Changeset 282 for trunk/lib/Utilities.inc.php

Timestamp:

Oct 14, 2007 7:19:17 AM (17 years ago)

Author:

quinn

Message:

Added length arg to *Signature functions; added App::setQuery() method; FormValidator? msg rewording.

File:

• trunk/lib/Utilities.inc.php (modified) (3 diffs)

trunk/lib/Utilities.inc.php

@@ -708 +708 @@
  * @param   string  $val    The string to sign.
  * @param   string  $salt   (Optional) A text key to use for computing the signature.
+ * @param   string  $length (Optional) The length of the added signature. Longer signatures are safer. Must match the length passed to verifySignature() for the signatures to match.
  * @return  string  The original value with a signature appended.
  */
-function addSignature($val, $salt=null)
+function addSignature($val, $salt=null, $length=18)
 {
     $app =& App::getInstance();
@@ -723 +724 @@
     }
 
-    return $val . '-' . mb_substr(md5($salt . md5($val . $salt)), 0, 18);
+    return $val . '-' . mb_substr(md5($salt . md5($val . $salt)), 0, $length);
 }
 
@@ -750 +751 @@
  * @return  bool    True if the signature matches the var.
  */
-function verifySignature($signed_val, $salt=null)
+function verifySignature($signed_val, $salt=null, $length=18)
 {
     // Strip the value from the signed value.
     $val = removeSignature($signed_val);
     // If the signed value matches the original signed value we consider the value safe.
-    if ($signed_val == addSignature($val, $salt)) {
+    if ($signed_val == addSignature($val, $salt, $length)) {
         // Signature verified.
         return true;