本文整理汇总了PHP中rsa_verify函数的典型用法代码示例。如果您正苦于以下问题:PHP rsa_verify函数的具体用法?PHP rsa_verify怎么用?PHP rsa_verify使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了rsa_verify函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: post
function post()
{
$hash = $_POST['hash'];
$time = $_POST['time'];
$sig = $_POST['signature'];
$resource = $_POST['resource'];
$revision = intval($_POST['revision']);
if (!$hash) {
killme();
}
$channel = channelx_by_hash($hash);
if (!$channel || !$time || !$sig) {
killme();
}
$slop = intval(get_pconfig($channel['channel_id'], 'system', 'getfile_time_slop'));
if ($slop < 1) {
$slop = 3;
}
$d1 = datetime_convert('UTC', 'UTC', "now + {$slop} minutes");
$d2 = datetime_convert('UTC', 'UTC', "now - {$slop} minutes");
if ($time > $d1 || $time < $d2) {
logger('time outside allowable range');
killme();
}
if (!rsa_verify($hash . '.' . $time, base64url_decode($sig), $channel['channel_pubkey'])) {
logger('verify failed.');
killme();
}
$r = attach_by_hash($resource, $revision);
if (!$r['success']) {
notice($r['message'] . EOL);
return;
}
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($r['data']['filetype'], $unsafe_types)) {
header('Content-type: text/plain');
} else {
header('Content-type: ' . $r['data']['filetype']);
}
header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"');
if (intval($r['data']['os_storage'])) {
$fname = dbunescbin($r['data']['data']);
if (strpos($fname, 'store') !== false) {
$istream = fopen($fname, 'rb');
} else {
$istream = fopen('store/' . $channel['channel_address'] . '/' . $fname, 'rb');
}
$ostream = fopen('php://output', 'wb');
if ($istream && $ostream) {
pipe_streams($istream, $ostream);
fclose($istream);
fclose($ostream);
}
} else {
echo dbunescbin($r['data']['data']);
}
killme();
}示例2: Verify
function Verify($channel, $hubloc)
{
logger('auth request received from ' . $hubloc['hubloc_addr']);
$this->remote = remote_channel();
$this->remote_service_class = '';
$this->remote_level = 0;
$this->remote_hub = $hubloc['hubloc_url'];
$this->dnt = 0;
// check credentials and access
// If they are already authenticated and haven't changed credentials,
// we can save an expensive network round trip and improve performance.
// Also check that they are coming from the same site as they authenticated with originally.
$already_authed = remote_channel() && $hubloc['hubloc_hash'] == remote_channel() && $hubloc['hubloc_url'] === $_SESSION['remote_hub'] ? true : false;
if ($this->delegate && $this->delegate !== $_SESSION['delegate_channel']) {
$already_authed = false;
}
if ($already_authed) {
return true;
}
if (local_channel()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if (\App::$channel['channel_hash'] == $hubloc['xchan_hash']) {
return true;
} else {
logger('already authenticated locally as somebody else.');
notice(t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($this->test) {
$this->Debug('already logged in locally with a conflicting identity.');
return false;
}
}
return false;
}
// Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the
// site private key
// The actual channel sending the packet ($c[0]) is not important, but this provides a
// generic zot packet with a sender which can be verified
$p = zot_build_packet($channel, $type = 'auth_check', array(array('guid' => $hubloc['hubloc_guid'], 'guid_sig' => $hubloc['hubloc_guid_sig'])), $hubloc['hubloc_sitekey'], $this->sec);
$this->Debug('auth check packet created using sitekey ' . $hubloc['hubloc_sitekey']);
$this->Debug('packet contents: ' . $p);
$result = zot_zot($hubloc['hubloc_callback'], $p);
if (!$result['success']) {
logger('auth_check callback failed.');
if ($this->test) {
$this->Debug('auth check request to your site returned .' . print_r($result, true));
}
return false;
}
$j = json_decode($result['body'], true);
if (!$j) {
logger('auth_check json data malformed.');
if ($this->test) {
$this->Debug('json malformed: ' . $result['body']);
}
return false;
}
$this->Debug('auth check request returned .' . print_r($j, true));
if (!$j['success']) {
return false;
}
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (!rsa_verify($this->sec . $hubloc['xchan_hash'], base64url_decode($j['confirm']), $hubloc['xchan_pubkey'])) {
logger('final confirmation failed.');
if ($this->test) {
$this->Debug('final confirmation failed. ' . $sec . print_r($j, true) . print_r($hubloc, true));
}
return false;
}
if (array_key_exists('service_class', $j)) {
$this->remote_service_class = $j['service_class'];
}
if (array_key_exists('level', $j)) {
$this->remote_level = $j['level'];
}
if (array_key_exists('DNT', $j)) {
$this->dnt = $j['DNT'];
}
// log them in
if ($this->test) {
// testing only - return the success result
$this->test_results['success'] = true;
$this->Debug('Authentication Success!');
$this->Finalise();
}
$_SESSION['authenticated'] = 1;
// check for delegation and if all is well, log them in locally with delegation restrictions
$this->delegate_success = false;
if ($this->delegate) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", dbesc($this->delegate));
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'], $hubloc['xchan_hash'], 'delegate');
if ($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $hubloc['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once 'include/security.php';
// this will set the local_channel authentication in the session
change_channel($r[0]['channel_id']);
$this->delegate_success = true;
//.........这里部分代码省略.........
示例3: header
include_once "log.php";
include_once "recharge.php";
include_once "ssl.php";
$config = (include "config.php");
header("Content-type: text/html; charset=utf-8");
log::init('./log', 'itools_log');
$uri = $_SERVER['REQUEST_URI'];
$body = file_get_contents('php://input');
log::instance()->debug("new con: {$uri} {$body}");
$AppID = "533";
$pf_info = $config["itools"][$AppID];
// RSA verify
$notify_data = base64_decode(stripslashes($_POST["notify_data"]));
$notify_data = publickey_decodeing_sectionalized($notify_data, 128, $pf_info["PubKey"]);
$sign = base64_decode(stripslashes($_POST["sign"]));
if (!rsa_verify($notify_data, $sign, $pf_info["PubKey"])) {
log::instance()->error("ret: 签名无效");
echo "fail";
exit;
}
// end verify
echo "success";
$notify_data = json_decode($notify_data, true);
if ($notify_data["result"] != "success") {
log::instance()->error("ret: 支付失败");
exit;
}
$note = json_decode(base64_decode($notify_data["order_id_com"]), true);
$ret = recharge($pf_info["PF"], $note["sid"], $note["odr"], $note["uid"], $note["item"], $notify_data["amount"], $notify_data["order_id"], 0);
log::instance()->debug("ret: " . $ret);示例4: getSign
//.........这里部分代码省略.........
return $md5str;
break;
case "ecpss_return":
$signarray = array("BillNo", "Amount", "Succeed");
//校验源字符串
foreach ($signarray as $v) {
$md5str .= $data[$v] . "&";
}
$md5str .= $this->payConfig['ecpss']['MD5key'];
$md5str = strtoupper(md5($md5str));
return $md5str;
break;
case "easypay":
//易生支付
$para = array();
while (list($key, $val) = each($data)) {
if ($key == "sign" || $key == "sign_type" || $val == "") {
continue;
} else {
$para[$key] = $data[$key];
}
}
ksort($para);
reset($para);
$signPars = "";
while (list($key, $val) = each($para)) {
$signPars .= $key . "=" . $val . "&";
}
$signPars = substr($signPars, 0, count($signPars) - 2);
//去掉最后一个&字符
$signPars .= $this->payConfig['easypay']['key'];
$md5str = md5($signPars);
return $md5str;
break;
case "cmpay":
//中国移动
$signarray = array('merchantId', 'payNo', 'returnCode', 'message', 'signType', 'type', 'version', 'amount', 'amtItem', 'bankAbbr', 'mobile', 'orderId', 'payDate', 'accountDate', 'reserved1', 'reserved2', 'status', 'orderDate', 'fee');
foreach ($signarray as $v) {
$mac .= $data[$v];
}
$signKey = $this->payConfig['cmpay']['serverCert'];
$mac = MD5sign($signKey, $mac);
return $mac;
break;
case "cmpay_return":
//中国移动
foreach ($data as $v) {
$mac .= $v;
}
$signKey = $this->payConfig['cmpay']['serverCert'];
//MD5方式签名
$hmac = MD5sign($signKey, $mac);
return $hmac;
break;
case "allinpay":
$signarray = array("inputCharset", "pickupUrl", "receiveUrl", "version", "language", "signType", "merchantId", "payerName", "payerEmail", "payerTelephone", "payerIDCard", "pid", "orderNo", "orderAmount", "orderCurrency", "orderDatetime", "orderExpireDatetime", "productName", "productPrice", "productNum", "productId", "productDescription", "ext1", "ext2", "payType", "issuerId", "pan");
$i = 0;
foreach ($signarray as $v) {
if (0 < $i) {
if ($data[$v] !== "") {
$md5str .= "&{$v}=" . $data[$v];
}
} else {
if ($data[$v] !== "") {
$md5str .= "{$v}=" . $data[$v];
}
}
++$i;
}
$md5str .= "&key=" . $this->payConfig['allinpay']['key'];
$md5str = strtoupper(md5($md5str));
return $md5str;
case "allinpay_return":
$signarray = array("merchantId", "version", "language", "signType", "payType", "issuerId", "paymentOrderId", "orderNo", "orderDatetime", "orderAmount", "payDatetime", "payAmount", "ext1", "ext2", "payResult", "errorCode", "returnDatetime");
$i = 0;
foreach ($signarray as $v) {
if (0 < $i) {
if ($data[$v] !== "") {
$md5str .= "&{$v}=" . $data[$v];
}
} else {
if ($data[$v] !== "") {
$md5str .= "{$v}=" . $data[$v];
}
}
++$i;
}
//解析publickey.txt文本获取公钥信息
require_once C("APP_ROOT") . "Lib/Pay/allinpay/php_rsa.php";
$publickeyfile = C("APP_ROOT") . "Lib/Pay/allinpay/publickey.txt";
$publickeycontent = file_get_contents($publickeyfile);
//echo "<br>".$content;
$publickeyarray = explode(PHP_EOL, $publickeycontent);
$publickey = explode('=', $publickeyarray[0]);
$modulus = explode('=', $publickeyarray[1]);
$keylength = 1024;
$verify_result = rsa_verify($md5str, $data['signMsg'], $publickey[1], $modulus[1], $keylength, "sha1");
return $verify_result;
}
}示例5: check_zotinfo
function check_zotinfo($channel, $locations, &$ret)
{
// logger('locations: ' . print_r($locations,true),LOGGER_DATA);
// This function will likely expand as we find more things to detect and fix.
// 1. Because magic-auth is reliant on it, ensure that the system channel has a valid hubloc
// Force this to be the case if anything is found to be wrong with it.
