Given this workflow:
Server A
- User authenticates.
- User purchases randomly generated unique voucher code using shared secret to use an application on on server B.
Server B
- User authenticates.
- User inputs voucher code.
- Server B validates code is legitimate using shared secret
- Server B grants access to the application.
I need a way in PHP to implement the functions generateVoucherCode
and validateVoucherCode
as shown below:
Server A
$voucher = generateVoucherCode("someSharedSecret");
Server B
$isValid = validateVoucherCode($userInputtedCode, "someSharedSecret");
if($isValid) {
// allow access to application
}
Validating legitimacy through a shared secret is what HMACs are for. You can generate a HMAC in PHP through
hash_hmac
. Your workflow would be:Example voucher generation:
Example voucher verification: