· 8 years ago · Jan 27, 2018, 04:48 AM
1<?PHP
2global $wpdb;
3require_once('../wp-config.php');
4
5$receivedJwt = $_POST['jwt'];
6//$receivedJwt = $_GET['jwt'];
7$userid = $_POST['uid'];
8// Post the token
9
10echo $receivedJwt;
11
12
13
14//$recievedJwt = 'eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiSldUIn0=.eyJjb3VudHJ5IjogIlJvbWFuaWEiLCJuYW1lIjogIk9jdGF2aWEgQW5n//aGVsIiwiZW1haWwiOiAib2N0YXZpYWFuZ2hlbEBnbWFpbC5jb20ifQ==.gbB+B063g+kwsoc4L3B1Bu2wM+VEBElwPiLOb0fj2SE=';
15
16//$secret_key = 'Octaviasecretkey';
17
18$secret_key = '9.^C`V[M[|eq[iL$CH(in4_.GZ0; +wXL q:ypE?O+*114=~gAX|YR-wUQ4jQHL&';
19
20// Split a string by '.'
21$jwt_values = explode('.', $receivedJwt);
22
23// extracting the signature from the original JWT
24$received_signature = $jwt_values[2];
25
26// concatenating the first two arguments of the $jwt_values array, representing the header and the payload
27$receivedHeaderAndPayload = $jwt_values[0] . '.' . $jwt_values[1];
28//exit;
29// __halt_compiler();
30// creating the Base 64 encoded new signature generated by applying the HMAC method to the concatenated header and payload values
31$resultedsignature = base64_encode(hash_hmac('sha256', $receivedHeaderAndPayload, $secret_key, true));
32
33// NOT SURE WHY BUT WE NEEDED TO REMOVE THE EQUALS SIGN using RTRIM AFTER RESULTED SIGNATURE for Bottom Comparison to work???
34$resultedsignature = rtrim($resultedsignature,"=");
35
36echo $resultedsignature . "<BR><BR>" . $received_signature;
37// checking if the created signature is equal to the received signature
38if($resultedsignature == $received_signature) {
39
40 // If everything worked fine, if the signature is ok and the payload was not modified you should get a success message
41 echo "Success";
42 // echo "User ID: " . $userid;
43}else{
44 echo "Failed";
45
46}
47?>