[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /*
   4   * This file is part of the Symfony package.
   5   *
   6   * (c) Fabien Potencier <fabien@symfony.com>
   7   *
   8   * For the full copyright and license information, please view the LICENSE
   9   * file that was distributed with this source code.
  10   */
  11  
  12  namespace Symfony\Component\HttpKernel;
  13  
  14  /**
  15   * Signs URIs.
  16   *
  17   * @author Fabien Potencier <fabien@symfony.com>
  18   */
  19  class UriSigner
  20  {
  21      private $secret;
  22  
  23      /**
  24       * Constructor.
  25       *
  26       * @param string $secret A secret
  27       */
  28      public function __construct($secret)
  29      {
  30          $this->secret = $secret;
  31      }
  32  
  33      /**
  34       * Signs a URI.
  35       *
  36       * The given URI is signed by adding a _hash query string parameter
  37       * which value depends on the URI and the secret.
  38       *
  39       * @param string $uri A URI to sign
  40       *
  41       * @return string The signed URI
  42       */
  43      public function sign($uri)
  44      {
  45          $url = parse_url($uri);
  46          if (isset($url['query'])) {
  47              parse_str($url['query'], $params);
  48          } else {
  49              $params = array();
  50          }
  51  
  52          $uri = $this->buildUrl($url, $params);
  53  
  54          return $uri.(false === strpos($uri, '?') ? '?' : '&').'_hash='.$this->computeHash($uri);
  55      }
  56  
  57      /**
  58       * Checks that a URI contains the correct hash.
  59       *
  60       * The _hash query string parameter must be the last one
  61       * (as it is generated that way by the sign() method, it should
  62       * never be a problem).
  63       *
  64       * @param string $uri A signed URI
  65       *
  66       * @return bool True if the URI is signed correctly, false otherwise
  67       */
  68      public function check($uri)
  69      {
  70          $url = parse_url($uri);
  71          if (isset($url['query'])) {
  72              parse_str($url['query'], $params);
  73          } else {
  74              $params = array();
  75          }
  76  
  77          if (empty($params['_hash'])) {
  78              return false;
  79          }
  80  
  81          $hash = urlencode($params['_hash']);
  82          unset($params['_hash']);
  83  
  84          return $this->computeHash($this->buildUrl($url, $params)) === $hash;
  85      }
  86  
  87      private function computeHash($uri)
  88      {
  89          return urlencode(base64_encode(hash_hmac('sha1', $uri, $this->secret, true)));
  90      }
  91  
  92      private function buildUrl(array $url, array $params = array())
  93      {
  94          ksort($params, SORT_STRING);
  95          $url['query'] = http_build_query($params, '', '&');
  96  
  97          $scheme = isset($url['scheme']) ? $url['scheme'].'://' : '';
  98          $host = isset($url['host']) ? $url['host'] : '';
  99          $port = isset($url['port']) ? ':'.$url['port'] : '';
 100          $user = isset($url['user']) ? $url['user'] : '';
 101          $pass = isset($url['pass']) ? ':'.$url['pass']  : '';
 102          $pass = ($user || $pass) ? "$pass@" : '';
 103          $path = isset($url['path']) ? $url['path'] : '';
 104          $query = isset($url['query']) && $url['query'] ? '?'.$url['query'] : '';
 105          $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : '';
 106  
 107          return $scheme.$user.$pass.$host.$port.$path.$query.$fragment;
 108      }
 109  }