'')); ksort($params); $computed_hmac = hash_hmac('sha256', http_build_query($params), SHARED_SECRET); if(!isset($_GET['shop'])) { echo SHOP_REQUIRED; exit; } if(strpos($_GET['shop'],SHOPIFY_DOMAIN) == FALSE) { echo ACCESS_DENIED; exit; } if(isset($_GET['state']) && $_GET['state'] != NONCE) { echo ACCESS_DENIED; exit; } if (!hash_equals($hmac, $computed_hmac)) { echo ACCESS_DENIED; exit; } if(isset($_GET['client_id']) && $_GET['client_id'] != API_KEY) { echo ACCESS_DENIED; exit; } if(isset($_GET['client_secret']) && $_GET['client_secret'] != SHARED_SECRET) { echo ACCESS_DENIED; exit; } if(isset($_GET['code']) && $_GET['code'] == '') { echo ACCESS_DENIED; exit; }