isTimestampValid($timestamp, $tolerance)) { return false; } return hash_equals($this->sign($payload, $secret, $timestamp), $signature); } public function verifySignatureOnly( string $payload, string $signature, string $secret, int $timestamp ): bool { return hash_equals($this->sign($payload, $secret, $timestamp), $signature); } public function isTimestampValid(int $timestamp, int $tolerance = self::DEFAULT_TOLERANCE): bool { return abs(time() - $timestamp) <= $tolerance; } }