[project @ FileStore, SQLStore, MemStore: check timestamp in useNonce]

author: Kevin Turner <kevin@janrain.com> 2007-09-21 20:48:30 +0000
committer: Kevin Turner <kevin@janrain.com> 2007-09-21 20:48:30 +0000
commit: 9c168c800101927b79f150282106feb9d26912f6 (patch)
tree: db4aabfff08a65a8ef447c89905f3e0f15e8217d /Auth/OpenID/SQLStore.php
parent: 808f9c76f9c68af06008cd147595efe0f3323923 (diff)
download: php-openid-9c168c800101927b79f150282106feb9d26912f6.zip
php-openid-9c168c800101927b79f150282106feb9d26912f6.tar.gz
php-openid-9c168c800101927b79f150282106feb9d26912f6.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/Auth/OpenID/SQLStore.php b/Auth/OpenID/SQLStore.php
index bd99dd2..0f58203 100644
--- a/Auth/OpenID/SQLStore.php
+++ b/Auth/OpenID/SQLStore.php
@@ -27,6 +27,7 @@ $__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php';
  * @access private
  */
 require_once 'Auth/OpenID/Interface.php';
+require_once 'Auth/OpenID/Nonce.php';
 
 /**
  * @access private
@@ -487,6 +488,12 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
 
     function useNonce($server_url, $timestamp, $salt)
     {
+        global $Auth_OpenID_SKEW;
+
+        if ( abs($timestamp - gmmktime()) > $Auth_OpenID_SKEW ) {
+            return False;
+        }
+
         return $this->_add_nonce($server_url, $timestamp, $salt);
     }
author	Kevin Turner <kevin@janrain.com>	2007-09-21 20:48:30 +0000
committer	Kevin Turner <kevin@janrain.com>	2007-09-21 20:48:30 +0000
commit	9c168c800101927b79f150282106feb9d26912f6 (patch)
tree	db4aabfff08a65a8ef447c89905f3e0f15e8217d /Auth/OpenID/SQLStore.php
parent	808f9c76f9c68af06008cd147595efe0f3323923 (diff)
download	php-openid-9c168c800101927b79f150282106feb9d26912f6.zip php-openid-9c168c800101927b79f150282106feb9d26912f6.tar.gz php-openid-9c168c800101927b79f150282106feb9d26912f6.tar.bz2