function validate_api_signature()
{
global $__vp_validate_error;
if (!empty($_POST['signature'])) {
if (is_string($_POST['signature'])) {
$sig = $_POST['signature'];
} else {
$__vp_validate_error = array('error' => 'invalid_signature_format');
return false;
}
} else {
$__vp_validate_error = array('error' => 'no_signature');
return false;
}
$secret = $this->get_option('secret');
if (!$secret) {
$__vp_validate_error = array('error' => 'missing_secret');
return false;
}
if (!$this->get_option('disable_firewall')) {
if (!$this->check_firewall()) {
return false;
}
}
$sig = explode(':', $sig);
if (!is_array($sig) || count($sig) != 2 || !isset($sig[0]) || !isset($sig[1])) {
$__vp_validate_error = array('error' => 'invalid_signature_format');
return false;
}
// Pass 1 -- new method
$uri = preg_replace('/^[^?]+\\?/', '?', $_SERVER['REQUEST_URI']);
$post = $_POST;
unset($post['signature']);
// Work around for dd-formmailer plugin
if (isset($post['_REPEATED'])) {
unset($post['_REPEATED']);
}
ksort($post);
$to_sign = serialize(array('uri' => $uri, 'post' => $post));
if ($this->can_use_openssl()) {
$sslsig = '';
if (isset($post['sslsig'])) {
$sslsig = $post['sslsig'];
unset($post['sslsig']);
}
if (openssl_verify(serialize(array('uri' => $uri, 'post' => $post)), base64_decode($sslsig), $this->get_option('public_key'))) {
return true;
} else {
$__vp_validate_error = array('error' => 'invalid_signed_data');
return false;
}
}
$signature = $this->sign_string($to_sign, $secret, $sig[1]);
if ($sig[0] === $signature) {
return true;
}
$__vp_validate_error = array('error' => 'invalid_signed_data');
return false;
}
