clzola/query_string_signature.php

## query_string_signature.php
<?php

/**
 *  Generates signature for provided query string.
 *
 *  Signature is generated as the md5 of query string
 *  concatanted with length of query string.
 *  If signature generator function is passed then signauture will be
 *  generated using that function.
 *  Use http_build_query function to build query string.
 *
 *  @param string $query_string Query string
 *  @param function $signature_generator Function used to generate signature.
 *  @return string Signature
 */
function generate_query_string_signature($query_string, $signature_generator = null) {
    if( is_callable($signature_generator) === true )
        return $signature_generator($query_string);
    return md5($query_string) . strlen($query_string);
}

/**
 *  Signs query string.
 *
 *  It generated signature for provided query string and appends that signature
 *  at the and of query string as &signature=[SIGNATURE].
 *  Use http_build_query function to build query string.
 *
 *  @param string $query_string
 *  @return string Singed query string
 */
function sign_query_string($query_string) {
    return $query_string . "&signature=" . generate_query_string_signature($query_string);
}

/**
 *  Extracts signature from query string if present.
 *
 *  It looks for signature at the end of query string and tries to extract
 *  signature value. If signature is not found at the end of query string,
 *  query string might not be signed or it is corrupted.
 *
 *  @param string $query_string Query string from which signature is extracted.
 *  @return bool|string Returns signature if present otherwise returns FALSE.
 */
function extract_signature_from_query_string($query_string) {
    $chpos = strrpos($query_string, "&");
    if($chpos === false)
        return false;

    $raw_signature = substr($query_string, $chpos + 1);
    $chpos = strpos($query_string, "=");
    if($chpos === false)
        return false;

    $extracted_signature = explode("=", $raw_signature);
    if( count($extracted_signature) != 2 )
        return false;

    if($extracted_signature[0] !== "signature")
        return false;

    if(strlen($extracted_signature[1]) < 32)
        return false;

    return $extracted_signature[1];
}

/**
 *  Verifies if query string is signed.
 *
 *  It tries to extract signature from query string and verify if signature is
 *  valid or not. If query stirng is not signed it returns false.
 *
 *  @param string $query_string Query string to be verified.
 *  @return bool Returns true if query string is valid, otherwise returns false.
 */
function verify_query_string($query_string) {
    $signature = extract_signature_from_query_string($query_string);
    if($signature === false)
        return false;

    //Remove signature from url
    $raw_query_string = substr($query_string, 0, strrpos($query_string, '&'));
    $raw_signature = generate_query_string_signature($raw_query_string);
    return ($raw_signature === $signature);
}
	<?php

	/**
	* Generates signature for provided query string.
	*
	* Signature is generated as the md5 of query string
	* concatanted with length of query string.
	* If signature generator function is passed then signauture will be
	* generated using that function.
	* Use http_build_query function to build query string.
	*
	* @param string $query_string Query string
	* @param function $signature_generator Function used to generate signature.
	* @return string Signature
	*/
	function generate_query_string_signature($query_string, $signature_generator = null) {
	if( is_callable($signature_generator) === true )
	return $signature_generator($query_string);
	return md5($query_string) . strlen($query_string);
	}

	/**
	* Signs query string.
	*
	* It generated signature for provided query string and appends that signature
	* at the and of query string as &signature=[SIGNATURE].
	* Use http_build_query function to build query string.
	*
	* @param string $query_string
	* @return string Singed query string
	*/
	function sign_query_string($query_string) {
	return $query_string . "&signature=" . generate_query_string_signature($query_string);
	}

	/**
	* Extracts signature from query string if present.
	*
	* It looks for signature at the end of query string and tries to extract
	* signature value. If signature is not found at the end of query string,
	* query string might not be signed or it is corrupted.
	*
	* @param string $query_string Query string from which signature is extracted.
	* @return bool\|string Returns signature if present otherwise returns FALSE.
	*/
	function extract_signature_from_query_string($query_string) {
	$chpos = strrpos($query_string, "&");
	if($chpos === false)
	return false;

	$raw_signature = substr($query_string, $chpos + 1);
	$chpos = strpos($query_string, "=");
	if($chpos === false)
	return false;

	$extracted_signature = explode("=", $raw_signature);
	if( count($extracted_signature) != 2 )
	return false;

	if($extracted_signature[0] !== "signature")
	return false;

	if(strlen($extracted_signature[1]) < 32)
	return false;

	return $extracted_signature[1];
	}

	/**
	* Verifies if query string is signed.
	*
	* It tries to extract signature from query string and verify if signature is
	* valid or not. If query stirng is not signed it returns false.
	*
	* @param string $query_string Query string to be verified.
	* @return bool Returns true if query string is valid, otherwise returns false.
	*/
	function verify_query_string($query_string) {
	$signature = extract_signature_from_query_string($query_string);
	if($signature === false)
	return false;

	//Remove signature from url
	$raw_query_string = substr($query_string, 0, strrpos($query_string, '&'));
	$raw_signature = generate_query_string_signature($raw_query_string);
	return ($raw_signature === $signature);
	}