public static function verifySignedQueryString($data, $now = null)
{
if (is_null($now)) {
$now = time();
}
$pos = strrpos($data, '&_h=');
if ($pos === false) {
return false;
}
$pos += 4;
$queryString = substr($data, 0, $pos);
$hmac = substr($data, $pos);
if ($hmac != Horde_Url::uriB64Encode(hash_hmac('sha1', $queryString, $GLOBALS['conf']['secret_key'], true))) {
return false;
}
// String was not tampered with; now validate timestamp
parse_str($queryString, $values);
return !($values['_t'] + $GLOBALS['conf']['urls']['hmac_lifetime'] * 60 < $now);
}