|
|
@@ -0,0 +1,58 @@ |
|
|
<?php |
|
|
|
|
|
/** |
|
|
* Url Signing Helper Class |
|
|
* |
|
|
* @author Paul Ferrett <[email protected]> |
|
|
* @license http://opensource.org/licenses/gpl-license.php GNU Public License |
|
|
*/ |
|
|
class UrlSigning { |
|
|
|
|
|
/** |
|
|
* Sign a URL |
|
|
* |
|
|
* @param string $url |
|
|
* @param string $private_key |
|
|
* @param string $param_name |
|
|
* @return string Signed URL |
|
|
*/ |
|
|
public static function getSignedUrl($url, $private_key, $param_name = 'signature') { |
|
|
$join = parse_url($url, PHP_URL_QUERY) ? '&' : '?'; |
|
|
return $url . $join . $param_name . '=' . self::getUrlSignature($url, $private_key); |
|
|
} |
|
|
|
|
|
/** |
|
|
* Get the signature for the given URL |
|
|
* |
|
|
* @param string $url |
|
|
* @param string $private_key |
|
|
* @return string URL signature string |
|
|
*/ |
|
|
public static function getUrlSignature($url, $private_key) { |
|
|
return md5($url . ':' . $private_key); |
|
|
} |
|
|
|
|
|
/** |
|
|
* Check that the given URL is correctly signed |
|
|
* |
|
|
* @param string $url |
|
|
* @param string $private_key |
|
|
* @param string $param_name |
|
|
* @return bool True if URL contains valid signature, false otherwise |
|
|
*/ |
|
|
public static function verifySignedUrl($url, $private_key, $param_name = 'signature') { |
|
|
$param_name = preg_quote($param_name); |
|
|
if(!preg_match($regex = "/&?{$param_name}=([0-9a-f]{32})/", $url, $matches)) { |
|
|
return false; |
|
|
} |
|
|
|
|
|
// Get the signature param |
|
|
$passed_sig = $matches[1]; |
|
|
|
|
|
// Strip signature from the given URL |
|
|
$url = preg_replace($regex, '', $url); |
|
|
|
|
|
// Check that the given signature matches the correct one |
|
|
return self::getUrlSignature($url, $private_key) === $passed_sig; |
|
|
} |
|
|
} |
paulferrett revised this gist