diff --git a/php/status-update.php b/php/status-update.php
index 4c24c3f..7e0a334 100644
--- a/php/status-update.php
+++ b/php/status-update.php
@@ -1,20 +1,30 @@
 <?php
 
-const NUM_DOORS = 4;
+include 'door-settings.php';
 
-if (!isset($_REQUEST['door_id'])) die("Please send door id");
+if (!isset($_REQUEST['door_id'])) die('Please send door id');
 
 $id = intval($_REQUEST['door_id']);
-if ($id < 1 || $id > NUM_DOORS) die("Invalid door id");
+if ($id < 1 || $id > NUM_DOORS) die('Invalid door id');
 
-if (!isset($_REQUEST['status'])) die("Please send door status");
+if (!isset($_REQUEST['status'])) die('Please send door status');
 
 $status = intval($_REQUEST['status']);
-if ($status != 0 && $status != 1) die ("Invalid status");
+if ($status != 0 && $status != 1) die ('Invalid status');
 
+$verify = mt_rand();
 
-ob_start();
-var_dump($_REQUEST);
-$request = ob_get_clean();
+$pub = file_get_contents("public$id.pub");
+if ($pub === false) die("No public key found for door $id");
 
-file_put_contents("/test", $status . "\n" . $request);
+$request_file = "request$id";
+$ip = $_SERVER['HTTP_X_REAL_IP'];
+
+$time = time();
+
+file_put_contents($request_file, "$ip\n$time\n$verify\n$status");
+
+$ret = openssl_public_encrypt("$verify", $encrypted, $pub, OPENSSL_PKCS1_OAEP_PADDING);
+
+if (!$ret) die("Encryption error: ". openssl_error_string());
+echo htmlentities(base64_encode($encrypted));

diff --git a/php/status-update.php b/php/status-update.php
index 4c24c3f..7e0a334 100644
--- a/php/status-update.php
+++ b/php/status-update.php
@@ -1,20 +1,30 @@
 <?php
 
-const NUM_DOORS = 4;
+include 'door-settings.php';
 
-if (!isset($_REQUEST['door_id'])) die("Please send door id");
+if (!isset($_REQUEST['door_id'])) die('Please send door id');
 
 $id = intval($_REQUEST['door_id']);
-if ($id < 1 || $id > NUM_DOORS) die("Invalid door id");
+if ($id < 1 || $id > NUM_DOORS) die('Invalid door id');
 
-if (!isset($_REQUEST['status'])) die("Please send door status");
+if (!isset($_REQUEST['status'])) die('Please send door status');
 
 $status = intval($_REQUEST['status']);
-if ($status != 0 && $status != 1) die ("Invalid status");
+if ($status != 0 && $status != 1) die ('Invalid status');
 
+$verify = mt_rand();
 
-ob_start();
-var_dump($_REQUEST);
-$request = ob_get_clean();
+$pub = file_get_contents("public$id.pub");
+if ($pub === false) die("No public key found for door $id");
 
-file_put_contents("/test", $status . "\n" . $request);
+$request_file = "request$id";
+$ip = $_SERVER['HTTP_X_REAL_IP'];
+
+$time = time();
+
+file_put_contents($request_file, "$ip\n$time\n$verify\n$status");
+
+$ret = openssl_public_encrypt("$verify", $encrypted, $pub, OPENSSL_PKCS1_OAEP_PADDING);
+
+if (!$ret) die("Encryption error: ". openssl_error_string());
+echo htmlentities(base64_encode($encrypted));
diff --git a/php/verify-status.php b/php/verify-status.php
new file mode 100644
index 0000000..ee83fd4
--- /dev/null
+++ b/php/verify-status.php
@@ -0,0 +1,35 @@
+<?php
+
+include 'door-settings.php';
+
+if (!isset($_REQUEST['verify'])) die("Please send the verification code");
+$verify = intval($_REQUEST['verify']);
+
+if (!isset($_REQUEST['door_id'])) die("Please send a door id");
+
+$id = intval($_REQUEST['door_id']);
+if ($id < 1 || $id > NUM_DOORS) die("Invalid door id $id");
+
+$request = file_get_contents("request$id");
+
+if ($request === false) die("Invalid request");
+
+$lines = explode("\n", $request);
+if (count($lines) < 4) die("Malformed request");
+
+//file_put_contents($request_file, "$ip\n$time\n$verify\n$status");
+$ip = $lines[0];
+$time = intval($lines[1]);
+$real_verify = intval($lines[2]);
+$status = intval($lines[3]);
+
+$time_diff = time() - $time;
+if ($time_diff < 0 || $time_diff > 10) die("Request expired");
+
+if ($ip != $_SERVER['HTTP_X_REAL_IP']) die("Not your request");
+
+if ($status != 0 && $status != 1) die("Malformed status");
+
+if ($verify != $real_verify) die("Unauthorized request");
+
+file_put_contents("door$id", "$status");