/**
* This function will do two things. Firstly it verifies that a HMAC signature
* hasn't been seen before, and secondly it will add the given hmac to the cache.
*
* @param string $hmac The hmac string.
*
* @return bool True if replay detected, false if not.
* @access private
*/
function cache_hmac_check_replay($hmac)
{
// cache lifetime is 25 hours (this should be related to the time drift
// allowed in get_and_validate_headers
$cache = new ElggHMACCache(90000);
if (!$cache->load($hmac)) {
$cache->save($hmac, $hmac);
return false;
}
return true;
}