araddon/signed_request.php

## signed_request.php
<?php
function parse_signed_request($signed_request, $secret) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2);

  // decode the data
  $sig = base64_url_decode($encoded_sig);
  $jsondata = base64_url_decode($payload);
  $data = json_decode($jsondata, true);

  if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
    error_log('Unknown algorithm. Expected HMAC-SHA256');
    return null;
  }

  // check sig
  $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
  }
  return $data;
}
function grab_app_data($signed_request, $secret) {
  $data = parse_signed_request($signed_request, $secret);
  if (!(is_null($data)) and array_key_exists('app_data',$data)){
     return $data['app_data'];
  } else {
     return "";
  }
}
function base64_url_decode($input) {
  return base64_decode(strtr($input, '-_', '+/'));
}
?>
	<?php
	function parse_signed_request($signed_request, $secret) {
	list($encoded_sig, $payload) = explode('.', $signed_request, 2);

	// decode the data
	$sig = base64_url_decode($encoded_sig);
	$jsondata = base64_url_decode($payload);
	$data = json_decode($jsondata, true);

	if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
	error_log('Unknown algorithm. Expected HMAC-SHA256');
	return null;
	}

	// check sig
	$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
	if ($sig !== $expected_sig) {
	error_log('Bad Signed JSON signature!');
	return null;
	}
	return $data;
	}
	function grab_app_data($signed_request, $secret) {
	$data = parse_signed_request($signed_request, $secret);
	if (!(is_null($data)) and array_key_exists('app_data',$data)){
	return $data['app_data'];
	} else {
	return "";
	}
	}
	function base64_url_decode($input) {
	return base64_decode(strtr($input, '-_', '+/'));
	}
	?>