function honeypot_get_time_from_signed_timestamp in Honeypot 7

Validate a signed timestamp.

Parameters

string $signed_timestamp: A timestamp concateneted with the signature

Return value

int The timestamp if the signature is correct, 0 otherwise.

2 calls to honeypot_get_time_from_signed_timestamp()

_honeypot_get_interval_from_signed_js_value in ./honeypot.module: Returns an interval if the given javascript submitted value is valid.
_honeypot_time_restriction_validate in ./honeypot.module: Validate honeypot's time restriction field.

File

./honeypot.module, line 574: Honeypot module, for deterring spam bots from completing Drupal forms.

Code

function honeypot_get_time_from_signed_timestamp($signed_timestamp) {
  $honeypot_time = 0;

  // Fail fast if timestamp was forged or saved with an older Honeypot version.
  if (strpos($signed_timestamp, '|') === FALSE) {
    return $honeypot_time;
  }
  list($timestamp, $received_hmac) = explode('|', $signed_timestamp);
  if ($timestamp && $received_hmac) {
    $calculated_hmac = drupal_hmac_base64($timestamp, drupal_get_private_key());

    // Prevent leaking timing information, compare second order hmacs.
    $random_key = drupal_random_bytes(32);
    if (drupal_hmac_base64($calculated_hmac, $random_key) === drupal_hmac_base64($received_hmac, $random_key)) {
      $honeypot_time = $timestamp;
    }
  }
  return $honeypot_time;
}

You are here

function honeypot_get_time_from_signed_timestamp in Honeypot 7

Parameters

Return value

File

Code

API Navigation