function validateSessionObject($session) { // make sure some essential fields exist if (is_array($session) && isset($session['uid']) && isset($session['session_key']) && isset($session['secret']) && isset($session['access_token']) && isset($session['sig'])) { // validate the signature $session_without_sig = $session; unset($session_without_sig['sig']); $expected_sig = generateSignature( $session_without_sig, FB_SECRET ); if ($session['sig'] != $expected_sig) { // disable error log if we are running in a CLI environment // @codeCoverageIgnoreStart if (php_sapi_name() != 'cli') { error_log('Got invalid session signature in cookie.'); } // @codeCoverageIgnoreEnd $session = null; } // check expiry time } else { $session = null; } return $session; }
<?php include_once '../../config.php'; include_once 'includes/header.php'; use LearnositySdk\Utils\Json; $security = array('consumer_key' => $consumer_key, 'domain' => $domain, 'timestamp' => gmdate('Ymd-Hi')); $request = array('limit' => 100, 'tags' => array(array('type' => 'course', 'name' => 'commoncore'))); $security['signature'] = generateSignature($security, $consumer_secret, $request); $signedRequest = Json::encode(array('request' => $request, 'security' => $security)); ?> <div class="jumbotron section"> <div class="toolbar"> <ul class="list-inline"> <li data-toggle="tooltip" data-original-title="Preview API Initialisation Object"><a href="#" data-toggle="modal" data-target="#initialisation-preview"><span class="glyphicon glyphicon-search"></span></a></li> <li data-toggle="tooltip" data-original-title="Visit the documentation"><a href="http://docs.learnosity.com/authorapi/" title="Documentation"><span class="glyphicon glyphicon-book"></span></a></li> <li data-toggle="tooltip" data-original-title="Toggle product overview box"><a href="#"><span class="glyphicon glyphicon-chevron-up jumbotron-toggle"></span></a></li> </ul> </div> <div class="overview"> <h1>Author API</h1> <p>Learnosity's Author API allows searching and integration of Learnosity powered content into your content management system.<p> </div> </div> <div class="section"> <section> <h3>Sample CMS/LMS Integration</h3> <p>Below is an edit page for a fictional Content/Learning Management System.</p> <p>The buttons on the right show how you might integrate the Author API to search for, and add items — allowing your authors to integrate rich content items into existing pages.</p>
function compareSignature($origin) { return $origin === generateSignature(); }