// @FIXME ensure that the system channel exists in the first place and has an xchan
if ($channel['channel_system']) {
// the sys channel must have a location (hubloc)
$valid_location = false;
if (count($locations) === 1 && $locations[0]['primary'] && !$locations[0]['deleted']) {
if (rsa_verify($locations[0]['url'], base64url_decode($locations[0]['url_sig']), $channel['channel_pubkey']) && $locations[0]['sitekey'] === get_config('system', 'pubkey') && $locations[0]['url'] === z_root()) {
$valid_location = true;
} else {
logger('sys channel: invalid url signature');
}
}
if (!$locations || !$valid_location) {
logger('System channel locations are not valid. Attempting repair.');
// Don't trust any existing records. Just get rid of them, but only do this
// for the sys channel as normal channels will be trickier.
q("delete from hubloc where hubloc_hash = '%s'", dbesc($channel['channel_hash']));
$r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_primary,\n\t\t\t\thubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey, hubloc_network )\n\t\t\t\tvalues ( '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s' )", dbesc($channel['channel_guid']), dbesc($channel['channel_guid_sig']), dbesc($channel['channel_hash']), dbesc($channel['channel_address'] . '@' . get_app()->get_hostname()), intval(1), dbesc(z_root()), dbesc(base64url_encode(rsa_sign(z_root(), $channel['channel_prvkey']))), dbesc(get_app()->get_hostname()), dbesc(z_root() . '/post'), dbesc(get_config('system', 'pubkey')), dbesc('zot'));
if ($r) {
$x = zot_encode_locations($channel);
if ($x) {
$ret['locations'] = $x;
}
} else {
logger('Unable to store sys hub location');
}
}
}
}示例6: zfinger_init
function zfinger_init(&$a)
{
require_once 'include/zot.php';
require_once 'include/crypto.php';
$ret = array('success' => false);
$zhash = x($_REQUEST, 'guid_hash') ? $_REQUEST['guid_hash'] : '';
$zguid = x($_REQUEST, 'guid') ? $_REQUEST['guid'] : '';
$zguid_sig = x($_REQUEST, 'guid_sig') ? $_REQUEST['guid_sig'] : '';
$zaddr = x($_REQUEST, 'address') ? $_REQUEST['address'] : '';
$ztarget = x($_REQUEST, 'target') ? $_REQUEST['target'] : '';
$zsig = x($_REQUEST, 'target_sig') ? $_REQUEST['target_sig'] : '';
$zkey = x($_REQUEST, 'key') ? $_REQUEST['key'] : '';
$mindate = x($_REQUEST, 'mindate') ? $_REQUEST['mindate'] : '';
$feed = x($_REQUEST, 'feed') ? intval($_REQUEST['feed']) : 0;
if ($ztarget) {
if (!$zkey || !$zsig || !rsa_verify($ztarget, base64url_decode($zsig), $zkey)) {
logger('zfinger: invalid target signature');
$ret['message'] = t("invalid target signature");
json_return_and_die($ret);
}
}
// allow re-written domains so bob@foo.example.com can provide an address of bob@example.com
// The top-level domain also needs to redirect .well-known/zot-info to the sub-domain with a 301 or 308
// TODO: Make 308 work in include/network.php for zot_fetch_url and zot_post_url
if ($zaddr && ($s = get_config('system', 'zotinfo_domainrewrite'))) {
$arr = explode('^', $s);
if (count($arr) == 2) {
$zaddr = str_replace($arr[0], $arr[1], $zaddr);
}
}
$r = null;
if (strlen($zhash)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_hash = '%s' limit 1", dbesc($zhash));
} elseif (strlen($zguid) && strlen($zguid_sig)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_guid = '%s' and channel_guid_sig = '%s' limit 1", dbesc($zguid), dbesc($zguid_sig));
} elseif (strlen($zaddr)) {
if (strpos($zaddr, '[system]') === false) {
/* normal address lookup */
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", dbesc($zaddr), dbesc($zaddr));
} else {
/**
* The special address '[system]' will return a system channel if one has been defined,
* Or the first valid channel we find if there are no system channels.
*
* This is used by magic-auth if we have no prior communications with this site - and
* returns an identity on this site which we can use to create a valid hub record so that
* we can exchange signed messages. The precise identity is irrelevant. It's the hub
* information that we really need at the other end - and this will return it.
*
*/
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere ( channel_pageflags & %d )>0 order by channel_id limit 1", intval(PAGE_SYSTEM));
if (!$r) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\t\twhere not ( channel_pageflags & %d )>0 order by channel_id limit 1", intval(PAGE_REMOVED));
}
}
} else {
$ret['message'] = 'Invalid request';
json_return_and_die($ret);
}
if (!$r) {
$ret['message'] = 'Item not found.';
json_return_and_die($ret);
}
$e = $r[0];
$id = $e['channel_id'];
$sys_channel = $e['channel_pageflags'] & PAGE_SYSTEM ? true : false;
$special_channel = $e['channel_pageflags'] & PAGE_PREMIUM ? true : false;
$adult_channel = $e['channel_pageflags'] & PAGE_ADULT ? true : false;
$censored = $e['channel_pageflags'] & PAGE_CENSORED ? true : false;
$searchable = $e['channel_pageflags'] & PAGE_HIDDEN ? false : true;
$deleted = $e['xchan_flags'] & XCHAN_FLAGS_DELETED ? true : false;
if ($deleted || $censored || $sys_channel) {
$searchable = false;
}
$public_forum = false;
$role = get_pconfig($e['channel_id'], 'system', 'permissions_role');
if ($role === 'forum') {
$public_forum = true;
} else {
// check if it has characteristics of a public forum based on custom permissions.
