AlienHoboken · March 3, 2017 20:07
diff --git a/github_webhook_update.php b/github_webhook_update.php
 <?php
 	//polyfill for missing hash_equals
 	if(!function_exists('hash_equals'))
 	{
 	    function hash_equals($str1, $str2)
 	    {
 	        if(strlen($str1) != strlen($str2))
 	        {
 	            return false;
 	        }
 	        else
 	        {
 	            $res = $str1 ^ $str2;
 	            $ret = 0;
 	            for($i = strlen($res) - 1; $i >= 0; $i--)
 	            {
 	                $ret |= ord($res[$i]);
 	            }
 	            return !$ret;
 	        }
 	    }
 	}

 	$signatureHeader = $_SERVER['HTTP_X_HUB_SIGNATURE'];
 	$requestBody = file_get_contents('php://input');
 	
 	$signature = "sha1=" . hash_hmac('sha1', $requestBody, 'your secret key here');

 	if(hash_equals($signatureHeader, $signature))
 		exec('cd /path/to/your/repo git reset --hard HEAD && git pull');
 	else
 		echo "Sorry pal, can't do that!";
 ?>
	<?php
	//polyfill for missing hash_equals
	if(!function_exists('hash_equals'))
	{
	function hash_equals($str1, $str2)
	{
	if(strlen($str1) != strlen($str2))
	{
	return false;
	}
	else
	{
	$res = $str1 ^ $str2;
	$ret = 0;
	for($i = strlen($res) - 1; $i >= 0; $i--)
	{
	$ret \|= ord($res[$i]);
	}
	return !$ret;
	}
	}
	}

	$signatureHeader = $_SERVER['HTTP_X_HUB_SIGNATURE'];
	$requestBody = file_get_contents('php://input');

	$signature = "sha1=" . hash_hmac('sha1', $requestBody, 'your secret key here');

	if(hash_equals($signatureHeader, $signature))
	exec('cd /path/to/your/repo git reset --hard HEAD && git pull');
	else
	echo "Sorry pal, can't do that!";
	?>