<?php
private function get_header_signature() {
$key = 'Camayak-Signature';
foreach (getallheaders() as $name => $value) {
if($name == $key) {
return $value;
}
}
return NULL;
}
private function calculate_signature($epoch) {
return hash_hmac('sha1', $epoch . $this->api_key, $this->shared_secret);
}
public function verify() {
// Verify that the incoming request is from Camayak.
$camayak_signature = $this->get_header_signature();
if(is_null($camayak_signature)) {
return true;
}
// Work out the drift permutations.
$time = time();
$epochs = array($time);
// signed_url_drift is how many seconds into the future and past to generate
// test signatures. 3 seconds should be sufficient.
foreach(range(1, $this->signed_url_drift) as $sec) {
$epochs[] = $time + $sec;
$epochs[] = $time - $sec;
}
foreach($epochs as $epoch) {
$signature = $this->calculate_signature($epoch);
if($signature == $camayak_signature) {
return true;
}
}
return false;
}
?>