$t = q("select abook_my_perms from abook where abook_channel = %d and (abook_flags & %d)>0 limit 1", intval($e['channel_id']), intval(ABOOK_FLAG_SELF));
if ($t && $t[0]['abook_my_perms'] & PERMS_W_TAGWALL) {
$public_forum = true;
}
}
// This is for birthdays and keywords, but must check access permissions
$p = q("select * from profile where uid = %d and is_default = 1", intval($e['channel_id']));
$profile = array();
if ($p) {
if (!intval($p[0]['publish'])) {
$searchable = false;
}
$profile['description'] = $p[0]['pdesc'];
$profile['birthday'] = $p[0]['dob'];
if ($profile['birthday'] != '0000-00-00' && ($bd = z_birthday($p[0]['dob'], $e['channel_timezone'])) !== '') {
$profile['next_birthday'] = $bd;
}
if ($age = age($p[0]['dob'], $e['channel_timezone'], '')) {
$profile['age'] = $age;
}
//.........这里部分代码省略.........
示例7: sync_directories
/**
* @brief Checks the directory mode of this hub.
*
* Checks the directory mode of this hub to see if it is some form of directory server. If it is,
* get the directory realm of this hub. Fetch a list of all other directory servers in this realm and request
* a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB.
* In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored
* directly if the rater's signature matches.
*
* @param int $dirmode;
*/
function sync_directories($dirmode)
{
if ($dirmode == DIRECTORY_MODE_STANDALONE || $dirmode == DIRECTORY_MODE_NORMAL) {
return;
}
$realm = get_directory_realm();
if ($realm == DIRECTORY_REALM) {
$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_type = %d and ( site_realm = '%s' or site_realm = '') ", intval(DIRECTORY_MODE_PRIMARY | DIRECTORY_MODE_SECONDARY), dbesc(z_root()), intval(SITE_TYPE_ZOT), dbesc($realm));
} else {
$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_realm like '%s' and site_type = %d ", intval(DIRECTORY_MODE_PRIMARY | DIRECTORY_MODE_SECONDARY), dbesc(z_root()), dbesc(protect_sprintf('%' . $realm . '%')), intval(SITE_TYPE_ZOT));
}
// If there are no directory servers, setup the fallback master
/** @FIXME What to do if we're in a different realm? */
if (!$r && z_root() != DIRECTORY_FALLBACK_MASTER) {
$r = array();
$r[] = array('site_url' => DIRECTORY_FALLBACK_MASTER, 'site_flags' => DIRECTORY_MODE_PRIMARY, 'site_update' => NULL_DATE, 'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch', 'site_realm' => DIRECTORY_REALM, 'site_valid' => 1);
$x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid )\n\t\t\tvalues ( '%s', %d, '%s', '%s', '%s', %d ) ", dbesc($r[0]['site_url']), intval($r[0]['site_flags']), dbesc($r[0]['site_update']), dbesc($r[0]['site_directory']), dbesc($r[0]['site_realm']), intval($r[0]['site_valid']));
$r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ", intval(DIRECTORY_MODE_PRIMARY), intval(DIRECTORY_MODE_SECONDARY), dbesc(z_root()), intval(SITE_TYPE_ZOT));
}
if (!$r) {
return;
}
foreach ($r as $rr) {
if (!$rr['site_directory']) {
continue;
}
logger('sync directories: ' . $rr['site_directory']);
// for brand new directory servers, only load the last couple of days.
// It will take about a month for a new directory to obtain the full current repertoire of channels.
/** @FIXME Go back and pick up earlier ratings if this is a new directory server. These do not get refreshed. */
$token = get_config('system', 'realm_token');
$syncdate = $rr['site_sync'] === NULL_DATE ? datetime_convert('UTC', 'UTC', 'now - 2 days') : $rr['site_sync'];
$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . ($token ? '&t=' . $token : ''));
if (!$x['success']) {
continue;
}
$j = json_decode($x['body'], true);
if (!$j['transactions'] || $j['ratings']) {
continue;
}
q("update site set site_sync = '%s' where site_url = '%s'", dbesc(datetime_convert()), dbesc($rr['site_url']));
logger('sync_directories: ' . $rr['site_url'] . ': ' . print_r($j, true), LOGGER_DATA);
if (is_array($j['transactions']) && count($j['transactions'])) {
foreach ($j['transactions'] as $t) {
$r = q("select * from updates where ud_guid = '%s' limit 1", dbesc($t['transaction_id']));
if ($r) {
continue;
}
$ud_flags = 0;
if (is_array($t['flags']) && in_array('deleted', $t['flags'])) {
$ud_flags |= UPDATE_FLAGS_DELETED;
}
if (is_array($t['flags']) && in_array('forced', $t['flags'])) {
$ud_flags |= UPDATE_FLAGS_FORCED;
}
$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )\n\t\t\t\t\tvalues ( '%s', '%s', '%s', %d, '%s' ) ", dbesc($t['hash']), dbesc($t['transaction_id']), dbesc($t['timestamp']), intval($ud_flags), dbesc($t['address']));
}
}
if (is_array($j['ratings']) && count($j['ratings'])) {
foreach ($j['ratings'] as $rr) {
$x = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($rr['channel']), dbesc($rr['target']));
if ($x && $x[0]['xlink_updated'] >= $rr['edited']) {
continue;
}
// Ratings are signed by the rater. We need to verify before we can accept it.
