jpallari · February 16, 2016 19:00
diff --git a/ghwh.php b/ghwh.php
 <?php

 // Conf
 $secret = 'mysecret';
 $command = '/path/to/script.sh';

 function fail($msg) {
  http_response_code(400);
  echo $msg;
  exit(1);
 }

 function forbidden($msg) {
  http_response_code(403);
  echo 'forbidden access: ' . $msg;
  exit(1);
 }

 // Request
 $headers = getallheaders();
 $event = $headers['X-Github-Event'];
 $signature = $headers['X-Hub-Signature'];
 list($algo, $hash) = explode('=', $signature, 2);
 $payload = file_get_contents('php://input');
 $payloadHash = hash_hmac($algo, $payload, $secret);

 // Verify secret
 if ($hash !== $payloadHash) forbidden('invalid secret');

 // Verify request
 if ($event === 'ping') {
  echo 'pong';
  exit(1);
 }

 if ($event !== 'push') fail('only accepting push events. got ' . $event . ' instead.');

 // Execute command
 $status = 0;
 $out = "";
 exec($command, $out, $status);

 if ($status !== 0) {
  error_log($out);
  fail('error occurred while executing the command');
 }

 ?>
	<?php

	// Conf
	$secret = 'mysecret';
	$command = '/path/to/script.sh';

	function fail($msg) {
	http_response_code(400);
	echo $msg;
	exit(1);
	}

	function forbidden($msg) {
	http_response_code(403);
	echo 'forbidden access: ' . $msg;
	exit(1);
	}

	// Request
	$headers = getallheaders();
	$event = $headers['X-Github-Event'];
	$signature = $headers['X-Hub-Signature'];
	list($algo, $hash) = explode('=', $signature, 2);
	$payload = file_get_contents('php://input');
	$payloadHash = hash_hmac($algo, $payload, $secret);

	// Verify secret
	if ($hash !== $payloadHash) forbidden('invalid secret');

	// Verify request
	if ($event === 'ping') {
	echo 'pong';
	exit(1);
	}

	if ($event !== 'push') fail('only accepting push events. got ' . $event . ' instead.');

	// Execute command
	$status = 0;
	$out = "";
	exec($command, $out, $status);

	if ($status !== 0) {
	error_log($out);
	fail('error occurred while executing the command');
	}

	?>