41 lines
1.2 KiB
PHP
41 lines
1.2 KiB
PHP
<?php
|
|
|
|
require_once("./src/config/env.php");
|
|
|
|
/**
|
|
* EXACT escape function from iKhokha docs
|
|
*/
|
|
function escapeString($str) {
|
|
$escaped = preg_replace(
|
|
['/[\\"\'\"]/u', '/\x00/'],
|
|
['\\\\$0', '\\0'],
|
|
(string)$str
|
|
);
|
|
$cleaned = str_replace('\/', '/', $escaped);
|
|
return $cleaned;
|
|
}
|
|
|
|
$callbackUrl = $_ENV['IKHOKHA_CALLBACK_URL'] ?? null;
|
|
$path = '/src/api/ikhokha_webhook.php';
|
|
$secret = $_ENV['IKHOKHA_APP_SECRET'] ?? null;
|
|
|
|
// Simulated raw webhook body (EXACT, no whitespace changes)
|
|
$raw = '{"paylinkID":"ys5225k4z56x0mm","status":"SUCCESS","externalTransactionID":"693efeaca71a9","responseCode":"00","text":null}';
|
|
|
|
echo "<strong>IK-SIGN FROM WEBHOOK:</strong><br>";
|
|
echo "bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557<br><br>";
|
|
|
|
$payloadToSign = $path . $raw;
|
|
|
|
// Generate signature using hash_hmac directly on the constructed string
|
|
$expected = hash_hmac('sha256', $payloadToSign, $secret);
|
|
|
|
// --- Output debug info (UPDATED) ---
|
|
echo "<strong>DEBUG INFO</strong><br>";
|
|
echo "Callback URL: $callbackUrl<br><br>";
|
|
|
|
echo "<strong>Payload to Sign (Un-escaped):</strong><br>";
|
|
echo htmlspecialchars($payloadToSign) . "<br><br>";
|
|
|
|
echo "<strong>EXPECTED SIGNATURE:</strong><br>";
|
|
echo $expected . "<br>"; |