Skip to content
Snippets Groups Projects
Commit 3272e219 authored by hahn's avatar hahn
Browse files

task#3869 - initial stuff for API 

deny timestamps in the future too.
parent 3ee24590
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
public_html/api/index.php
+ 7
1
View file @ 3272e219
...@@ -84,6 +84,9 @@ ...@@ -84,6 +84,9 @@
if(!isset($aReqHeaders['Authorization'])){ if(!isset($aReqHeaders['Authorization'])){
_quit('Access denied. Missing authorization.', 403); _quit('Access denied. Missing authorization.', 403);
} }
if(!isset($aReqHeaders['Date'])){
_quit('Access denied. Missing field "Date:" in the request header.', 403);
}
$sGotHash= preg_replace('/^.*\:/', '', $aReqHeaders['Authorization']); $sGotHash= preg_replace('/^.*\:/', '', $aReqHeaders['Authorization']);
$sGotDate= $aReqHeaders['Date']; $sGotDate= $aReqHeaders['Date'];
...@@ -103,7 +106,10 @@ ...@@ -103,7 +106,10 @@
$iAge=date('U')-date('U', strtotime($sGotDate)); $iAge=date('U')-date('U', strtotime($sGotDate));
_wd('Date: '.$sGotDate.' - age: '.$iAge.' sec'); _wd('Date: '.$sGotDate.' - age: '.$iAge.' sec');
if($iAge>$iMaxAge){ if($iAge>$iMaxAge){
_quit('Access denied. Hash is out of date: '.$iAge. ' sec is older '.$iMaxAge.' sec', 403); _quit('Access denied. Hash is out of date: '.$iAge. ' sec is older '.$iMaxAge.' sec. Maybe client or server is out of sync.', 403);
}
if($iAge<-$iMaxAge){
_quit('Access denied. Hash is '.$iAge. ' sec in future but only '.$iMaxAge.' sec are allowed. Maybe client or server is out of sync.', 403);
} }
return true; return true;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment