/** * To properly mimic a HuRL request * * @return void */ public function setRequestToken() { $CI =& get_instance(); $request_uri = site_url($GLOBALS['_SERVER']['REQUEST_URI']); $params = $this->request_method == 'POST' ? $_POST : $_GET; $_validator = new Services_Twilio_RequestValidator($CI->twilio_token); $this->setServer(array('HTTP_X_TWILIO_SIGNATURE' => $_validator->computeSignature($request_uri, $params))); }
/** * @param Twilio $authToken * * @return bool */ private function validateRequest($authToken) { $validator = new \Services_Twilio_RequestValidator($authToken); $url = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; $postVars = $_POST; $signature = $_SERVER["HTTP_X_TWILIO_SIGNATURE"]; return $validator->validate($signature, $url, $postVars); }
function testRequestValidation() { $token = "1c892n40nd03kdnc0112slzkl3091j20"; $validator = new Services_Twilio_RequestValidator($token); $uri = "http://www.postbin.org/1ed898x"; $params = array("CalledZip" => "94612", "AccountSid" => "AC9a9f9392lad99kla0sklakjs90j092j3", "ApiVersion" => "2010-04-01", "CallSid" => "CAd800bb12c0426a7ea4230e492fef2a4f", "CallStatus" => "ringing", "Called" => "+15306384866", "CalledCity" => "OAKLAND", "CalledCountry" => "US", "CalledState" => "CA", "Caller" => "+15306666666", "CallerCity" => "SOUTH LAKE TAHOE", "CallerCountry" => "US", "CallerName" => "CA Wireless Call", "CallerState" => "CA", "CallerZip" => "89449", "Direction" => "inbound", "From" => "+15306666666", "FromCity" => "SOUTH LAKE TAHOE", "FromCountry" => "US", "FromState" => "CA", "FromZip" => "89449", "To" => "+15306384866", "ToCity" => "OAKLAND", "ToCountry" => "US", "ToState" => "CA", "ToZip" => "94612"); $expected = "fF+xx6dTinOaCdZ0aIeNkHr/ZAA="; $this->assertEquals($validator->computeSignature($uri, $params), $expected); $this->assertTrue($validator->validate($expected, $uri, $params)); }
<?php // Your auth token from twilio.com/user/account $authToken = '12345'; // Download the twilio-php library from twilio.com/docs/php/install, include it // here require_once '/path/to/twilio-php/Services/Twilio.php'; $validator = new Services_Twilio_RequestValidator($authToken); // The Twilio request URL. You may be able to retrieve this from // $_SERVER['SCRIPT_URI'] $url = 'https://mycompany.com/myapp.php?foo=1&bar=2'; // The post variables in the Twilio request. You may be able to use // $postVars = $_POST $postVars = array('CallSid' => 'CA1234567890ABCDE', 'Caller' => '+14158675309', 'Digits' => '1234', 'From' => '+14158675309', 'To' => '+18005551212'); // The X-Twilio-Signature header - in PHP this should be // $_SERVER["HTTP_X_TWILIO_SIGNATURE"]; $signature = 'RSOYDt4T1cUTdK1PDd93/VVr8B8='; if ($validator->validate($signature, $url, $postVars)) { echo "Confirmed to have come from Twilio."; } else { echo "NOT VALID. It might have been spoofed!"; }