2.3/UrlSigner_8php_source.html

 <?php


 namespace Elgg\Security;


 class UrlSigner {


     const KEY_MAC = '__elgg_mac';

     const KEY_EXPIRES = '__elgg_exp';


     public function sign($url, $expires = false) {

         $url = elgg_normalize_url($url);


         $parts = parse_url($url);


         if (isset($parts['query'])) {

             $query = elgg_parse_str($parts['query']);

         } else {

             $query = [];

         }


         if (isset($query[self::KEY_MAC])) {

             throw new \InvalidArgumentException('URL has already been signed');

         }


         if ($expires) {

             $query[self::KEY_EXPIRES] = strtotime($expires);

         }


         ksort($query);


         $parts['query'] = http_build_query($query);


         $url = elgg_http_build_url($parts, false);


         $token = elgg_build_hmac($url)->getToken();


         return elgg_http_add_url_query_elements($url, [

             self::KEY_MAC => $token,

         ]);

     }


     public function isValid($url) {


         $parts = parse_url($url);


         if (isset($parts['query'])) {

             $query = elgg_parse_str($parts['query']);

         } else {

             $query = [];

         }


         if (!isset($query[self::KEY_MAC])) {

             // No signature found

             return false;

         }


         $token = $query[self::KEY_MAC];

         unset($query[self::KEY_MAC]);


         if (isset($query[self::KEY_EXPIRES]) && $query[self::KEY_EXPIRES] < time()) {

             // Signature has expired

             return false;

         }


         ksort($query);


         $parts['query'] = http_build_query($query);


         $url = elgg_http_build_url($parts, false);


         return elgg_build_hmac($url)->matchesToken($token);


     }

 }

elgg_build_hmac
elgg_build_hmac($data)
Get an HMAC token builder/validator object.
Definition: actions.php:118

Elgg\Security\UrlSigner
Component for creating signed URLs.
Definition: UrlSigner.php:10

Elgg\Security\UrlSigner\sign
sign($url, $expires=false)
Normalizes and signs the URL with SHA256 HMAC key.
Definition: UrlSigner.php:27

Elgg\Security\UrlSigner\isValid
isValid($url)
Validates HMAC signature.
Definition: UrlSigner.php:65

Elgg\Security\UrlSigner\KEY_EXPIRES
const KEY_EXPIRES
Definition: UrlSigner.php:13

Elgg\Security\UrlSigner\KEY_MAC
const KEY_MAC
Definition: UrlSigner.php:12

elgg_http_build_url
elgg_http_build_url(array $parts, $html_encode=true)
Builds a URL from the a parts array like one returned by parse_url().
Definition: elgglib.php:1116

elgg_http_add_url_query_elements
elgg_http_add_url_query_elements($url, array $elements)
Sets elements in a URL's query string.
Definition: elgglib.php:1199

$url
$url
Definition: exceptions.php:24

elgg_parse_str
elgg_parse_str($str)
Parses a string using mb_parse_str() if available.
Definition: mb_wrapper.php:19

Elgg\Security
Definition: Base64Url.php:2

elgg_normalize_url
elgg_normalize_url($url)
Definition: output.php:280

$token
$token
Definition: securitytoken.php:12

time
elgg subtext time
Definition: typography.css.php:121