Created
February 16, 2023 01:05
-
-
Save InvoxiPlayGames/896f3f75cc41b1bc87557715ba566976 to your computer and use it in GitHub Desktop.
Discord Interactions signature validation in native PHP 7.2+
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $timestamp = $_SERVER['HTTP_X_SIGNATURE_TIMESTAMP']; | |
| $signature = hex2bin($_SERVER['HTTP_X_SIGNATURE_ED25519']); | |
| if ($signature === false) { | |
| die(http_response_code(403)); | |
| } | |
| $publickey = hex2bin("[ YOUR_APP_PUBLIC_KEY ]"); // REPLACE THIS WITH YOUR OWN APP'S! | |
| $postdata = file_get_contents('php://input'); | |
| // signature verification; | |
| // requires PHP7.2+ compiled with sodium support and extension=sodium to be enabled in php.ini | |
| $data_to_verify = $timestamp . $postdata; | |
| if (sodium_crypto_sign_verify_detached($signature, $data_to_verify, $publickey) !== true) { | |
| die(http_response_code(403)); | |
| } | |
| // parse your $postdata here... | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment