File Manager V1.5

FILE_CONTENT: jwt_helper.php

<?php
class JWT {
    public static function decode($jwt, $key, array $allowed_algs) {
        $tks = explode('.', $jwt);
        if (count($tks) != 3) {
            throw new Exception('Wrong number of segments');
        }

        list($headb64, $bodyb64, $cryptob64) = $tks;
        $header = json_decode(base64_decode(str_replace(['-', '_'], ['+', '/'], $headb64) . '=='), true);
        $payload = json_decode(base64_decode(str_replace(['-', '_'], ['+', '/'], $bodyb64) . '=='), true);

        if ($header['alg'] !== $allowed_algs[0]) {
            throw new Exception('Algorithm not allowed');
        }

        $signature = base64_decode(str_replace(['-', '_'], ['+', '/'], $cryptob64) . '==');
        $data = $headb64 . '.' . $bodyb64;
        $expected = hash_hmac('sha256', $data, $key, true);

        if (!hash_equals($expected, $signature)) {
            throw new Exception('Invalid signature');
        }

        return (object)$payload;
    }
}
?>