8 * @package Authenticator
9 * @author Christian Weiske <cweiske@cweiske.de>
10 * @copyright 2014 Christian Weiske
11 * @license http://www.gnu.org/licenses/agpl.html GNU AGPL v3
12 * @link http://cweiske.de/phancap.htm
17 * Authentication helper methods
20 * @package Authenticator
21 * @author Christian Weiske <cweiske@cweiske.de>
22 * @copyright 2014 Christian Weiske
23 * @license http://www.gnu.org/licenses/agpl.html GNU AGPL v3
24 * @version Release: @package_version@
25 * @link http://cweiske.de/phancap.htm
30 * Validate the authentication signature.
32 * @param object $config Phancap configuration
35 * @throws \Exception When a parameter is missing, or authentication fails
37 public function authenticate(Config $config)
39 if ($config->access === false) {
40 throw new \Exception('Authentication not setup');
42 if ($config->access === true) {
43 //Access without restrictions allowed
47 if (!isset($_GET['atoken'])) {
48 throw new \Exception('Parameter missing: atoken');
50 if (!isset($_GET['asignature'])) {
51 throw new \Exception('Parameter missing: asignature');
53 if (!isset($_GET['atimestamp'])) {
54 throw new \Exception('Parameter missing: atimestamp');
57 $token = $_GET['atoken'];
58 if (!array_key_exists($token, $config->access)) {
59 throw new \Exception('Unknown atoken');
62 $timestamp = (int) $_GET['atimestamp'];
63 if ($timestamp + $config->timestampMaxAge < time()) {
64 throw new \Exception('atimestamp too old');
67 $signature = $_GET['asignature'];
70 unset($params['asignature']);
71 $sigdata = $this->getSignatureData($params);
73 $verifiedSignature = hash_hmac('sha1', $sigdata, $config->access[$token]);
74 if ($signature !== $verifiedSignature) {
75 throw new \Exception('Invalid signature');
80 * Convert a list of parameters into a string that can be hashed.
82 * @param array $params Parameters, key-value pairs
84 * @return string Line of encoded parameters
86 protected function getSignatureData($params)
90 foreach ($params as $key => $value) {
91 $encparams[] = $key . '=' . rawurlencode($value);
93 return implode('&', $encparams);