/** * Validate that the current request came from Twilio * * If no url is passed then the default $_SERVER['REQUEST_URI'] will be passed * through site_url(). * * If no post_vars are passed then $_POST will be used directly. * * @param bool/string $uri * @param bool/array $post_vars * @return bool */ public static function validateRequest($url = false, $post_vars = false) { $ci =& get_instance(); if ($ci->tenant->type == VBX_Settings::AUTH_TYPE_CONNECT) { return true; } if (!self::$_twilioValidator instanceof Services_Twilio_RequestValidator) { self::$_twilioValidator = new Services_Twilio_RequestValidator($ci->twilio_token); } if (empty($url)) { // we weren't handed a uri, use the default $url = site_url($ci->uri->uri_string()); } elseif (strpos($url, '://') === false) { // we were handed a relative uri, make it full $url = site_url($url); } // without rewrite enabled we need to ensure that the query string // is properly appended to the url when being reconstructed if ($ci->vbx_settings->get('rewrite_enabled', VBX_PARENT_TENANT) < 1 && !empty($_SERVER['QUERY_STRING']) && strpos($url, $_SERVER['QUERY_STRING']) === false) { $qs = parse_str($_SERVER['QUERY_STRING']); // make sure that the rewrite var doesn't stay in the query // string if we're not doing rewriting if ($ci->vbx_settings->get('rewrite_enabled', VBX_PARENT_TENANT) < 1) { foreach ($qs as $name => $value) { if ($name == 'vbxsite') { unset($qs[$name]); } } } if (!empty($qs)) { $url .= '?' . http_build_query($qs); } } if (empty($post_vars)) { // we weren't handed post-vars, use the default $post_vars = $_POST; } return self::$_twilioValidator->validate(self::getRequestSignature(), $url, $post_vars); }