Last active
August 29, 2015 14:15
-
-
Save clzola/343c6e97c4267a7e6347 to your computer and use it in GitHub Desktop.
PHP QueryString Signature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Generates signature for provided query string. | |
* | |
* Signature is generated as the md5 of query string | |
* concatanted with length of query string. | |
* If signature generator function is passed then signauture will be | |
* generated using that function. | |
* Use http_build_query function to build query string. | |
* | |
* @param string $query_string Query string | |
* @param function $signature_generator Function used to generate signature. | |
* @return string Signature | |
*/ | |
function generate_query_string_signature($query_string, $signature_generator = null) { | |
if( is_callable($signature_generator) === true ) | |
return $signature_generator($query_string); | |
return md5($query_string) . strlen($query_string); | |
} | |
/** | |
* Signs query string. | |
* | |
* It generated signature for provided query string and appends that signature | |
* at the and of query string as &signature=[SIGNATURE]. | |
* Use http_build_query function to build query string. | |
* | |
* @param string $query_string | |
* @return string Singed query string | |
*/ | |
function sign_query_string($query_string) { | |
return $query_string . "&signature=" . generate_query_string_signature($query_string); | |
} | |
/** | |
* Extracts signature from query string if present. | |
* | |
* It looks for signature at the end of query string and tries to extract | |
* signature value. If signature is not found at the end of query string, | |
* query string might not be signed or it is corrupted. | |
* | |
* @param string $query_string Query string from which signature is extracted. | |
* @return bool|string Returns signature if present otherwise returns FALSE. | |
*/ | |
function extract_signature_from_query_string($query_string) { | |
$chpos = strrpos($query_string, "&"); | |
if($chpos === false) | |
return false; | |
$raw_signature = substr($query_string, $chpos + 1); | |
$chpos = strpos($query_string, "="); | |
if($chpos === false) | |
return false; | |
$extracted_signature = explode("=", $raw_signature); | |
if( count($extracted_signature) != 2 ) | |
return false; | |
if($extracted_signature[0] !== "signature") | |
return false; | |
if(strlen($extracted_signature[1]) < 32) | |
return false; | |
return $extracted_signature[1]; | |
} | |
/** | |
* Verifies if query string is signed. | |
* | |
* It tries to extract signature from query string and verify if signature is | |
* valid or not. If query stirng is not signed it returns false. | |
* | |
* @param string $query_string Query string to be verified. | |
* @return bool Returns true if query string is valid, otherwise returns false. | |
*/ | |
function verify_query_string($query_string) { | |
$signature = extract_signature_from_query_string($query_string); | |
if($signature === false) | |
return false; | |
//Remove signature from url | |
$raw_query_string = substr($query_string, 0, strrpos($query_string, '&')); | |
$raw_signature = generate_query_string_signature($raw_query_string); | |
return ($raw_signature === $signature); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment