Skip to content

Instantly share code, notes, and snippets.

@phiranf
Created February 14, 2020 11:09
Show Gist options
  • Save phiranf/de2a9d24ae7b52afb9dee789f6543509 to your computer and use it in GitHub Desktop.
Save phiranf/de2a9d24ae7b52afb9dee789f6543509 to your computer and use it in GitHub Desktop.
DocCheck Fetch-API Login validation script
<?php
/*
*
* DocCheck FETCH Login Script
* Set the secret_key that has been provided to you by DocCheck or vice versa in row 12
* Example url:
* domain.tld/fetch.php?dc_fetch_timestamp=1580983484969&dc_fetch_checksum=abcd
*
*/
ob_start();
$secret_key = "SECRET";
$dc_timestamp = $_GET['dc_fetch_timestamp'];
$dc_checksum = $_GET['dc_fetch_checksum'];
$response = array("error");
function check_server_time_difference($time, $time_span) {
$server_time = time();
$min_time = $time - $time_span;
$max_time = $time + $time_span;
if ( ( $server_time >= $min_time ) && ( $server_time <= $max_time ) ) {
return true;
} else {
return false;
}
}
function validate_checksum($key, $timestamp, $checksum) {
$hash = md5('DC_Login_FetchUrl::' . $key . '::' . $timestamp);
if ($hash == $checksum) {
return true;
} else {
return false;
}
}
if (check_server_time_difference($dc_timestamp, 30)) {
if (validate_checksum($secret_key, $dc_timestamp, $dc_checksum)) {
session_start();
$response = array(
'session_id' => session_id()
);
} else {
die("The checksum or the key do not match.");
};
} else {
die ("Timestamp mismatches");
}
// Get rid of all output buffers
ob_end_clean();
// Return session ID to doccheck
return json_encode($response);
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment