/** * method: recv * * todo: write documentation */ public static function recv() { $base64 = Amslib_GET::get("encrypted"); if (!$base64) { self::reply(false, "missing 'encrypted' parameter"); } $encrypted = base64_decode($base64); $decrypted = AesCtr::decrypt($encrypted, self::getPassword()); try { $json = json_decode($decrypted, true); } catch (Exception $e) { // do nothing Amslib_Debug::log("Exception whilst json_decoding content"); } if (!isset($json) || !$json || !isset($json["check"])) { self::reply(false, "invalid data"); } if ($json["check"] != self::getCheck()) { self::reply(false, "check compare failed"); } unset($json["check"]); // TODO: the sender might have posted an actual file, so we need to maybe check this and // provide the file data from the $_FILES array return $json; }
/** * method: outputJSON * * todo: write documentation * * note: I hate this function name, I think we should change it to something more elegant */ public static function outputJSON($array, $block = true) { header("Cache-Control: no-cache"); header("Content-Type: application/json"); // NOTE: perhaps it would be nice to limit this CORS header in the future if (isset($_SERVER["HTTP_ORIGIN"])) { $origin = $_SERVER["HTTP_ORIGIN"]; header("Access-Control-Allow-Origin: {$origin}"); header("Access-Control-Allow-Credentials: true"); } $json = json_encode($array); // if there is a callback specified, wrap up the json into a jsonp format $jsonp = Amslib_GET::get("callback"); if ($jsonp) { $json = "{$jsonp}({$json})"; } Amslib_Benchmark::log(); if ($block === true) { die($json); } if ($block === false) { print $json; } return $json; }