-
-
Save akroii/8a6364d75df56075c42fb87801532bb4 to your computer and use it in GitHub Desktop.
DocCheck Fetch-API Login validation script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
* | |
* DocCheck FETCH Login Script | |
* Set the secret_key that has been provided to you by DocCheck or vice versa in row 12 | |
* Example url: | |
* domain.tld/fetch.php?dc_fetch_timestamp=1580983484969&dc_fetch_checksum=abcd | |
* | |
*/ | |
ob_start(); | |
$secret_key = "SECRET"; | |
$dc_timestamp = $_GET['dc_fetch_timestamp']; | |
$dc_checksum = $_GET['dc_fetch_checksum']; | |
$response = array("error"); | |
function check_server_time_difference($time, $time_span) { | |
$server_time = time(); | |
$min_time = $time - $time_span; | |
$max_time = $time + $time_span; | |
if ( ( $server_time >= $min_time ) && ( $server_time <= $max_time ) ) { | |
return true; | |
} else { | |
return false; | |
} | |
} | |
function validate_checksum($key, $timestamp, $checksum) { | |
$hash = md5('DC_Login_FetchUrl::' . $key . '::' . $timestamp); | |
if ($hash == $checksum) { | |
return true; | |
} else { | |
return false; | |
} | |
} | |
if (check_server_time_difference($dc_timestamp, 30)) { | |
if (validate_checksum($secret_key, $dc_timestamp, $dc_checksum)) { | |
session_start(); | |
$response = array( | |
'session_id' => session_id() | |
); | |
} else { | |
die("The checksum or the key do not match."); | |
}; | |
} else { | |
die ("Timestamp mismatches"); | |
} | |
// Get rid of all output buffers | |
ob_end_clean(); | |
// Return session ID to doccheck | |
return json_encode($response); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment