function urllogin_decode in urllogin 6
Same name and namespace in other branches
- 8 urllogin_security.inc \urllogin_decode()
- 7 urllogin_security.inc \urllogin_decode()
- 2.x urllogin_security.inc \urllogin_decode()
Decodes an encoded url string into a user ID and tests validity. If the uid matches the current one supplied, then it is valid even if link is expired. This is so that the user for whom the link is intended does not get an error message if they are logged in and click on an old link, but instead still get redirected.
Parameters
string $urlstr: encoded url string
int $codekey: Integer containing current active code (maximum allowable value)
int $codemin: Integer containing minimum allowable value of code
string $passkey: String containing encryption key phrase
string $errormsg: Contains error message if function fails.
int $currentuid: Contains optional current uid
Return value
int Return UID if successful, -1 if fail, -2 if link expired
2 calls to urllogin_decode()
- urllogin_link_page in ./
urllogin.inc - This is the function that actually performs the login.
- urllogin_test_page in ./
urllogin.inc - Diagnostic test page for setting up urllogin urls.
File
- ./
urllogin_security.inc, line 210 - Include file for urllogin security functions. This module is designed for easy drop-in replacement where an alternative encryption model is required.
Code
function urllogin_decode($urlstr, $codekey, $codemin, $passkey, &$errormsg, $currentuid = -1) {
if (!urllogin_base64dec($i, $j, $x, $urlstr)) {
$errormsg = 'Invalid Base64 URL string';
return -1;
}
if (!urllogin_decrypt($i, $j, $x, $passkey)) {
$errormsg = "Invalid access string";
return -1;
}
if (($j < $codemin or $j > $codekey) and $i != $currentuid) {
$errormsg = "code: {$j} outside permitted range: {$codemin} to {$codekey}";
return -2;
}
return $i;
}