attachment-server/phplib/libteamtokenverifier.php

<?php

function verify_team_token($gpub, $ttok) {
    if(!function_exists("sodium_crypto_sign_verify_detached")) {
        gen_error_500("function sodium_crypto_sign_verify_detached() not exists");
        exit;
    }
    $gpub=base64_decode($gpub);
    if($gpub===false||strlen($gpub)!==SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES) {
        gen_error_500("invalid \$gpub data");
        exit;
    }
    $ttok=explode(":", $ttok, 2);
    if(count($ttok)!==2) {
        return false;
    }
    if(!preg_match("#^[0-9]+$#", $ttok[0])) {
        return false;
    }
    $data="GZCTF_TEAM_".$ttok[0];
    $ttok[1]=base64_decode($ttok[1]);
    if($ttok[1]===false||strlen($ttok[1])!==SODIUM_CRYPTO_SIGN_BYTES) {
        return false;
    }
    return sodium_crypto_sign_verify_detached($ttok[1], $data, $gpub);
}