function bakery_validate_data in Bakery Single Sign-On System 6.2
Same name and namespace in other branches
- 7.4 bakery.module \bakery_validate_data()
- 7.2 bakery.module \bakery_validate_data()
Validate signature and decrypt data.
Parameters
String of Bakery data, base64 encoded.:
Optional string defining the type of data this is.:
Return value
FALSE if the data is not valid otherwise returns the unserialized data.
6 calls to bakery_validate_data()
- bakery_request_account in ./
bakery.module - Request account information from master to create account locally.
- bakery_taste_gingerbread_cookie in ./
bakery.module - Validate the account information request.
- bakery_taste_oatmeal_cookie in ./
bakery.module - bakery_taste_stroopwafel_cookie in ./
bakery.module - Validate update request.
- bakery_taste_thinmint_cookie in ./
bakery.module - Verify the validation request.
File
- ./
bakery.module, line 908
Code
function bakery_validate_data($data, $type = NULL) {
$key = variable_get('bakery_key', '');
$data = base64_decode($data);
$signature = substr($data, 0, 64);
$encrypted_data = substr($data, 64);
if ($signature !== hash_hmac('sha256', $encrypted_data, $key)) {
return FALSE;
}
$decrypted_data = unserialize(bakery_decrypt($encrypted_data));
// Prevent one cookie being used in place of another.
if ($type !== NULL && $decrypted_data['type'] !== $type) {
return FALSE;
}
// Allow cookies to expire when the browser closes.
if (variable_get('bakery_freshness', '3600') == 0 || $decrypted_data['timestamp'] + variable_get('bakery_freshness', '3600') >= $_SERVER['REQUEST_TIME']) {
return $decrypted_data;
}
return FALSE;
}