Vungle doesn’t have any PHP sample code. My game runs on PHP and I don’t want to use client side callback.
They have some instructions: We have a guide how to verify your callback as below:
Create the raw transaction verification string by concatenating your secret key with the transaction ID separated by a colon: transactionString = secretKey + “:” + %txid%
Hash the bytes of the transactionString twice using the SHA-256 algorithm.
Generate the transaction verification token by hex-encoding the output bytes of 2 sequential rounds of SHA-256 hashing, which will look something like this: transactionToken = 870a0d13da1f1670b5ba35f27604018aeb804d5e6ac5c48194b2358e6748e2a8
Check that the transactionToken you generated equals the one sent in the callback querystring as %digest%.
I have tried with this code. However, the security codes don’t match for me.
$user = $_REQUEST['uid']; $txid = $_REQUEST['txid']; $digest = $_REQUEST['digest']; error_log(print_r($_GET, TRUE), 0); //verify hash $test_string = "" .$MY_SECRET_KEY . ":" . $txid; // $open_udid . $udid . $odin1 . $mac_sha1 . $custom_id; //$test_result = md5($test_string); error_log(print_r("test string: " . $test_string, TRUE), 0); $result = hash('sha256', $test_string); error_log(print_r("result: " . $result, TRUE), 0); $test_result = hash('sha256', $result); error_log(print_r("test result" . $test_result, TRUE), 0); if($test_result != $digest) { echo "vc_noreward"; error_log(print_r("failed validation", TRUE), 0); die; }
Advertisement
Answer
You need also the 3rd argument for hash
:
$hash0 = $secret.":".$txid; $hash1 = hash('sha256', $hash0, true); // binary $hash2 = hash('sha256', $hash1, false); // hex if ($hash2 == $digest) OK