Merge pull request #3 from Crypto2/master

Added HMAC support
RonMelkhior · Feb 12, 2017 · 5001a18 · 5001a18
2 parents 7d0bfc1 + 6b3713d
commit 5001a18
Showing 1 changed file with 19 additions and 8 deletions.
diff --git a/src/RonMelkhior/CoinpaymentsIPN/IPN.php b/src/RonMelkhior/CoinpaymentsIPN/IPN.php
@@ -24,17 +24,28 @@ public function validate(array $post_data, array $server_data)
             throw new InvalidRequestException("Insufficient POST data provided.");
         }
 
-        if ($post_data['ipn_mode'] !== 'httpauth') {
+        if ($post_data['ipn_mode'] == 'httpauth') {
+            if ($server_data['PHP_AUTH_USER'] !== $this->merchant_id) {
+                throw new InsufficientDataException("Invalid merchant ID provided.");
+            }
+
+            if ($server_data['PHP_AUTH_PW'] !== $this->ipn_secret) {
+                throw new InsufficientDataException("Invalid IPN secret provided.");
+            }
+        } elseif ($post_data['ipn_mode'] == 'hmac') {
+            $hmac = hash_hmac("sha512", file_get_contents('php://input'), $this->ipn_secret);
+
+            if ($hmac !== $server_data['HTTP_HMAC']) {
+                throw new InsufficientDataException("Invalid HMAC provided.");
+            }
+
+            if ($post_data['merchant'] !== $this->merchant_id) {
+                throw new InsufficientDataException("Invalid merchant ID provided.");
+            }
+        } else {
             throw new InvalidRequestException("Invalid IPN mode provided.");
         }
 
-        if ($server_data['PHP_AUTH_USER'] !== $this->merchant_id) {
-            throw new InsufficientDataException("Invalid merchant ID provided.");
-        }
-
-        if ($server_data['PHP_AUTH_PW'] !== $this->ipn_secret) {
-            throw new InsufficientDataException("Invalid IPN secret provided.");
-        }
 
         $order_status = $post_data['status'];
         $order_status_text = $post_data['status_text'];