How to validate a wmsAuthSign hash in php?

Question

How to validate a wmsAuthSign hash in php?

Asked 8 years, 1 month ago

Viewed 294 times

1

I have the following code that creates a hash security for authentication on media servers, would like to know how it could be validated in php itself, media servers should use some logic for this, and that’s what I want, a code that does the same in php.

I think the biggest difficulty is with the gmdate which changes the face access to the generation function of the hash security, such as the hash is passed by md5, there’s no way to get the gmdate for a comparison, for security is clear, then, what could be done to create a new validation function of the hash wmsAuthSign?

The generation code of wmsAuthSign:

$today = gmdate("n/j/Y g:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$key = "defaultpassword";
$validminutes = 20;
$str2hash = $ip . $key . $today . $validminutes;
$md5raw = md5($str2hash, true);
$base64hash = base64_encode($md5raw);
$urlsignature = "server_time=" . $today ."&hash_value=" . $base64hash. "&validminutes=$validminutes";
$base64urlsignature = base64_encode($urlsignature);
wmsAuthSign=<?php echo $base64urlsignature;?>

In short, I create my own hash, but I can’t validate in php.

If someone has an answer that requires modification of the above code, feel free to post the modified code with the answer, as long as it does not result in a loss of security in this function.

– Florida

2016/10/11 at 16:56

1 answer

Browser other questions tagged php security-guard validation logic md5

You are not signed in. Login or sign up in order to post.

by Pedro Morais • **452** points · Answer 1 · 2016-10-11T20:21:08+00:00

base64_decode($urlsignature);
$dados = explode($urlsignature,"&");
$validar = [];
foreach($dados as $k=>$v){
    //converte a url em array
    $temp = explode($v,"=");
    $key = $temp[0];
    unset($temp[0]);
    if(count($temp)>1){
        $value = implode($temp,"=");
    }
    else{
        $value = $temp[1];
    }
    $validar[$key] = $value;
}

// O array Validar terá todos os seus dados, mas saiba que uma vez que você converter para md5, o mesmo não poderá ser "desconvertido" (na verdade é pra isso mesmo que o md5 serve kkkkk)