[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /*
   4   * This file is part of the Symfony package.
   5   *
   6   * (c) Fabien Potencier <fabien@symfony.com>
   7   *
   8   * For the full copyright and license information, please view the LICENSE
   9   * file that was distributed with this source code.
  10   */
  11  
  12  namespace Symfony\Component\HttpKernel;
  13  
  14  /**
  15   * Signs URIs.
  16   *
  17   * @author Fabien Potencier <fabien@symfony.com>
  18   */
  19  class UriSigner
  20  {
  21      private $secret;
  22  
  23      /**
  24       * @param string $secret A secret
  25       */
  26      public function __construct($secret)
  27      {
  28          $this->secret = $secret;
  29      }
  30  
  31      /**
  32       * Signs a URI.
  33       *
  34       * The given URI is signed by adding a _hash query string parameter
  35       * which value depends on the URI and the secret.
  36       *
  37       * @param string $uri A URI to sign
  38       *
  39       * @return string The signed URI
  40       */
  41      public function sign($uri)
  42      {
  43          $url = parse_url($uri);
  44          if (isset($url['query'])) {
  45              parse_str($url['query'], $params);
  46          } else {
  47              $params = array();
  48          }
  49  
  50          $uri = $this->buildUrl($url, $params);
  51  
  52          return $uri.(false === strpos($uri, '?') ? '?' : '&').'_hash='.$this->computeHash($uri);
  53      }
  54  
  55      /**
  56       * Checks that a URI contains the correct hash.
  57       *
  58       * @param string $uri A signed URI
  59       *
  60       * @return bool True if the URI is signed correctly, false otherwise
  61       */
  62      public function check($uri)
  63      {
  64          $url = parse_url($uri);
  65          if (isset($url['query'])) {
  66              parse_str($url['query'], $params);
  67          } else {
  68              $params = array();
  69          }
  70  
  71          if (empty($params['_hash'])) {
  72              return false;
  73          }
  74  
  75          $hash = urlencode($params['_hash']);
  76          unset($params['_hash']);
  77  
  78          return hash_equals($this->computeHash($this->buildUrl($url, $params)), $hash);
  79      }
  80  
  81      private function computeHash($uri)
  82      {
  83          return urlencode(base64_encode(hash_hmac('sha256', $uri, $this->secret, true)));
  84      }
  85  
  86      private function buildUrl(array $url, array $params = array())
  87      {
  88          ksort($params, SORT_STRING);
  89          $url['query'] = http_build_query($params, '', '&');
  90  
  91          $scheme = isset($url['scheme']) ? $url['scheme'].'://' : '';
  92          $host = isset($url['host']) ? $url['host'] : '';
  93          $port = isset($url['port']) ? ':'.$url['port'] : '';
  94          $user = isset($url['user']) ? $url['user'] : '';
  95          $pass = isset($url['pass']) ? ':'.$url['pass'] : '';
  96          $pass = ($user || $pass) ? "$pass@" : '';
  97          $path = isset($url['path']) ? $url['path'] : '';
  98          $query = isset($url['query']) && $url['query'] ? '?'.$url['query'] : '';
  99          $fragment = isset($url['fragment']) ? '#'.$url['fragment'] : '';
 100  
 101          return $scheme.$user.$pass.$host.$port.$path.$query.$fragment;
 102      }
 103  }