Yubikey Management Server: yms/validate-functions.php@351d40b21cbc (annotated)

0 9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	1	<?php
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	2
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	3	function yms_send_reply($result, $api_key = '', $extra = array())
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	4	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	5	header('Content-type: text/plain');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	6
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	7	global $g_api_key;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	8
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	9	if ( empty($api_key) )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	10	$api_key = $g_api_key;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	11
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	12	if ( empty($api_key) )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	13	$api_key = base64_encode("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00");
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	14
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	15	$now = gmdate("Y-m-d\TH:i:s");
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	16	echo yms_generate_signed_response(array_merge($extra, array(
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	17	't' => $now,
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	18	'status' => $result
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	19	)), $api_key);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	20
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	21	exit;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	22	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	23
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	24	function yms_generate_signed_response($response, $api_key)
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	25	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	26	$hash = yms_val_sign($response, $api_key);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	27	$result = "h={$hash}\n";
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	28	foreach ( $response as $key => $value )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	29	{
10 351d40b21cbc Cursory wsapi v2.0 support (backwards compatible) Dan Fuhry <dan@enanocms.org> parents: 0 diff changeset	30	if ( $value === null )
351d40b21cbc Cursory wsapi v2.0 support (backwards compatible) Dan Fuhry <dan@enanocms.org> parents: 0 diff changeset	31	{
351d40b21cbc Cursory wsapi v2.0 support (backwards compatible) Dan Fuhry <dan@enanocms.org> parents: 0 diff changeset	32	continue;
351d40b21cbc Cursory wsapi v2.0 support (backwards compatible) Dan Fuhry <dan@enanocms.org> parents: 0 diff changeset	33	}
0 9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	34	$result .= "{$key}={$value}\n";
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	35	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	36	return trim($result);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	37	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	38
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	39	function yms_val_sign($response, $api_key)
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	40	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	41	foreach ( array('h', 'title', 'auth') as $key )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	42	if ( isset($response[$key]) )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	43	unset($response[$key]);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	44
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	45	ksort($response);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	46
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	47	$signstr = array();
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	48	foreach ( $response as $key => $value )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	49	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	50	$signstr[] = "$key=$value";
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	51	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	52
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	53	$signstr = implode('&', $signstr);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	54
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	55	$api_key = yms_hex_encode(base64_decode($api_key));
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	56	$hash = hmac_sha1($signstr, $api_key);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	57	$hash = yms_hex_decode($hash);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	58	$hash = base64_encode($hash);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	59
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	60	return $hash;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	61	}

author	Dan Fuhry <dan@enanocms.org>
	Fri, 08 Apr 2016 17:23:16 -0400
changeset 10	351d40b21cbc
parent 0	9997bee9ad03
permissions	-rw-r--r--