Changeset 500 for trunk/lib/Utilities.inc.php
- Timestamp:
- Nov 15, 2014 9:34:39 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Utilities.inc.php
r497 r500 945 945 * environment variable set in httpd.conf is a good place. 946 946 * 947 * TODO: consider using more bits-per-character, such as done with: 948 * http://www.php.net/manual/en/function.sha1.php#86239 949 * http://blog.kevburnsjr.com/php-unique-hash 950 * 947 951 * @access public 948 952 * @param string $val The string to sign. … … 964 968 } 965 969 966 // TODO: consider using more bits-per-character, such as done with: 967 // http://www.php.net/manual/en/function.sha1.php#86239 968 // http://blog.kevburnsjr.com/php-unique-hash 969 return $val . '-' . mb_strtolower(mb_substr(md5($salt . md5($val . $salt)), 0, $length)); 970 switch ($app->getParam('signing_method')) { 971 case 'sha512+base64': 972 return $val . '-' . mb_substr(preg_replace('/[^\w]/', '', base64_encode(hash('sha512', $val . $salt, true))), 0, $length); 973 974 case 'md5': 975 default: 976 return $val . '-' . mb_strtolower(mb_substr(md5($salt . md5($val . $salt)), 0, $length)); 977 } 970 978 } 971 979 … … 986 994 987 995 /** 988 * Verifies a signature appen ed to a value by addSignature().996 * Verifies a signature appended to a value by addSignature(). 989 997 * 990 998 * @access public … … 995 1003 function verifySignature($signed_val, $salt=null, $length=18) 996 1004 { 997 // All comparisons are done using lower-case strings.998 $signed_val = mb_strtolower($signed_val);999 1005 // Strip the value from the signed value. 1000 1006 $val = removeSignature($signed_val); … … 1004 1010 return true; 1005 1011 } else { 1012 $app =& App::getInstance(); 1013 $app->logMsg(sprintf('Failed signature (%s should be %s)', $signed_val, addSignature($val, $salt, $length)), LOG_DEBUG, __FILE__, __LINE__); 1006 1014 return false; 1007 1015 } … … 1255 1263 } 1256 1264 } 1257
Note: See TracChangeset
for help on using the changeset viewer.