109 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			109 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| 
 | |
| /**
 | |
|  * Nonce-related functionality.
 | |
|  *
 | |
|  * @package OpenID
 | |
|  */
 | |
| 
 | |
| /**
 | |
|  * Need CryptUtil to generate random strings.
 | |
|  */
 | |
| require_once 'Auth/OpenID/CryptUtil.php';
 | |
| 
 | |
| /**
 | |
|  * This is the characters that the nonces are made from.
 | |
|  */
 | |
| define('Auth_OpenID_Nonce_CHRS',"abcdefghijklmnopqrstuvwxyz" .
 | |
|        "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
 | |
| 
 | |
| // Keep nonces for five hours (allow five hours for the combination of
 | |
| // request time and clock skew). This is probably way more than is
 | |
| // necessary, but there is not much overhead in storing nonces.
 | |
| global $Auth_OpenID_SKEW;
 | |
| $Auth_OpenID_SKEW = 60 * 60 * 5;
 | |
| 
 | |
| define('Auth_OpenID_Nonce_REGEX',
 | |
|        '/(\d{4})-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)Z(.*)/');
 | |
| 
 | |
| define('Auth_OpenID_Nonce_TIME_FMT',
 | |
|        '%Y-%m-%dT%H:%M:%SZ');
 | |
| 
 | |
| function Auth_OpenID_splitNonce($nonce_string)
 | |
| {
 | |
|     // Extract a timestamp from the given nonce string
 | |
|     $result = preg_match(Auth_OpenID_Nonce_REGEX, $nonce_string, $matches);
 | |
|     if ($result != 1 || count($matches) != 8) {
 | |
|         return null;
 | |
|     }
 | |
| 
 | |
|     list($unused,
 | |
|          $tm_year,
 | |
|          $tm_mon,
 | |
|          $tm_mday,
 | |
|          $tm_hour,
 | |
|          $tm_min,
 | |
|          $tm_sec,
 | |
|          $uniquifier) = $matches;
 | |
| 
 | |
|     $timestamp =
 | |
|         @gmmktime($tm_hour, $tm_min, $tm_sec, $tm_mon, $tm_mday, $tm_year);
 | |
| 
 | |
|     if ($timestamp === false || $timestamp < 0) {
 | |
|         return null;
 | |
|     }
 | |
| 
 | |
|     return array($timestamp, $uniquifier);
 | |
| }
 | |
| 
 | |
| function Auth_OpenID_checkTimestamp($nonce_string,
 | |
|                                     $allowed_skew = null,
 | |
|                                     $now = null)
 | |
| {
 | |
|     // Is the timestamp that is part of the specified nonce string
 | |
|     // within the allowed clock-skew of the current time?
 | |
|     global $Auth_OpenID_SKEW;
 | |
| 
 | |
|     if ($allowed_skew === null) {
 | |
|         $allowed_skew = $Auth_OpenID_SKEW;
 | |
|     }
 | |
| 
 | |
|     $parts = Auth_OpenID_splitNonce($nonce_string);
 | |
|     if ($parts == null) {
 | |
|         return false;
 | |
|     }
 | |
| 
 | |
|     if ($now === null) {
 | |
|         $now = time();
 | |
|     }
 | |
| 
 | |
|     $stamp = $parts[0];
 | |
| 
 | |
|     // Time after which we should not use the nonce
 | |
|     $past = $now - $allowed_skew;
 | |
| 
 | |
|     // Time that is too far in the future for us to allow
 | |
|     $future = $now + $allowed_skew;
 | |
| 
 | |
|     // the stamp is not too far in the future and is not too far
 | |
|     // in the past
 | |
|     return (($past <= $stamp) && ($stamp <= $future));
 | |
| }
 | |
| 
 | |
| function Auth_OpenID_mkNonce($when = null)
 | |
| {
 | |
|     // Generate a nonce with the current timestamp
 | |
|     $salt = Auth_OpenID_CryptUtil::randomString(
 | |
|         6, Auth_OpenID_Nonce_CHRS);
 | |
|     if ($when === null) {
 | |
|         // It's safe to call time() with no arguments; it returns a
 | |
|         // GMT unix timestamp on PHP 4 and PHP 5.  gmmktime() with no
 | |
|         // args returns a local unix timestamp on PHP 4, so don't use
 | |
|         // that.
 | |
|         $when = time();
 | |
|     }
 | |
|     $time_str = gmstrftime(Auth_OpenID_Nonce_TIME_FMT, $when);
 | |
|     return $time_str . $salt;
 | |
| }
 | |
| 
 |