diff options
| author | Kevin Turner <kevin@janrain.com> | 2007-09-21 20:48:30 +0000 |
|---|---|---|
| committer | Kevin Turner <kevin@janrain.com> | 2007-09-21 20:48:30 +0000 |
| commit | 9c168c800101927b79f150282106feb9d26912f6 (patch) | |
| tree | db4aabfff08a65a8ef447c89905f3e0f15e8217d /Auth | |
| parent | 808f9c76f9c68af06008cd147595efe0f3323923 (diff) | |
| download | php-openid-9c168c800101927b79f150282106feb9d26912f6.zip php-openid-9c168c800101927b79f150282106feb9d26912f6.tar.gz php-openid-9c168c800101927b79f150282106feb9d26912f6.tar.bz2 | |
[project @ FileStore, SQLStore, MemStore: check timestamp in useNonce]
Diffstat (limited to 'Auth')
| -rw-r--r-- | Auth/OpenID/FileStore.php | 7 | ||||
| -rw-r--r-- | Auth/OpenID/SQLStore.php | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/Auth/OpenID/FileStore.php b/Auth/OpenID/FileStore.php index dba0e4d..34266ca 100644 --- a/Auth/OpenID/FileStore.php +++ b/Auth/OpenID/FileStore.php @@ -20,6 +20,7 @@ require_once 'Auth/OpenID.php'; require_once 'Auth/OpenID/Interface.php'; require_once 'Auth/OpenID/HMACSHA1.php'; +require_once 'Auth/OpenID/Nonce.php'; /** * This is a filesystem-based store for OpenID associations and @@ -337,11 +338,17 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { */ function useNonce($server_url, $timestamp, $salt) { + global $Auth_OpenID_SKEW; + if (!$this->active) { trigger_error("FileStore no longer active", E_USER_ERROR); return null; } + if ( abs($timestamp - gmmktime()) > $Auth_OpenID_SKEW ) { + return False; + } + if ($server_url) { list($proto, $rest) = explode('://', $server_url, 2); } else { diff --git a/Auth/OpenID/SQLStore.php b/Auth/OpenID/SQLStore.php index bd99dd2..0f58203 100644 --- a/Auth/OpenID/SQLStore.php +++ b/Auth/OpenID/SQLStore.php @@ -27,6 +27,7 @@ $__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php'; * @access private */ require_once 'Auth/OpenID/Interface.php'; +require_once 'Auth/OpenID/Nonce.php'; /** * @access private @@ -487,6 +488,12 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { function useNonce($server_url, $timestamp, $salt) { + global $Auth_OpenID_SKEW; + + if ( abs($timestamp - gmmktime()) > $Auth_OpenID_SKEW ) { + return False; + } + return $this->_add_nonce($server_url, $timestamp, $salt); } |