/** @TODO Queue or defer if the xchan is not yet present on our site */
$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($rr['channel']));
if (!$y) {
logger('key unavailable on this site for ' . $rr['channel']);
continue;
}
if (!rsa_verify($rr['target'] . '.' . $rr['rating'] . '.' . $rr['rating_text'], base64url_decode($rr['signature']), $y[0]['xchan_pubkey'])) {
logger('failed to verify rating');
continue;
}
if ($x) {
$z = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d", intval($rr['rating']), dbesc($rr['rating_text']), dbesc($rr['signature']), dbesc(datetime_convert()), intval($x[0]['xlink_id']));
logger('rating updated');
} else {
$z = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", dbesc($rr['channel']), dbesc($rr['target']), intval($rr['rating']), dbesc($rr['rating_text']), dbesc($rr['signature']), dbesc(datetime_convert()));
logger('rating created');
}
}
}
}
}示例8: diaspora_verify_fields
function diaspora_verify_fields($fields, $sig, $pubkey)
{
if (!$fields) {
return false;
}
$n = array();
foreach ($fields as $k => $v) {
if ($k !== 'author_signature' && $k !== 'parent_author_signature') {
$n[$k] = $v;
}
}
$s = implode($n, ';');
logger('signing_string: ' . $s);
return rsa_verify($s, base64_decode($sig), $pubkey);
}示例9: diaspora_signed_retraction
function diaspora_signed_retraction($importer, $xml, $msg)
{
// obsolete - see https://github.com/SuperTux88/diaspora_federation/issues/27
$guid = notags(diaspora_get_target_guid($xml));
$diaspora_handle = notags(diaspora_get_author($xml));
$type = notags(diaspora_get_type($xml));
$sig = notags(unxmlify($xml['target_author_signature']));
$parent_author_signature = $xml['parent_author_signature'] ? notags(unxmlify($xml['parent_author_signature'])) : '';
$contact = diaspora_get_contact_by_handle($importer['channel_id'], $diaspora_handle);
if (!$contact) {
logger('diaspora_signed_retraction: no contact ' . $diaspora_handle . ' for ' . $importer['channel_id']);
return;
}
$signed_data = $guid . ';' . $type;
$key = $msg['key'];
/* How Diaspora performs relayable_retraction signature checking:
- If an item has been sent by the item author to the top-level post owner to relay on
to the rest of the contacts on the top-level post, the top-level post owner checks
the author_signature, then creates a parent_author_signature before relaying the item on
- If an item has been relayed on by the top-level post owner, the contacts who receive it
check only the parent_author_signature. Basically, they trust that the top-level post
owner has already verified the authenticity of anything he/she sends out
- In either case, the signature that get checked is the signature created by the person
who sent the salmon
*/
if ($parent_author_signature) {
$parent_author_signature = base64_decode($parent_author_signature);
if (!rsa_verify($signed_data, $parent_author_signature, $key, 'sha256')) {
logger('diaspora_signed_retraction: top-level post owner verification failed');
return;
}
} else {
$sig_decode = base64_decode($sig);
if (!rsa_verify($signed_data, $sig_decode, $key, 'sha256')) {
logger('diaspora_signed_retraction: retraction owner verification failed.' . print_r($msg, true));
return;
}
}
if ($type === 'StatusMessage' || $type === 'Comment' || $type === 'Like') {
$r = q("select * from item where mid = '%s' and uid = %d limit 1", dbesc($guid), intval($importer['channel_id']));
if ($r) {
if ($r[0]['author_xchan'] == $contact['xchan_hash']) {
drop_item($r[0]['id'], false, DROPITEM_PHASE1);
// Now check if the retraction needs to be relayed by us
//
// The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always
// return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent.
// The only item with `parent` and `id` as the parent id is the parent item.
$p = q("select item_flags from item where parent = %d and id = %d limit 1", $r[0]['parent'], $r[0]['parent']);
if ($p) {
if (intval($p[0]['item_origin']) && !$parent_author_signature) {
// the existence of parent_author_signature would have meant the parent_author or owner
// is already relaying.
logger('diaspora_signed_retraction: relaying relayable_retraction');
Zotlabs\Daemon\Master::Summon(array('Notifier', 'drop', $r[0]['id']));
}
}
}
}
} else {
logger('diaspora_signed_retraction: unknown type: ' . $type);
}
return 202;
// NOTREACHED
}示例10: post_post
//.........这里部分代码省略.........
$ret['site'] = array();
$ret['site']['url'] = z_root();
$ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(), get_config('system', 'prvkey')));
$ret['site']['sitekey'] = get_config('system', 'pubkey');
json_return_and_die($ret);
}
if ($msgtype === 'pickup') {
/**
* The 'pickup' message arrives with a tracking ID which is associated with a particular outq_hash
* First verify that that the returned signatures verify, then check that we have an outbound queue item
* with the correct hash.
* If everything verifies, find any/all outbound messages in the queue for this hubloc and send them back
*
*/
if (!$data['secret'] || !$data['secret_sig']) {
$ret['message'] = 'no verification signature';
logger('mod_zot: pickup: ' . $ret['message'], LOGGER_DEBUG);
json_return_and_die($ret);
}
$r = q("select distinct hubloc_sitekey from hubloc where hubloc_url = '%s' and hubloc_callback = '%s' and hubloc_sitekey != '' group by hubloc_sitekey ", dbesc($data['url']), dbesc($data['callback']));
if (!$r) {
$ret['message'] = 'site not found';
logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret);
}
foreach ($r as $hubsite) {
// verify the url_sig
// If the server was re-installed at some point, there could be multiple hubs with the same url and callback.
