Vungle callback in PHP

Question

Vungle doesn't have any PHP sample code. My game runs on PHP and I don't want to use client side callback.

They have some instructions: We have a guide how to verify your callback as below:

Create the raw transaction verification string by concatenating your secret key with the transaction ID separated by a colon: transactionString = secretKey + ":" + %txid%

Hash the bytes of the transactionString twice using the SHA-256 algorithm.

Generate the transaction verification token by hex-encoding the output bytes of 2 sequential rounds of SHA-256 hashing, which will look something like this: transactionToken = 870a0d13da1f1670b5ba35f27604018aeb804d5e6ac5c48194b2358e6748e2a8

Check that the transactionToken you generated equals the one sent in the callback querystring as %digest%.

I have tried with this code. However, the security codes don't match for me.

$user = $_REQUEST['uid'];
$txid = $_REQUEST['txid'];
$digest = $_REQUEST['digest'];
error_log(print_r($_GET, TRUE), 0);
//verify hash
$test_string = "" .$MY_SECRET_KEY . ":" . $txid; 
   // $open_udid . $udid . $odin1 . $mac_sha1 . $custom_id;
//$test_result = md5($test_string);
error_log(print_r("test string: " . $test_string, TRUE), 0);

$result = hash('sha256', $test_string);
error_log(print_r("result: " . $result, TRUE), 0);
$test_result = hash('sha256', $result);

error_log(print_r("test result" . $test_result, TRUE), 0);

if($test_result != $digest) {
    echo "vc_noreward";
    error_log(print_r("failed validation", TRUE), 0);

    die;
}

Answer 1

You need also the 3rd argument for hash:

 $hash0 = $secret.":".$txid;
 $hash1 = hash('sha256', $hash0, true);   // binary
 $hash2 = hash('sha256', $hash1, false);  // hex

 if ($hash2 == $digest) OK