Vungle doesn’t have any PHP sample code. My game runs on PHP and I don’t want to use client side callback.
They have some instructions: We have a guide how to verify your callback as below:
Create the raw transaction verification string by concatenating your secret key with the transaction ID separated by a colon: transactionString = secretKey + “:” + %txid%
Hash the bytes of the transactionString twice using the SHA-256 algorithm.
Generate the transaction verification token by hex-encoding the output bytes of 2 sequential rounds of SHA-256 hashing, which will look something like this: transactionToken = 870a0d13da1f1670b5ba35f27604018aeb804d5e6ac5c48194b2358e6748e2a8
Check that the transactionToken you generated equals the one sent in the callback querystring as %digest%.
I have tried with this code. However, the security codes don’t match for me.
$user = $_REQUEST['uid'];
$txid = $_REQUEST['txid'];
$digest = $_REQUEST['digest'];
error_log(print_r($_GET, TRUE), 0);
//verify hash
$test_string = "" .$MY_SECRET_KEY . ":" . $txid;
// $open_udid . $udid . $odin1 . $mac_sha1 . $custom_id;
//$test_result = md5($test_string);
error_log(print_r("test string: " . $test_string, TRUE), 0);
$result = hash('sha256', $test_string);
error_log(print_r("result: " . $result, TRUE), 0);
$test_result = hash('sha256', $result);
error_log(print_r("test result" . $test_result, TRUE), 0);
if($test_result != $digest) {
echo "vc_noreward";
error_log(print_r("failed validation", TRUE), 0);
die;
}
Advertisement
Answer
You need also the 3rd argument for hash:
$hash0 = $secret.":".$txid;
$hash1 = hash('sha256', $hash0, true); // binary
$hash2 = hash('sha256', $hash1, false); // hex
if ($hash2 == $digest) OK