// Only one will have a valid key.
$forgery = true;
$secret_fail = true;
$sitekey = $hubsite['hubloc_sitekey'];
logger('mod_zot: Checking sitekey: ' . $sitekey, LOGGER_DATA);
if (rsa_verify($data['callback'], base64url_decode($data['callback_sig']), $sitekey)) {
$forgery = false;
}
if (rsa_verify($data['secret'], base64url_decode($data['secret_sig']), $sitekey)) {
$secret_fail = false;
}
if (!$forgery && !$secret_fail) {
break;
}
}
if ($forgery) {
$ret['message'] = 'possible site forgery';
logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret);
}
if ($secret_fail) {
$ret['message'] = 'secret validation failed';
logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret);
}
/**
* If we made it to here, the signatures verify, but we still don't know if the tracking ID is valid.
* It wouldn't be an error if the tracking ID isn't found, because we may have sent this particular
* queue item with another pickup (after the tracking ID for the other pickup was verified).
*/
$r = q("select outq_posturl from outq where outq_hash = '%s' and outq_posturl = '%s' limit 1", dbesc($data['secret']), dbesc($data['callback']));
if (!$r) {
$ret['message'] = 'nothing to pick up';
logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret);
}
/**
* Everything is good if we made it here, so find all messages that are going to this location示例11: getAllinpyOrderResult
private function getAllinpyOrderResult()
{
require_once C('APP_ROOT') . "Lib/Pay/allinpay/php_rsa.php";
$result = array();
$merchantId = $_REQUEST["merchantId"];
$version = $_REQUEST['version'];
$language = $_REQUEST['language'];
$signType = $_REQUEST['signType'];
$payType = $_REQUEST['payType'];
$issuerId = $_REQUEST['issuerId'];
$paymentOrderId = $_REQUEST['paymentOrderId'];
$orderNo = $_REQUEST['orderNo'];
$orderDatetime = $_REQUEST['orderDatetime'];
$orderAmount = $_REQUEST['orderAmount'];
$payDatetime = $_REQUEST['payDatetime'];
$payAmount = $_REQUEST['payAmount'];
$ext1 = $_REQUEST['ext1'];
$ext2 = $_REQUEST['ext2'];
$payResult = $_REQUEST['payResult'];
$errorCode = $_REQUEST['errorCode'];
$returnDatetime = $_REQUEST['returnDatetime'];
$signMsg = $_REQUEST["signMsg"];
$bufSignSrc = "";
if ($merchantId != "") {
$bufSignSrc = $bufSignSrc . "merchantId=" . $merchantId . "&";
}
if ($version != "") {
$bufSignSrc = $bufSignSrc . "version=" . $version . "&";
}
if ($language != "") {
$bufSignSrc = $bufSignSrc . "language=" . $language . "&";
}
if ($signType != "") {
$bufSignSrc = $bufSignSrc . "signType=" . $signType . "&";
}
if ($payType != "") {
$bufSignSrc = $bufSignSrc . "payType=" . $payType . "&";
}
if ($issuerId != "") {
$bufSignSrc = $bufSignSrc . "issuerId=" . $issuerId . "&";
}
if ($paymentOrderId != "") {
$bufSignSrc = $bufSignSrc . "paymentOrderId=" . $paymentOrderId . "&";
}
if ($orderNo != "") {
$bufSignSrc = $bufSignSrc . "orderNo=" . $orderNo . "&";
}
if ($orderDatetime != "") {
$bufSignSrc = $bufSignSrc . "orderDatetime=" . $orderDatetime . "&";
}
if ($orderAmount != "") {
$bufSignSrc = $bufSignSrc . "orderAmount=" . $orderAmount . "&";
}
if ($payDatetime != "") {
$bufSignSrc = $bufSignSrc . "payDatetime=" . $payDatetime . "&";
}
if ($payAmount != "") {
$bufSignSrc = $bufSignSrc . "payAmount=" . $payAmount . "&";
}
if ($ext1 != "") {
$bufSignSrc = $bufSignSrc . "ext1=" . $ext1 . "&";
}
if ($ext2 != "") {
$bufSignSrc = $bufSignSrc . "ext2=" . $ext2 . "&";
}
if ($payResult != "") {
$bufSignSrc = $bufSignSrc . "payResult=" . $payResult . "&";
}
if ($errorCode != "") {
$bufSignSrc = $bufSignSrc . "errorCode=" . $errorCode . "&";
}
if ($returnDatetime != "") {
$bufSignSrc = $bufSignSrc . "returnDatetime=" . $returnDatetime;
}
$allinpay_params = C('ALLINPAY_PARAMS');
//验签
//解析publickey.txt文本获取公钥信息
$publickeyfile = C('APP_ROOT') . $allinpay_params[$allinpay_params["MODE"] . '_KEY'];
$publickeycontent = file_get_contents($publickeyfile);
//echo "<br>".$content;
$publickeyarray = explode(PHP_EOL, $publickeycontent);
$publickey = explode('=', $publickeyarray[0]);
$modulus = explode('=', $publickeyarray[1]);
//echo "<br>publickey=".$publickey[1];
//echo "<br>modulus=".$modulus[1];
$keylength = 1024;
//验签结果
$verify_result = rsa_verify($bufSignSrc, $signMsg, $publickey[1], $modulus[1], $keylength, "sha1");
$result['verify_result'] = $verify_result;
$result['merchantId'] = $merchantId;
$result['version'] = $version;
$result['language'] = $language;
$result['signType'] = $signType;
$result['payType'] = $payType;
$result['issuerId'] = $issuerId;
$result['paymentOrderId'] = $paymentOrderId;
$result['orderNo'] = $orderNo;
$result['orderDatetime'] = $orderDatetime;
$result['orderAmount'] = $orderAmount;
$result['payDatetime'] = $payDatetime;
//.........这里部分代码省略.........
示例12: ksort
$params = $_POST;
ksort($params);
$str = "";
foreach ($params as $key => $value) {
if ($key == "sign") {
continue;
}
if (strlen($str) == 0) {
$str = $key . "=" . stripslashes($value);
} else {
$str = $str . "&" . $key . "=" . stripslashes($value);
}
}
$sign = base64_decode(stripslashes($_POST["sign"]));
$pubkey = "-----BEGIN PUBLIC KEY-----\r\n" . chunk_split($pf_info["PubKey"], 64, "\r\n") . "-----END PUBLIC KEY-----";
if (!rsa_verify($str, $sign, $pubkey)) {
log::instance()->error("ret: 签名无效");
echo "{\"result\":1}";
exit;
}
// end verify
if (stripslashes($_POST["result"]) != '0') {
log::instance()->error("ret: 支付失败");
echo "{\"result\":0}";
exit;
}
$note = json_decode(stripslashes($_POST["extReserved"]), true);
$ret = recharge($pf_info["PF"], $note["sid"], stripslashes($_POST["requestId"]), $note["uid"], $note["item"], stripslashes($_POST["amount"]), stripslashes($_POST["orderId"]), 0);
log::instance()->debug("ret: " . $ret);
if ($ret == "SUCCESS" || $ret == "TRADE_NO NOT EXIST") {
echo "{\"result\":0}";示例13: notify
public function notify($request)
{
$return_res = array('info' => '', 'status' => false);
//file_put_contents("./system/payment/log/notify_".strftime("%Y%m%d%H%M%S",time()).".txt",print_r($request,true));
//$payment_id = $GLOBALS['db']->getOne("select payment_id from ".DB_PREFIX."payment_log where id=".intval($ext1));
$payment = $GLOBALS['db']->getRow("select id,config from " . DB_PREFIX . "payment where class_name='Allinpay'");
$payment['config'] = unserialize($payment['config']);
//print_r($payment['config']);exit;
$merchant_acctid = trim($payment['config']['merchant_id']);
//人民币账号 不可空
$key = trim($payment['config']['md5_key']);
$merchantId = $request["merchantId"];
$version = $request['version'];
$language = $request['language'];
$signType = $request['signType'];
$payType = $request['payType'];
$issuerId = $request['issuerId'];
$paymentOrderId = $request['paymentOrderId'];
$orderNo = $request['orderNo'];
$orderDatetime = $request['orderDatetime'];
$orderAmount = $request['orderAmount'];
$payDatetime = $request['payDatetime'];
$payAmount = $request['payAmount'];
$ext1 = $request['ext1'];
$ext2 = $request['ext2'];
$payResult = $request['payResult'];
$errorCode = $request['errorCode'];
$returnDatetime = $request['returnDatetime'];
$signMsg = $request["signMsg"];
$bufSignSrc = "";
if ($merchantId != "") {
$bufSignSrc = $bufSignSrc . "merchantId=" . $merchantId . "&";
}
if ($version != "") {
$bufSignSrc = $bufSignSrc . "version=" . $version . "&";
}
if ($language != "") {
$bufSignSrc = $bufSignSrc . "language=" . $language . "&";
}
if ($signType != "") {
$bufSignSrc = $bufSignSrc . "signType=" . $signType . "&";
}
if ($payType != "") {
$bufSignSrc = $bufSignSrc . "payType=" . $payType . "&";
}
if ($issuerId != "") {
$bufSignSrc = $bufSignSrc . "issuerId=" . $issuerId . "&";
}
if ($paymentOrderId != "") {
$bufSignSrc = $bufSignSrc . "paymentOrderId=" . $paymentOrderId . "&";
}
if ($orderNo != "") {
$bufSignSrc = $bufSignSrc . "orderNo=" . $orderNo . "&";
}
if ($orderDatetime != "") {
$bufSignSrc = $bufSignSrc . "orderDatetime=" . $orderDatetime . "&";
}
if ($orderAmount != "") {
$bufSignSrc = $bufSignSrc . "orderAmount=" . $orderAmount . "&";
}
if ($payDatetime != "") {
$bufSignSrc = $bufSignSrc . "payDatetime=" . $payDatetime . "&";
}
if ($payAmount != "") {
$bufSignSrc = $bufSignSrc . "payAmount=" . $payAmount . "&";
}
if ($ext1 != "") {
$bufSignSrc = $bufSignSrc . "ext1=" . $ext1 . "&";
}
if ($ext2 != "") {
$bufSignSrc = $bufSignSrc . "ext2=" . $ext2 . "&";
}
if ($payResult != "") {
$bufSignSrc = $bufSignSrc . "payResult=" . $payResult . "&";
}
if ($errorCode != "") {
$bufSignSrc = $bufSignSrc . "errorCode=" . $errorCode . "&";
}
if ($returnDatetime != "") {
$bufSignSrc = $bufSignSrc . "returnDatetime=" . $returnDatetime;
}
/*
//验签
//解析publickey.txt文本获取公钥信息
$publickeycontent = trim($payment['config']['public_key']);
//echo "<br>".$content;
$publickeyarray = explode(PHP_EOL, $publickeycontent);
$publickey = explode('=',$publickeyarray[0]);
$modulus = explode('=',$publickeyarray[1]);
//echo "<br>publickey=".$publickey[1];
//echo "<br>modulus=".$modulus[1];
*/
$publickey = trim($payment['config']['public_exponent']);
$modulus = trim($payment['config']['public_modulus']);
require_once APP_ROOT_PATH . "system/payment/Allinpay/php_rsa.php";
$keylength = 1024;
//验签结果
//$verifyResult = rsa_verify($bufSignSrc,$signMsg, $publickey[1], $modulus[1], $keylength,"sha1");
$verifyResult = rsa_verify($bufSignSrc, $signMsg, $publickey, $modulus, $keylength, "sha1");
/*
//.........这里部分代码省略.........
