Campustream 1.0
A social network MQP for WPI
|
00001 <?php 00002 00003 class SignedCookie { 00004 00005 public static $default_values = array( 'nonce' => '', 'timestamp' => '', 'token' => '' ); 00006 public static $last_signature_data = null; 00007 00008 public static function create( $cookie_name, $params, $secrets=array() ) { 00009 00010 $params['token'] = $GLOBALS['SIGNED_COOKIE_TOKEN']; 00011 $params['timestamp'] = time(); 00012 $params['nonce'] = mt_rand( 0, 10000000 ); // reserved for future use 00013 00014 $signature = self::signature( $params, $secrets ); 00015 00016 $cookie_value = self::$last_signature_data . "signature=$signature"; 00017 00018 setcookie( $cookie_name, $cookie_value, time() + 1209600, '/', $GLOBALS['SESSION_DOMAIN'] ); 00019 00020 } 00021 00022 public static function unserialize( $cookie_name ) { 00023 00024 $cookie = array(); 00025 parse_str( $_COOKIE[$cookie_name], $cookie ); 00026 00027 // merge with default values, so we know for sure that they exist 00028 $cookie = array_merge( self::$default_values, $cookie ); 00029 00030 return $cookie; 00031 00032 } 00033 00034 public static function verify( $cookie, $secrets=array() ) { 00035 00036 $untrusted_signature = $cookie['signature']; 00037 unset( $cookie['signature'] ); 00038 00039 $signature = self::signature( $cookie, $secrets ); 00040 00041 return ( $untrusted_signature === $signature ); 00042 00043 } 00044 00045 public static function signature( $data, $secrets=array() ) { 00046 00047 // sort data alphabetically by key 00048 ksort( $data ); 00049 // turn an array() in key=value&key1=value w/ trailing & 00050 $data_string = http_build_query( $data ) . '&'; 00051 00052 // since sorting and building the value is a potentially expensive 00053 // operation, lets store it so it can be accessed temporarily until 00054 // this method is run again 00055 self::$last_signature_data = $data_string; 00056 00057 // add our default secret to the array 00058 $secrets['secret'] = $_GLOBALS['SIGNED_COOKIE_SECRET']; 00059 00060 // do the same for the secrets array 00061 ksort( $secrets ); 00062 $secret_string = http_build_query( $secrets ); 00063 00064 $signature = sha1( $data_string . $secret_string ); 00065 00066 return $signature; 00067 00068 } 00069 00070 }