Hacker News new | comments | show | ask | jobs | submit login

To validate that the mailgun response actually came from mailgun add this at line 17:

if($_POST['signature'] !== hash_hmac('sha256', $_POST['timestamp'] . $_POST['token'], MAILGUN_KEY)) { exit; }




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: