/** * Sign the data * @method sign * @static * @param {array} $data * @param {array} $field_keys * @return {array} */ static function sign($data, $field_keys = null) { $secret = Q_Config::get('Q', 'internal', 'secret', null); if (isset($secret)) { if (!$field_keys) { $sf = Q_Config::get('Q', 'internal', 'sigField', 'sig'); $field_keys = array("Q.{$sf}"); } $ref =& $data; for ($i = 0, $c = count($field_keys); $i < $c - 1; ++$i) { if (!array_key_exists($field_keys[$i], $ref)) { $ref[$field_keys[$i]] = array(); } $ref =& $ref[$field_keys[$i]]; } $ref[end($field_keys)] = Q_Utils::signature($data, $secret); } return $data; }
/** * Validates the signature of the request (from Q_Request::special('sig', null)) * @method signature * @static * @param {boolean} [$throwIfInvalid=false] If true, throws an exception if the nonce is invalid. * @return {boolean} Whether the phone number seems like it could be valid * @throws {Q_Exception_FailedValidation} */ static function signature($throwIfInvalid = false) { $secret = Q_Config::get('Q', 'internal', 'secret', null); if (!isset($secret)) { return true; } $sgf = Q_Config::get('Q', 'internal', 'sigField', 'sig'); $invalid = false; if (!Q_Request::special($sgf, null)) { $invalid = true; } else { $req = $_REQUEST; unset($req["Q.{$sgf}"]); unset($req["Q_{$sgf}"]); if (Q_Utils::signature($req, $secret) !== Q_Request::special($sgf, null)) { $invalid = true; } } if (!$invalid) { return true; } if ($throwIfInvalid) { header("HTTP/1.0 403 Forbidden"); $message = Q_Config::get('Q', 'internal', 'sigMessage', "The signature did not match."); throw new Q_Exception_FailedValidation(compact('message'), array("Q.{$sgf}", "_[{$sgf}]")); } return false; }
/** * Validates the signature of the request (from Q_Request::special('sig', null)) * @method signature * @static * @param {boolean} [$throwIfInvalid=false] If true, throws an exception if the nonce is invalid. * @param {array} [$data=$_REQUEST] The data to check the signature of * @param {array|string} [$fieldKeys] Path of the key under which to save signature * @return {boolean} Whether the phone number seems like it could be valid * @throws {Q_Exception_FailedValidation} */ static function signature($throwIfInvalid = false, $data = null, $fieldKeys = null) { if (!isset($data)) { $data = $_REQUEST; } $secret = Q_Config::get('Q', 'internal', 'secret', null); if (!isset($secret)) { return true; } $invalid = true; if (is_array($fieldKeys)) { $ref =& $data; foreach ($fieldKeys as $k) { if (!isset($k)) { break; } $ref2 =& $ref; $ref =& $ref[$k]; } if ($ref) { $signature = $ref; unset($ref2[$k]); $calculated = Q_Utils::signature($data, $secret); if ($calculated === $signature) { $invalid = false; } else { // try with null $ref2[$k] = null; $calculated = Q_Utils::signature($data, $secret); if ($calculated === $signature) { $invalid = false; } } } } else { if (is_string($fieldKeys)) { $signature = $fieldKeys; } else { $sgf = Q_Config::get('Q', 'internal', 'sigField', 'sig'); $signature = Q_Request::special($sgf, null, $data); } if ($signature) { $invalid = false; $req = $data; unset($req["Q.{$sgf}"]); unset($req["Q_{$sgf}"]); if (Q_Utils::signature($req, $secret) !== $signature) { $invalid = true; } } } if (!$invalid) { return true; } if ($throwIfInvalid) { header("HTTP/1.0 403 Forbidden"); $message = Q_Config::get('Q', 'internal', 'sigMessage', "The signature did not match."); throw new Q_Exception_FailedValidation(compact('message'), array("Q.{$sgf}", "_[{$sgf}]")); } return false; }