static function Parse_signed_request($user_ID)
{
$signed_request = $_REQUEST['signed_request'];
$secret = get_user_meta($user_ID, c_al2fb_meta_app_secret, true);
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// Decode the data
$sig = WPAL2Int::base64_url_decode($encoded_sig);
$data = json_decode(WPAL2Int::base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
return null;
}
// Check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
return null;
}
return $data;
}
