider, $prefix); $this->assertNotNull($knownUser); $this->assertEqual($expectedQueueId, $knownUser->getQueueId()); $this->assertEqual($expectedPlaceInqueue, $knownUser->getPlaceInQueue()); $this->assertEqual($expectedTimeStamp, $knownUser->getTimeStamp()); $this->assertEqual($expectedCustomerId, $knownUser->getCustomerId()); $this->assertEqual($expectedEventId, $knownUser->getEventId()); $this->assertEqual($expectedRedirectType, $knownUser->getRedirectType()); $this->assertEqual($expectedOriginalUrl, $knownUser->getOriginalUrl()); }
public static function verifyMd5Hash($secretKey = null, $urlProvider = null, $queryStringPrefix = null) { global $defaultQueryStringPrefix, $defaultSecretKey, $defaultUrlProviderFactory; if ($urlProvider == null) { $urlProvider = $defaultUrlProviderFactory(); } if ($secretKey == null) { $secretKey = $defaultSecretKey; } if ($queryStringPrefix == null) { $queryStringPrefix = $defaultQueryStringPrefix; } if ($secretKey == null) { throw new InvalidArgumentException("Secret key is null"); } try { if ($urlProvider->getQueueId($queryStringPrefix) == null && $urlProvider->getPlaceInQueue($queryStringPrefix) == null && $urlProvider->getTimeStamp($queryStringPrefix) == null) { return null; } if ($urlProvider->getQueueId($queryStringPrefix) == null || $urlProvider->getPlaceInQueue($queryStringPrefix) == null || $urlProvider->getTimeStamp($queryStringPrefix) == null) { throw new InvalidKnownUserUrlException(); } KnownUserFactory::verifyUrl($urlProvider->getUrl(), $secretKey); return new Md5KnownUser($urlProvider->getQueueId($queryStringPrefix), KnownUserFactory::decryptPlaceInQueue($urlProvider->getPlaceInQueue($queryStringPrefix)), KnownUserFactory::decodeTimestamp($urlProvider->getTimeStamp($queryStringPrefix)), $urlProvider->getCustomerId($queryStringPrefix), $urlProvider->getEventId($queryStringPrefix), KnownUserFactory::decodeRedirectType($urlProvider->getRedirectType($queryStringPrefix)), $urlProvider->getOriginalUrl($queryStringPrefix)); } catch (KnownUserException $e) { $e->setValidationUrl($urlProvider->getUrl()); $e->setOriginalUrl($urlProvider->getOriginalUrl($queryStringPrefix)); throw $e; } }
<?php require_once '../QueueIT.Security/SessionValidationController.php'; require_once 'CurrentBaseUrl.php'; use QueueIT\Security\SessionValidationController, QueueIT\Security\KnownUserFactory, QueueIT\Security\ExpiredValidationException, QueueIT\Security\KnownUserValidationException, QueueIT\Security\AcceptedConfirmedResult, QueueIT\Security\EnqueueResult; KnownUserFactory::configure('a774b1e2-8da7-4d51-b1a9-7647147bb13bace77210-a488-4b6f-afc9-8ba94551a7d7'); try { $result = SessionValidationController::validateRequest('ticketania', 'codeonly', true); // Check if user must be enqueued if ($result instanceof EnqueueResult) { header('Location: ' . $result->getRedirectUrl()); } if ($result instanceof AcceptedConfirmedResult) { $cancelLink = $result->getQueue()->getCancelUrl(currentBaseUrl() . '/cancel.php?eventid=' . $result->getQueue()->getEventId()); } } catch (ExpiredValidationException $ex) { // Known user has has expired - Show error page and use GetCancelUrl to get user back in the queue header('Location: error.php?queuename=default&t=' . urlencode($ex->getKnownUser()->getOriginalUrl())); } catch (KnownUserValidationException $ex) { // Known user is invalid - Show error page and use GetCancelUrl to get user back in the queue header('Location: error.php?queuename=default&t=' . urlencode($ex->getPrevious()->getOriginalUrl())); } //Buffer larger content areas like the main page content ob_start(); ?> <h3>Setting up the queue:</h3> <ol class="round"> <li class="one"> <h5>Add configuration using code</h5> All configuration that is supported using the configuration section is also supported in code. In this example it is configured in the
function test_verifyMd5Hash_KnownUserException() { //Arrange $prefix = null; $sharedKey = "zaqxswcdevfrbgtnhymjukiloZAQCDEFRBGTNHYMJUKILOPlkjhgfdsapoiuytrewqmnbvcx"; $expectedPlaceInqueue = 7810; $expectedQueueId = "fe070f51-5548-403c-9f0a-2626c15cb81b"; $placeInQueueEncrypted = "3d20e598-0304-474f-87e8-371a34073d3b"; $unixTimestamp = 1360241766; $expectedTimeStamp = new DateTime("2013-02-07 12:56:06", new DateTimeZone("UTC")); $expectedCustomerId = "somecust"; $expectedEventId = "someevent"; $expectedOriginalUrl = "http://www.example.com/test.aspx?prop=value"; $urlNoHash = $expectedOriginalUrl . "?" . $prefix . "c=somecust&" . $prefix . "e=someevent&" . $prefix . "q=" . $expectedQueueId . "&" . $prefix . "p=" . $placeInQueueEncrypted . "&" . $prefix . "ts=" . $unixTimestamp . "&" . $prefix . "h="; $expectedHash = "INVALIDHASHxxxxxxxxxxxxxxxxxxxx"; $url = $urlNoHash . $expectedHash; $urlProvider = new MockUrlProvider($url, $expectedOriginalUrl, $expectedQueueId, $placeInQueueEncrypted, (string) $unixTimestamp, $expectedCustomerId, $expectedEventId); //Act try { $knownUser = KnownUserFactory::verifyMd5Hash($sharedKey, $urlProvider, $prefix); } catch (QueueIT\Security\KnownUserException $e) { $this->assertEqual($url, $e->getValidationUrl()); $this->assertEqual($expectedOriginalUrl, $e->getOriginalUrl()); } }
{ $ssl = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on"; $pageURL = 'http'; if ($ssl) { $pageURL .= "s"; } $pageURL .= "://"; if (!$ssl && $_SERVER["SERVER_PORT"] != "80" || $ssl && $_SERVER["SERVER_PORT"] != "443") { $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . '/link.php'; } else { $pageURL .= $_SERVER["SERVER_NAME"] . '/link.php'; } return $pageURL; } try { $knownUser = KnownUserFactory::verifyMd5Hash(); if ($knownUser == null) { header('Location: link.php'); } if ($knownUser->getTimeStamp()->getTimestamp() < time() - 180) { header('Location: link.php'); } } catch (KnownUserException $ex) { header('Location: error.php?queuename=link&t=' . urlencode(getLinkUrl())); } //Buffer larger content areas like the main page content ob_start(); ?> <h3>Setting up the queue:</h3> <ol class="round"> <li class="one">