<?php /** * SMS Signin Gateway - HMAC class * @author adrian7 (adrian@studentmoneysaver.co.uk) * @version 1.1 */ /** * Generates/Validates HMAC signatures * Class HMAC * @link http://signin.studentmoneysaver.co.uk/docs/#API * @package App\Library */ class HMAC{ /** * Timezone */ const TZ = 'UTC'; /** * Cypher/algorithm to use * @see hash_algos() */ const CYPHER = 'sha256'; /** * Time frame in seconds, in which a message is considered valid */ const TIMEFRAME = 300; /** * Internal time format */ const TIME_FORMAT = 'Y-m-d H:i:s'; /** * Verifies a HMAC signature * @param $data * @param $signature * @param $privateKey * @param $timestamp * * @return bool */ public static function verify($data, $signature, $privateKey, $timestamp){ $now = self::timestamp(self::TZ); $tmin = ( $now - ( self::TIMEFRAME/2 ) ); $tmax = ( $now + ( self::TIMEFRAME/2 ) ); if( ( $timestamp < $tmin ) or ( $timestamp > $tmax ) ) return false; //out of time range $data = strval( $data ); $computed_sig = self::signature($data, $privateKey, $timestamp); return $signature == $computed_sig; } /** * Generates a HMAC signature * @param $data * @param $privateKey * @param null $timestamp * * @return string */ public static function signature($data, $privateKey, $timestamp=null){ $timestamp = empty($timestamp) ? self::timestamp(self::TZ) : intval($timestamp); $data = strval( $data ); $sig = base64_encode( hash_hmac(self::CYPHER, $data, $privateKey . '::' . date(self::TIME_FORMAT, $timestamp), true) ); echo "Time: " . $timestamp; return $sig; } /** * Generates timestamp based on timezone * @param string $tz * * @return int */ public static function timestamp($tz='UTC'){ $tz = new \DateTimeZone($tz); return date_create(NULL, $tz)->getTimestamp(); } /** * Validates a hash algorithm * @param $algo * @see hash_algos() * @return bool */ public static function isValidHashAlgo($algo){ $algos = hash_algos(); return in_array($algo, $algos); } } $timestamp = empty($timestamp) ? HMAC::timestamp(HMAC::TZ) : intval($timestamp); $url = "https://signin.studentmoneysaver.co.uk/api/?onSuccess=https%3A%2F%2Fwww.google.si%2Fsearch%3Fq%3Dsuccess&onFail=https%3A%2F%2Fwww.google.si%2Fsearch%3Fq%3Dfail&apikey=test-Yr82f2DowCdxRumRwAD8r66KMFF4GWDm×tamp=$timestamp"; echo "Signature: " . HMAC::signature( $url, 'NP8T2NY2SR0XTNZ5', $timestamp);
You have javascript disabled. You will not be able to edit any code.