Campustream 1.0
A social network MQP for WPI
core/lib/signedcookie.php
Go to the documentation of this file.
00001 <?php
00002 
00003 class SignedCookie {
00004         
00005         public static $default_values = array( 'nonce' => '', 'timestamp' => '', 'token' => '' );
00006         public static $last_signature_data = null;
00007         
00008         public static function create( $cookie_name, $params, $secrets=array() ) {
00009         
00010                 $params['token']     = $GLOBALS['SIGNED_COOKIE_TOKEN'];
00011                 $params['timestamp'] = time();
00012                 $params['nonce']     = mt_rand( 0, 10000000 ); // reserved for future use
00013                 
00014                 $signature = self::signature( $params, $secrets );
00015                 
00016                 $cookie_value = self::$last_signature_data . "signature=$signature";
00017 
00018                 setcookie( $cookie_name, $cookie_value, time() + 1209600, '/', $GLOBALS['SESSION_DOMAIN'] );
00019                 
00020         }
00021         
00022         public static function unserialize( $cookie_name ) {
00023                 
00024                 $cookie = array();
00025                 parse_str( $_COOKIE[$cookie_name], $cookie );
00026                 
00027                 // merge with default values, so we know for sure that they exist
00028                 $cookie = array_merge( self::$default_values, $cookie );
00029                 
00030                 return $cookie;
00031                 
00032         }
00033         
00034         public static function verify( $cookie, $secrets=array() ) {
00035                 
00036                 $untrusted_signature = $cookie['signature'];
00037                 unset( $cookie['signature'] );
00038                 
00039                 $signature = self::signature( $cookie, $secrets );
00040                 
00041                 return ( $untrusted_signature === $signature );
00042                 
00043         }
00044         
00045         public static function signature( $data, $secrets=array() ) {
00046                 
00047                 // sort data alphabetically by key
00048                 ksort( $data );
00049                 // turn an array() in key=value&key1=value w/ trailing &
00050                 $data_string = http_build_query( $data ) . '&';
00051                 
00052                 // since sorting and building the value is a potentially expensive
00053                 // operation, lets store it so it can be accessed temporarily until
00054                 // this method is run again
00055                 self::$last_signature_data = $data_string;
00056                 
00057                 // add our default secret to the array
00058                 $secrets['secret'] = $_GLOBALS['SIGNED_COOKIE_SECRET'];
00059                 
00060                 // do the same for the secrets array
00061                 ksort( $secrets );
00062                 $secret_string = http_build_query( $secrets );
00063                 
00064                 $signature = sha1( $data_string . $secret_string );
00065                 
00066                 return $signature;
00067                 
00068         }
00069         
00070 }