froboy
commented
4 years ago Here's a much cleaner function to validate:
/**
* Validate Daxko Barcode signature as per instructions here
* https://github.com/daxko/dax-signature-validation.
*
* @param string $dax_expiration
* @param string $status
* @param string $area_id
* @param string $validation_secret
* @param string $dax_signature
*
* @return bool
* Whether the signature is validated or not.
*/
private function validDaxSignature($dax_expiration, $status, $area_id, $validation_secret, $dax_signature) {
$now = round(microtime(true)*1000);
if ($now > $dax_expiration) {
return FALSE;
}
$input_string = $dax_expiration . $status . $area_id;
$key = hex2bin($validation_secret);
$our_signature = strtoupper(hash_hmac("sha256", $input_string, $key));
return hash_equals($our_signature, $dax_signature);
}
There are a number of pieces here that don't translate directly to PHP so in addition to providing an example it might be good to translate some of the instructions too.
A few things:
time()is in seconds. There's no native function that gets milliseconds so we'll do a little rounding. Since we're just checking if 10 min has elapsed this doesn't really matter.Here's a really rough code snippet that I tested on http://phptester.net/