function fn_amazon_validate_request($processor_data, $request) { if (!empty($processor_data['processor_params']['aws_access_public_key'])) { $sign = fn_amazon_calculate_signature(urldecode($request['UUID']) . $request['Timestamp'], $processor_data['processor_params']['aws_secret_access_key']); if (trim($sign) != trim($request['Signature'])) { return false; } } return true; }
$item = array('CallbackOrderItemId' => $sku, 'TaxTableId' => $tax_table_id, 'ShippingMethodIds' => $items_shipping); $callback_response['Response']['CallbackOrders']['CallbackOrder']['CallbackOrderItems']['CallbackOrderItem'][] = $item; } $callback_response['CartPromotionId'] = 'cart-discount'; // Update the tax info if ($tax_calculation_type == 'default' && $tax_subtotal > 0) { $tax = array('SKU' => 'taxes', 'MerchantId' => $processor_data['processor_params']['merchant_id'], 'Title' => substr($tax_description, 0, 250), 'Price' => array('Amount' => fn_format_price($tax_subtotal), 'CurrencyCode' => $processor_data['processor_params']['currency']), 'Quantity' => 1, 'UpdateType' => 'REMOVE'); $callback_response['Response']['CallbackOrders']['CallbackOrder']['UpdatedCartItems']['UpdatedCartItem'][] = $tax; $tax = array('SKU' => 'taxes', 'MerchantId' => $processor_data['processor_params']['merchant_id'], 'Title' => __('taxes') . ': ' . substr($tax_description, 0, 240), 'Price' => array('Amount' => fn_format_price($tax_subtotal), 'CurrencyCode' => $processor_data['processor_params']['currency']), 'Quantity' => 1, 'ShippingMethodIds' => $items_shipping, 'UpdateType' => 'ADD'); $callback_response['Response']['CallbackOrders']['CallbackOrder']['UpdatedCartItems']['UpdatedCartItem'][] = $tax; } // Generate the full XML response $callback_response = '<?xml version="1.0" encoding="UTF-8"?>' . '<OrderCalculationsResponse xmlns="http://payments.amazon.com/checkout/2009-05-15/">' . fn_array_to_xml($callback_response) . '</OrderCalculationsResponse>'; $_return = 'order-calculations-response=' . urlencode($callback_response); if ($processor_data['processor_params']['aws_access_public_key']) { $sign = urlencode(fn_amazon_calculate_signature($callback_response, $processor_data['processor_params']['aws_secret_access_key'])); $aws_access_key = urlencode($processor_data['processor_params']['aws_access_public_key']); $_return .= '&Signature=' . $sign; $_return .= '&aws-access-key-id=' . $aws_access_key; } echo $_return; exit; } elseif ($message_recognizer == 'NewOrderNotification') { // Order was placed by Amazon checkout. We need to proceed the callback. list($amazon_sess_id, $payment_id) = explode(';', base64_decode((string) $xml->ProcessedOrder->ProcessedOrderItems->ProcessedOrderItem->CartCustomData->ClientRequestId)); $processor_data = fn_get_payment_method_data($payment_id); // If we use the signed cart, validate the request if (!fn_amazon_validate_request($processor_data, $_POST)) { die('Access denied'); } // Restart session
$item_options .= $opt['option_name'] . ': ' . $opt['variant_name'] . '; '; } $item_options = ' [' . trim($item_options, '; ') . ']'; } $amazon_order['Cart']['Items']['Item'][] = array('SKU' => empty($product['product_code']) ? 'pid_' . $product['product_id'] : substr(strip_tags($product['product_code']), 0, 250), 'MerchantId' => $processor_data['processor_params']['merchant_id'], 'Title' => substr(strip_tags($product['product']), 0, 250) . $item_options, 'Price' => array('Amount' => fn_format_price($product['price']), 'CurrencyCode' => $_currency), 'Quantity' => $product['amount'], 'ItemCustomData' => array('CartID' => $key)); } $amazon_order['Cart']['CartCustomData'] = array('ClientRequestId' => base64_encode(Tygh::$app['session']->getID() . ';' . $_payment_id)); // Activate the Amazon callbacks functionality $amazon_order['ReturnUrl'] = Registry::get('config.http_location') . '/' . Registry::get('config.customer_index') . '?dispatch=payment_notification.placement&payment=amazon_checkout'; $amazon_order['CancelUrl'] = fn_url('checkout.cart'); $amazon_order['OrderCalculationCallbacks'] = array('CalculateTaxRates' => 'true', 'CalculatePromotions' => 'true', 'CalculateShippingRates' => 'true', 'OrderCallbackEndpoint' => Registry::get('config.origin_http_location') . '/app/payments/amazon_checkout.php', 'ProcessOrderOnCallbackFailure' => $processor_data['processor_params']['process_on_failure'] == 'Y' ? 'true' : 'false'); $amazon_order['DisablePromotionCode'] = 'true'; $amazon_cart = '<?xml version="1.0" encoding="UTF-8"?>' . '<Order xmlns="http://payments.amazon.com/checkout/2009-05-15/">' . fn_array_to_xml($amazon_order) . '</Order>'; // Calculate cart signature if (!empty($processor_data['processor_params']['aws_access_public_key'])) { $sign = fn_amazon_calculate_signature($amazon_cart, $processor_data['processor_params']['aws_secret_access_key']); $sign = ';signature:' . $sign . ';aws-access-key-id:' . $processor_data['processor_params']['aws_access_public_key']; $order_type = 'merchant-signed-order/aws-accesskey/1'; } else { $sign = ''; $order_type = 'unsigned-order'; } $base64cart = base64_encode($amazon_cart); // The necessary Amazon scripts if ($processor_data['processor_params']['test'] == 'Y') { if ($processor_data['processor_params']['currency'] == 'USD') { $scripts = '<script type="text/javascript" src="https://static-na.payments-amazon.com/cba/js/us/sandbox/PaymentWidgets.js"></script>'; } elseif ($processor_data['processor_params']['currency'] == 'EUR') { $scripts = '<script type="text/javascript" src="https://static-eu.payments-amazon.com/cba/js/de/sandbox/PaymentWidgets.js"></script>'; } else { $scripts = '<script type="text/javascript" src="https://static-eu.payments-amazon.com/cba/js/gb/sandbox/PaymentWidgets.js"></script>';