Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class CardController {
- function credit() {
- $this->helper();
- header("Content-Type: text/json; charset=utf-8");
- print json_encode(['credito'=>1572.44]);
- }
- function response_unauthorized() {
- header("HTTP/1.1 401 Unauthorized");
- header("Content-Type: text/html; charset=utf-8");
- exit('HTTP/1.1 401 No Autorizado');
- }
- function helper() {
- #'SessionID: nonce=a1b2c3,opaque=abc123'
- $sessionid = str_replace('SessionId: ', '', @apache_request_headers()['SessionID']);
- if(!$sessionid) $this->response_unauthorized();
- if(strpos($sessionid, 'nonce') === FALSE) $this->response_unauthorized(); #validar que nonce este en la cadena
- if(strpos($sessionid, 'opaque') === FALSE) $this->response_unauthorized(); #validar que opaque este en la cadena
- #TODO Recibir nonce y opaque
- @list($nonce, $opaque) = explode(',', $sessionid);
- $nonce = str_replace('nonce=', '', $nonce);
- $opaque = str_replace('opaque=', '', $opaque);
- #TODO verificar nonce y opaque existan
- if(!file_exists("../private/sessions/$nonce-$opaque")) $this->response_unauthorized();
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement