blob: bc72281e1c9060f28f7bfcacb037e9272ca51248 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
<?php
if ( ! class_exists( 'WMobilePack_Tokens' ) ) {
/**
* Class WMobilePack_Tokens
*
* Contains different methods for setting / getting tokens
*/
class WMobilePack_Tokens
{
/**
*
* Method used to create a token for the comments form.
*
* The method returns a string formed using the encoded domain and a timestamp.
*
* @return string
*
*/
public static function get_token()
{
$token = md5(md5(get_bloginfo("wpurl")).WMP_CODE_KEY);
// encode token again
$token = base64_encode($token.'_'.strtotime('+1 hour'));
// generate token
return $token;
}
/**
*
* Method used to check if a generated token is valid.
*
* The method returns true if the token is valid and false otherwise.
*
* @param $token - string
* @param $webapp_id - The webapp's id (from Premium settings)
* @return bool
*
*/
public static function check_token($token, $webapp_id = false)
{
if (base64_decode($token,true)){
// decode token to get timestamp and encoded url
$decoded_token = base64_decode($token,true);
if (strpos($decoded_token, "_") !== FALSE) {
// get params
$arrParams = explode('_',$decoded_token);
if (is_array($arrParams) && !empty($arrParams) && count($arrParams) == 2) {
// check timestamp
if (time() < $arrParams[1]) {
// get the generated encoded domain
$generated_url = md5(md5(get_bloginfo("wpurl")).WMP_CODE_KEY);
// check encoded domain
if ($arrParams[0] == $generated_url)
return true;
// get the generated encoded webappid
if ($webapp_id !== false) {
$generated_id = md5(md5($webapp_id));
if ($arrParams[0] == $generated_id)
return true;
}
}
}
}
}
// by default return false;
return false;
}
}
}
|
GitWeb