You are here

function bakery_validate_data in Bakery Single Sign-On System 6.2

Same name and namespace in other branches
  1. 7.4 bakery.module \bakery_validate_data()
  2. 7.2 bakery.module \bakery_validate_data()

Validate signature and decrypt data.

Parameters

String of Bakery data, base64 encoded.:

Optional string defining the type of data this is.:

Return value

FALSE if the data is not valid otherwise returns the unserialized data.

6 calls to bakery_validate_data()
bakery_request_account in ./bakery.module
Request account information from master to create account locally.
bakery_taste_gingerbread_cookie in ./bakery.module
Validate the account information request.
bakery_taste_oatmeal_cookie in ./bakery.module
bakery_taste_stroopwafel_cookie in ./bakery.module
Validate update request.
bakery_taste_thinmint_cookie in ./bakery.module
Verify the validation request.

... See full list

File

./bakery.module, line 908

Code

function bakery_validate_data($data, $type = NULL) {
  $key = variable_get('bakery_key', '');
  $data = base64_decode($data);
  $signature = substr($data, 0, 64);
  $encrypted_data = substr($data, 64);
  if ($signature !== hash_hmac('sha256', $encrypted_data, $key)) {
    return FALSE;
  }
  $decrypted_data = unserialize(bakery_decrypt($encrypted_data));

  // Prevent one cookie being used in place of another.
  if ($type !== NULL && $decrypted_data['type'] !== $type) {
    return FALSE;
  }

  // Allow cookies to expire when the browser closes.
  if (variable_get('bakery_freshness', '3600') == 0 || $decrypted_data['timestamp'] + variable_get('bakery_freshness', '3600') >= $_SERVER['REQUEST_TIME']) {
    return $decrypted_data;
  }
  return FALSE;
}