phiranf · February 14, 2020 11:09
diff --git a/fetch.php b/fetch.php
 <?php
 /*
 *
 *   DocCheck FETCH Login Script
 *   Set the secret_key that has been provided to you by DocCheck or vice versa in row 12
 *   Example url:
 *     domain.tld/fetch.php?dc_fetch_timestamp=1580983484969&dc_fetch_checksum=abcd
 *
 */

 ob_start();

 $secret_key = "SECRET";
 $dc_timestamp = $_GET['dc_fetch_timestamp'];
 $dc_checksum = $_GET['dc_fetch_checksum'];
 $response = array("error");

 function check_server_time_difference($time, $time_span) {
  $server_time = time();
  $min_time = $time - $time_span;
  $max_time = $time + $time_span;

  if ( ( $server_time >= $min_time ) && ( $server_time <= $max_time ) ) {
    return true;
  } else {
    return false;
  }

 }

 function validate_checksum($key, $timestamp, $checksum) {
  $hash = md5('DC_Login_FetchUrl::' . $key . '::' . $timestamp);
  if ($hash == $checksum) {
    return true;
  } else {
    return false;
  }

 }

 if (check_server_time_difference($dc_timestamp, 30)) {
  if (validate_checksum($secret_key, $dc_timestamp, $dc_checksum)) {
    session_start();
    $response = array(
      'session_id' => session_id()
    );
  } else {
    die("The checksum or the key do not match.");
  };
 } else {
  die ("Timestamp mismatches");
 }

 //  Get rid of all output buffers
 ob_end_clean();

 // Return session ID to doccheck
 return json_encode($response);
 ?>
	<?php
	/*
	*
	* DocCheck FETCH Login Script
	* Set the secret_key that has been provided to you by DocCheck or vice versa in row 12
	* Example url:
	* domain.tld/fetch.php?dc_fetch_timestamp=1580983484969&dc_fetch_checksum=abcd
	*
	*/

	ob_start();

	$secret_key = "SECRET";
	$dc_timestamp = $_GET['dc_fetch_timestamp'];
	$dc_checksum = $_GET['dc_fetch_checksum'];
	$response = array("error");

	function check_server_time_difference($time, $time_span) {
	$server_time = time();
	$min_time = $time - $time_span;
	$max_time = $time + $time_span;

	if ( ( $server_time >= $min_time ) && ( $server_time <= $max_time ) ) {
	return true;
	} else {
	return false;
	}

	}

	function validate_checksum($key, $timestamp, $checksum) {
	$hash = md5('DC_Login_FetchUrl::' . $key . '::' . $timestamp);
	if ($hash == $checksum) {
	return true;
	} else {
	return false;
	}

	}

	if (check_server_time_difference($dc_timestamp, 30)) {
	if (validate_checksum($secret_key, $dc_timestamp, $dc_checksum)) {
	session_start();
	$response = array(
	'session_id' => session_id()
	);
	} else {
	die("The checksum or the key do not match.");
	};
	} else {
	die ("Timestamp mismatches");
	}

	// Get rid of all output buffers
	ob_end_clean();

	// Return session ID to doccheck
	return json_encode($response);
	?>