You are here

public function OAuthSignatureMethod::check_signature in OAuth 1.0 6.3

Same name and namespace in other branches
  1. 6 OAuth.php \OAuthSignatureMethod::check_signature()
  2. 7.3 lib/OAuth.php \OAuthSignatureMethod::check_signature()

Verifies that a given signature is correct

Parameters

OAuthRequest $request:

OAuthConsumer $consumer:

OAuthToken $token:

string $signature:

Return value

bool

1 method overrides OAuthSignatureMethod::check_signature()
OAuthSignatureMethod_RSA_SHA1::check_signature in lib/OAuth.php
Verifies that a given signature is correct

File

lib/OAuth.php, line 97
OAuth 1.0 server and client library.

Class

OAuthSignatureMethod
A class for implementing a Signature Method See section 9 ("Signing Requests") in the spec

Code

public function check_signature($request, $consumer, $token, $signature) {
  $built = $this
    ->build_signature($request, $consumer, $token);

  // Check for zero length, although unlikely here
  if (strlen($built) == 0 || strlen($signature) == 0) {
    return false;
  }
  if (strlen($built) != strlen($signature)) {
    return false;
  }

  // Avoid a timing leak with a (hopefully) time insensitive compare
  $result = 0;
  for ($i = 0; $i < strlen($signature); $i++) {
    $result |= ord($built[$i]) ^ ord($signature[$i]);
  }
  return $result == 0;
}