nicholasareed/gist:1463073

## gistfile1.aw
<?php

// Get token_secret from Settings page
$inbox_hooks_access_token = 'secret_token_here'

// Get the given (POSTed) digest
$headers = getallheaders();
if(!isset($headers['X-InboxHooks-Post-Auth'])){
	header('HTTP/1.1 401 Unauthorized');
	echo "Failed authentication, no X-InboxHooks-Post-Auth was present";
	exit;
}
$given_digest = $headers['X-InboxHooks-Post-Auth'];

// Get Raw POST string
$raw_post = @file_get_contents('php://input');

// Calculate actual digest based on POST string
$calculated_digest = hash_hmac('md5',$raw_post,$inbox_hooks_access_token);

if ($calculated_digest != $given_digest){
	header('HTTP/1.1 401 Unauthorized');
	echo "Digest did not match. Given: ".$given_digest.".  Calculated: ".$calculated_digest;
	exit();
}

// Successfully authenticated request
return true;
?>
	<?php

	// Get token_secret from Settings page
	$inbox_hooks_access_token = 'secret_token_here'

	// Get the given (POSTed) digest
	$headers = getallheaders();
	if(!isset($headers['X-InboxHooks-Post-Auth'])){
	header('HTTP/1.1 401 Unauthorized');
	echo "Failed authentication, no X-InboxHooks-Post-Auth was present";
	exit;
	}
	$given_digest = $headers['X-InboxHooks-Post-Auth'];

	// Get Raw POST string
	$raw_post = @file_get_contents('php://input');

	// Calculate actual digest based on POST string
	$calculated_digest = hash_hmac('md5',$raw_post,$inbox_hooks_access_token);

	if ($calculated_digest != $given_digest){
	header('HTTP/1.1 401 Unauthorized');
	echo "Digest did not match. Given: ".$given_digest.". Calculated: ".$calculated_digest;
	exit();
	}

	// Successfully authenticated request
	return true;
	?>