12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- <?php
- include_once('config.php');
- $params = $_GET;
- $hmac = (isset($_GET['hmac']) ? $_GET['hmac'] : '');
- $params = array_diff_key($params, array('hmac' => ''));
- ksort($params);
- $computed_hmac = hash_hmac('sha256', http_build_query($params), SHARED_SECRET);
- if(!isset($_GET['shop']))
- {
- echo SHOP_REQUIRED;
- exit;
- }
- if(strpos($_GET['shop'],SHOPIFY_DOMAIN) == FALSE)
- {
- echo ACCESS_DENIED;
- exit;
- }
- if(isset($_GET['state']) && $_GET['state'] != NONCE)
- {
- echo ACCESS_DENIED;
- exit;
- }
- if (!hash_equals($hmac, $computed_hmac))
- {
- echo ACCESS_DENIED;
- exit;
- }
- if(isset($_GET['client_id']) && $_GET['client_id'] != API_KEY)
- {
- echo ACCESS_DENIED;
- exit;
- }
- if(isset($_GET['client_secret']) && $_GET['client_secret'] != SHARED_SECRET)
- {
- echo ACCESS_DENIED;
- exit;
- }
- if(isset($_GET['code']) && $_GET['code'] == '')
- {
- echo ACCESS_DENIED;
- exit;
- }
|