return true;
}
return false;
}
ini_set("display_errors", 1);
if (!isset($_REQUEST['b64'])) {
error_log("Missing b64 parameter");
die("Missing b64 parameter");
}
// Make sure to add the file to the session id in case
// multiple people are running this on the same server
$b64 = $_REQUEST['b64'];
session_id(md5($b64 . __FILE__));
session_start();
// For my application, We only allow application/xml
$request_headers = OAuthUtil::get_headers();
$hct = isset($request_headers['Content-Type']) ? $request_headers['Content-Type'] : false;
if (!$hct) {
$hct = isset($request_headers['Content-type']) ? $request_headers['Content-type'] : false;
}
if (strpos($hct, 'application/xml') === false) {
header('Content-Type: text/plain');
// print_r($request_headers);
error_log("Must be content type xml, found " . $hct);
die("Must be content type xml, found " . $hct);
}
header('Content-Type: application/xml; charset=utf-8');
// Get skeleton response
$response = LTI::getPOXResponse();
// Pull out the key and secret from the parameter
$b64dec = base64_decode($b64);
public static function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret)
{
$request_headers = OAuthUtil::get_headers();
// print_r($request_headers);
// Must reject application/x-www-form-urlencoded
if ($request_headers['Content-Type'] == 'application/x-www-form-urlencoded') {
throw new \Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
}
$oauth_signature_method = false;
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
// echo("HEADER PARMS=\n");
// print_r($header_parameters);
$oauth_body_hash = $header_parameters['oauth_body_hash'];
if (isset($header_parameters['oauth_signature_method'])) {
$oauth_signature_method = $header_parameters['oauth_signature_method'];
}
// echo("OBH=".$oauth_body_hash."\n");
}
if (!isset($oauth_body_hash)) {
throw new \Exception("OAuth request body signing requires oauth_body_hash body");
}
// Check the key and secret.
$retval = self::verifyKeyAndSecret($oauth_consumer_key, $oauth_consumer_secret);
if ($retval !== true) {
throw new \Exception("OAuth signature failed: " . $retval[0]);
}
$postdata = file_get_contents('php://input');
// echo($postdata);
if ($oauth_signature_method == 'HMAC-SHA256') {
$hash = base64_encode(hash('sha256', $postdata, TRUE));
} else {
$hash = base64_encode(sha1($postdata, TRUE));
}
global $LastOAuthBodyHashInfo;
$LastOAuthBodyHashInfo = "hdr_hash={$oauth_body_hash} body_len=" . strlen($postdata) . " body_hash={$hash} oauth_signature_method={$oauth_signature_method}";
if ($hash != $oauth_body_hash) {
throw new \Exception("OAuth oauth_body_hash mismatch");
}
return $postdata;
}
