[PHP] HMAC verification fails

jollysoundcake1
New Member
2 0 0

Hi Everyone,

I've added a script attempting to verify hmac on my main App URL route, tried to use a fairly fresh method I found on one of the SDK's 

Also, tried a couple different solutions from Stackoverflow, as well as generating a new API secret - to no avail, the verification always fails (provided hmac never matches the one my code generates)

Here's the current code, any ideas?

            $getArray = $_GET;
            $hmacProvided = '';
            if (isset($getArray['hmac'])) {
                $hmacProvided = $getArray['hmac'];
                unset($getArray['hmac']);
            } else {
                //hmac value not found
            }
            //deprecated
            if (isset($getArray['signature'])) {
                unset($getArray['signature']);
            }
            $paramStrings = [];
            foreach ($getArray as $key => $value) {
                $paramStrings[] = "$key=$value";
            }
            $str = join('&', $paramStrings);
            $realHmac = hash_hmac('sha256', $str, $apiSecret);
            //
            if (md5($realHmac) === md5($hmacProvided)) {
                $verifyHmac = true;
            } else {
                $verifyHmac = false;
            }

Thanks,

Luke

0 Likes
jollysoundcake1
New Member
2 0 0

Anyone?

0 Likes
tomhv
New Member
1 0 0

Have you tried

            $str = join('&', $paramStrings);

 

instead of 

            $str = join('&', $paramStrings);

 

 

0 Likes