X_HUB_SIGNATURE
mattmackenzie opened this issue · comments
#55 It seems that webhooks have changed since this script was developed. I had to do this to get the secret working...
// Get the post from github
$rawPost = file_get_contents('php://input');
ob_start();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="robots" content="noindex">
<title>Git deploy script</title>
<style>
body { padding: 0 1em; background: #222; color: #fff; }
h2, .error { color: #c33; }
.prompt { color: #6be234; }
.command { color: #729fcf; }
.output { color: #999; }
</style>
</head>
<body>
<?php
list($algo, $hash) = explode('=', $_SERVER['HTTP_X_HUB_SIGNATURE'], 2) + array('', '');
if ($hash !== hash_hmac($algo, $rawPost, SECRET)) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden', true, 403);
die('<h2>ACCESS DENIED!</h2>');
}
?>