$this::BASE_URL . $request_url, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_CUSTOMREQUEST => isset($request_method) ? $request_method : 'POST', CURLOPT_POSTFIELDS => json_encode($data, true), CURLOPT_HTTPHEADER => array( 'authorization:' . $this::SERVER_KEY, 'Content-Type:application/json' ), )); $response = json_decode(curl_exec($curl), true); curl_close($curl); return $response; } function getBaseUrl() { // output: /myproject/index.php $currentPath = $_SERVER['PHP_SELF']; // output: Array ( [dirname] => /myproject [basename] => index.php [extension] => php [filename] => index ) $pathInfo = pathinfo($currentPath); // output: localhost $hostName = $_SERVER['HTTP_HOST']; // output: http:// $protocol = strtolower(substr($_SERVER["SERVER_PROTOCOL"],0,5))=='https://'?'https://':'http://'; // output: /myproject/sub folder contains PT2/ $current_directory = substr(strrchr($pathInfo['dirname'],'/'), 1); $parent_directory = substr($pathInfo['dirname'], 0, - strlen($current_directory)); // return: http://localhost/myproject/ return $protocol.$hostName.$parent_directory; } function is_valid_redirect($post_values) { $serverKey = $this::SERVER_KEY; // Request body include a signature post Form URL encoded field // 'signature' (hexadecimal encoding for hmac of sorted post form fields) $requestSignature = $post_values["signature"]; unset($post_values["signature"]); $fields = array_filter($post_values); // Sort form fields ksort($fields); // Generate URL-encoded query string of Post fields except signature field. $query = http_build_query($fields); $signature = hash_hmac('sha256', $query, $serverKey); if (hash_equals($signature, $requestSignature) === TRUE) { // VALID Redirect return true; } else { // INVALID Redirect return false; } } }