示例14: run
/**
* @brief Look up information about channel.
*
* @param string $webbie
* does not have to be host qualified e.g. 'foo' is treated as 'foo\@thishub'
* @param array $channel
* (optional), if supplied permissions will be enumerated specifically for $channel
* @param boolean $autofallback
* fallback/failover to http if https connection cannot be established. Default is true.
*
* @return zotinfo array (with 'success' => true) or array('success' => false);
*/
public static function run($webbie, $channel = null, $autofallback = true)
{
$ret = array('success' => false);
self::$token = random_string();
if (strpos($webbie, '@') === false) {
$address = $webbie;
$host = App::get_hostname();
} else {
$address = substr($webbie, 0, strpos($webbie, '@'));
$host = substr($webbie, strpos($webbie, '@') + 1);
}
$xchan_addr = $address . '@' . $host;
if (!$address || !$xchan_addr) {
logger('zot_finger: no address :' . $webbie);
return $ret;
}
logger('using xchan_addr: ' . $xchan_addr, LOGGER_DATA, LOG_DEBUG);
// potential issue here; the xchan_addr points to the primary hub.
// The webbie we were called with may not, so it might not be found
// unless we query for hubloc_addr instead of xchan_addr
$r = q("select xchan.*, hubloc.* from xchan\n\t\t\tleft join hubloc on xchan_hash = hubloc_hash\n\t\t\twhere xchan_addr = '%s' and hubloc_primary = 1 limit 1", dbesc($xchan_addr));
if ($r) {
$url = $r[0]['hubloc_url'];
if ($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') {
logger('zot_finger: alternate network: ' . $webbie);
logger('url: ' . $url . ', net: ' . var_export($r[0]['hubloc_network'], true), LOGGER_DATA, LOG_DEBUG);
return $ret;
}
} else {
$url = 'https://' . $host;
}
$rhs = '/.well-known/zot-info';
$https = strpos($url, 'https://') === 0 ? true : false;
logger('zot_finger: ' . $address . ' at ' . $url, LOGGER_DEBUG);
if ($channel) {
$postvars = array('address' => $address, 'target' => $channel['channel_guid'], 'target_sig' => $channel['channel_guid_sig'], 'key' => $channel['channel_pubkey'], 'token' => self::$token);
$result = z_post_url($url . $rhs, $postvars);
if (!$result['success'] && $autofallback) {
if ($https) {
logger('zot_finger: https failed. falling back to http');
$result = z_post_url('http://' . $host . $rhs, $postvars);
}
}
} else {
$rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token;
$result = z_fetch_url($url . $rhs);
if (!$result['success'] && $autofallback) {
if ($https) {
logger('zot_finger: https failed. falling back to http');
$result = z_fetch_url('http://' . $host . $rhs);
}
}
}
if (!$result['success']) {
logger('zot_finger: no results');
return $ret;
}
$x = json_decode($result['body'], true);
if ($x) {
$signed_token = is_array($x) && array_key_exists('signed_token', $x) ? $x['signed_token'] : null;
if ($signed_token) {
$valid = rsa_verify('token.' . self::$token, base64url_decode($signed_token), $x['key']);
if (!$valid) {
logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR);
return $ret;
}
} else {
logger('No signed token from ' . $url . $rhs, LOGGER_NORMAL, LOG_WARNING);
// after 2017-01-01 this will be a hard error unless you over-ride it.
if (time() > 1483228800 && !get_config('system', 'allow_unsigned_zotfinger')) {
return $ret;
}
}
}
return $x;
}示例15: diaspora_signed_retraction
function diaspora_signed_retraction($importer, $xml, $msg)
{
$guid = notags(unxmlify($xml->target_guid));
$diaspora_handle = notags(unxmlify($xml->sender_handle));
$type = notags(unxmlify($xml->target_type));
$sig = notags(unxmlify($xml->target_author_signature));
$contact = diaspora_get_contact_by_handle($importer['uid'], $diaspora_handle);
if (!$contact) {
logger('diaspora_signed_retraction: no contact');
return;
}
// this may not yet work for comments. Need to see how the relaying works
// and figure out who signs it.
$signed_data = $guid . ';' . $type;
$sig = base64_decode($sig);
$key = $msg['key'];
if (!rsa_verify($signed_data, $sig, $key, 'sha256')) {
logger('diaspora_signed_retraction: owner verification failed.' . print_r($msg, true));
return;
}
if ($type === 'StatusMessage') {
$r = q("select * from item where guid = '%s' and uid = %d limit 1", dbesc($guid), intval($importer['uid']));
if (count($r)) {
if (link_compare($r[0]['author-link'], $contact['url'])) {
q("update item set `deleted` = 1, `changed` = '%s' where `id` = %d limit 1", dbesc(datetime_convert()), intval($r[0]['id']));
}
}
} else {
logger('diaspora_signed_retraction: unknown type: ' . $type);
}
return 202;
// NOTREACHED
}