Created
December 11, 2011 22:09
-
-
Save nicholasareed/1463073 to your computer and use it in GitHub Desktop.
PHP POST Authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// Get token_secret from Settings page | |
$inbox_hooks_access_token = 'secret_token_here' | |
// Get the given (POSTed) digest | |
$headers = getallheaders(); | |
if(!isset($headers['X-InboxHooks-Post-Auth'])){ | |
header('HTTP/1.1 401 Unauthorized'); | |
echo "Failed authentication, no X-InboxHooks-Post-Auth was present"; | |
exit; | |
} | |
$given_digest = $headers['X-InboxHooks-Post-Auth']; | |
// Get Raw POST string | |
$raw_post = @file_get_contents('php://input'); | |
// Calculate actual digest based on POST string | |
$calculated_digest = hash_hmac('md5',$raw_post,$inbox_hooks_access_token); | |
if ($calculated_digest != $given_digest){ | |
header('HTTP/1.1 401 Unauthorized'); | |
echo "Digest did not match. Given: ".$given_digest.". Calculated: ".$calculated_digest; | |
exit(); | |
} | |
// Successfully authenticated request | |
return true; | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment