function get_chain_verification_results($chain_length, $url)
{
$result_array = array();
$tag = str_replace('.', '_', get_domain_from_url($url));
for ($x = 0; $x < $chain_length; $x++) {
$result = file_get_contents(CDIR . $tag . '_result' . $x . '.txt');
preg_match("/0x\\S+\\s(\\w+)\n/", $result, $matches);
array_push($result_array, $matches[1]);
}
return $result_array;
}
}
// var_dump($urls);
// echo "<br/>urls: [".$urls."]";
// TESTS
// $var_test = ()? PASS:FAIL;
$verify_url_test = $urls == $expected ? PASS : FAIL;
echo "<br/>verify_url_test: [" . $verify_url_test . "]";
$array_test = verify_chain($good_array) == 1 && verify_chain($bad_array) != 1 ? PASS : FAIL;
echo "<br/>array_test: [" . $array_test . "]";
$get_url_test = get_url($bofa_json) == $bofa_url ? PASS : get_url($bofa_json);
echo "<br/>get_url_test: [" . $get_url_test . "]";
$get_empty_url_test = get_url(null) == '' ? PASS : get_url(null);
echo "<br/>get_empty_url_test: [" . $get_empty_url_test . "]";
$match_domains_test = match_urls('www.foo.bar', 'xxx.foo.bar') && match_urls('www.foo.bar', '*.foo.bar') && match_urls('foo.bar', '*.foo.bar') && match_urls('foo.bar', 'www.foo.bar') && match_urls('cert-002.blockchain.info', 'www.blockchain.info') ? PASS : FAIL;
echo "<br/>match_domains_test: [" . $match_domains_test . "]";
$get_domain_from_url_test = get_domain_from_url($bofa_url) == 'www.bankofamerica.com' ? PASS : FAIL;
echo "<br/>get_domain_from_url_test: [" . $get_domain_from_url_test . "]";
$nothing = verify_domain_json(null);
$null_test = $nothing["company_name"] == "" && $nothing["verification_result"] == 'FAIL' && $nothing["url_matching"] == 'false' ? PASS : FAIL;
echo "<br/>null_test: [" . $null_test . "]";
if ($null_test == FAIL) {
var_dump($nothing);
}
$blank = verify_domain_json('');
$blank_test = $blank["company_name"] == "" && $blank["verification_result"] == 'FAIL' && $blank["url_matching"] == 'false' ? PASS : FAIL;
echo "<br/>blank_test: [" . $blank_test . "]";
if ($blank_test == FAIL) {
var_dump($blank);
}
$empty = verify_domain_json(' ');
$empty_test = $empty["company_name"] == "" && $empty["verification_result"] == 'FAIL' && $empty["url_matching"] == 'false' ? PASS : FAIL;
function the_marchand($string)
{
$marchand = explode(';', $string);
foreach ($marchand as $a_marchand) {
echo '<a href="' . $a_marchand . '">' . get_domain_from_url($a_marchand) . '</a>';
}
}
function verify_sns($message, $region, $account, $topics)
{
$msg = json_decode($message);
// Check that region, account and topic match
$topicarn = explode(':', $msg->TopicArn);
if ($topicarn[3] != $region || $topicarn[4] != $account || !in_array($topicarn[5], $topics)) {
return false;
}
$_region = $topicarn[3];
$_account = $topicarn[4];
$_topic = $topicarn[5];
// Check that the domain in message ends with '.amazonaws.com'
if (!endswith(get_domain_from_url($msg->SigningCertURL), '.amazonaws.com')) {
return false;
}
// Load certificate and extract public key from it
$surl = $msg->SigningCertURL;
$curlOptions = array(CURLOPT_URL => $surl, CURLOPT_VERBOSE => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_SSL_VERIFYPEER => TRUE, CURLOPT_SSL_VERIFYHOST => 2);
$ch = curl_init();
curl_setopt_array($ch, $curlOptions);
$cert = curl_exec($ch);
$pubkey = openssl_get_publickey($cert);
if (!$pubkey) {
return false;
}
// Generate a message string for comparison in Amazon-specified format
$text = "";
if ($msg->Type == 'Notification') {
$text .= "Message\n";
$text .= $msg->Message . "\n";
$text .= "MessageId\n";
$text .= $msg->MessageId . "\n";
if (isset($msg->Subject)) {
if ($msg->Subject != "") {
$text .= "Subject\n";
$text .= $msg->Subject . "\n";
}
}
$text .= "Timestamp\n";
$text .= $msg->Timestamp . "\n";
$text .= "TopicArn\n";
$text .= $msg->TopicArn . "\n";
$text .= "Type\n";
$text .= $msg->Type . "\n";
} elseif ($msg->Type == 'SubscriptionConfirmation') {
$text .= "Message\n";
$text .= $msg->Message . "\n";
$text .= "MessageId\n";
$text .= $msg->MessageId . "\n";
$text .= "SubscribeURL\n";
$text .= $msg->SubscribeURL . "\n";
$text .= "Timestamp\n";
$text .= $msg->Timestamp . "\n";
$text .= "Token\n";
$text .= $msg->Token . "\n";
$text .= "TopicArn\n";
$text .= $msg->TopicArn . "\n";
$text .= "Type\n";
$text .= $msg->Type . "\n";
} else {
return false;
}
// Get a raw binary message signature
$signature = base64_decode($msg->Signature);
// ..and finally, verify the message
if (openssl_verify($text, $signature, $pubkey, OPENSSL_ALGO_SHA1)) {
return true;
}
return false;
}
|
*/
$config['cookie_prefix'] = '';
$config['cookie_path'] = '/';
$config['cookie_httponly'] = TRUE;
if (defined('CONF_COOKIE_DOMAIN')) {
// The developer has specified the specific domain to use for cookies
$config['cookie_domain'] = CONF_COOKIE_DOMAIN;
} else {
// No specific domain has been specified, set a cookie which spans
// the use of all specified BASE_URLs, i.e BASE_URL and SECURE_BASE_URL
$config['cookie_domain'] = '';
// Are the BASE_URL and SECURE_BASE_URL on the same domain?
// if so, cool, if not then...
$_base_domain = get_domain_from_url(BASE_URL);
$_secure_base_domain = defined('SECURE_BASE_URL') ? get_domain_from_url(SECURE_BASE_URL) : $_base_domain;
if ($_base_domain == $_secure_base_domain) {
// If the two match, then define it
$config['cookie_domain'] = $_base_domain;
} else {
$_ERROR = 'The <code>BASE_URL</code> and <code>SECURE_BASE_URL</code> constants do not share the same domain, this can cause issues with sessions.';
include NAILS_PATH . 'errors/startup_error.php';
}
}
/*
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
