Handling hub.secret with PHP


#1

Since the hub.secret value is returned, all that remains is to check for equality.

I saw this url.

$hash = ‘sha256=’ . hash_hmac(‘sha256’, $data, $mySecret);

I want to know in detail what to put in $data and $mySecret.


#2

$mySecret is the secret you used when you created the subscription.

aka hub.secret

And $data is $data = file_get_contents("php://input"); as shown in the post you linked.


#3

I’m really sorry. I tried the potential I could but did not solve it.

What does file_get_contents (“php: // input”); represent?

URL?
file_get_contents (hub.callback);?
file_get_contents (hub.topic);?

I don’t understand (“php: // input”).


#4

https://www.php.net/manual/en/wrappers.php.php

php://input is a read-only stream that allows you to read raw data from the request body. In the case of POST requests, it is preferable to use php://input instead of $HTTP_RAW_POST_DATA as it does not depend on special php.ini directives. Moreover, for those cases where $HTTP_RAW_POST_DATA is not populated by default, it is a potentially less memory intensive alternative to activating always_populate_raw_post_data. php://input is not available with enctype=“multipart/form-data” .

The line file_get_contents("php://input"); loads data in that was passed to the program thats not presented as $_GET or $_POST data but in the BODY of the request into PHP (for example)


#5

I understood everything. And good results came out.

Thank you very much!