 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/public_html/quickqr/includes/payments/razorpay/razorpay-php/src/ |
<?php
namespace Razorpay\Api;
class Utility
{
const SHA256 = 'sha256';
public function verifyPaymentSignature($attributes)
{
$expectedSignature = $attributes['razorpay_signature'];
$orderId = $attributes['razorpay_order_id'];
$paymentId = $attributes['razorpay_payment_id'];
$payload = $orderId . '|' . $paymentId;
return self::verifySignature($payload, $expectedSignature);
}
public function verifyWebhookSignature($payload, $expectedSignature)
{
return self::verifySignature($payload, $expectedSignature);
}
public function verifySignature($payload, $expectedSignature)
{
$actualSignature = hash_hmac(self::SHA256, $payload, Api::getSecret());
// Use lang's built-in hash_equals if exists to mitigate timing attacks
if (function_exists('hash_equals'))
{
$verified = hash_equals($actualSignature, $expectedSignature);
}
else
{
$verified = $this->hashEquals($actualSignature, $expectedSignature);
}
if ($verified === false)
{
throw new Errors\SignatureVerificationError(
'Invalid signature passed');
}
}
private function hashEquals($actualSignature, $expectedSignature)
{
if (strlen($expectedSignature) === strlen($actualSignature))
{
$res = $expectedSignature ^ $actualSignature;
$return = 0;
for ($i = strlen($res) - 1; $i >= 0; $i--)
{
$return |= ord($res[$i]);
}
return ($return === 0);
}
return false;
}
}