/** * Kontrola parametru predavanych ve zpetnem volani po potvrzeni/zruseni platby - verifikace podpisu. * * @param float $returnedPaymentSessionId - paymentSessionId vracene v redirectu * @param string $returnedEncryptedSignature - kontrolni podpis vraceny v redirectu * @param float $paymentResult - vysledek volani * @param float $paymentSessionId - identifikator platby na GoPay * @param string $secureKey - kryptovaci klic prideleny eshopu / uzivateli, urceny k podepisovani komunikace * * @throws \Exception */ public static function checkPaymentResult($returnedPaymentSessionId, $returnedEncryptedSignature, $paymentResult, $paymentSessionId, $secureKey) { if ($returnedPaymentSessionId != $paymentSessionId) { throw new \Exception("PaymentResult invalid PSID"); } $hashedSignature = GopayHelper::hash(GopayHelper::concatPaymentResult((double) $paymentSessionId, $paymentResult, $secureKey)); $decryptedHash = GopayHelper::decrypt($returnedEncryptedSignature, $secureKey); if ($decryptedHash != $hashedSignature) { throw new \Exception("PaymentResult invalid signature"); } }
/** * Kontrola parametru predavanych ve zpetnem volani po vytvoreni uzivatele - verifikace podpisu. * * @param mixed $create_result - vysledek volani createBuyer * @param float $goId - identifikace uzivatele - GoId uzivatele pridelene GoPay * @param string $buyerUsername - uzivatelske jmeno uzivatele * @param string $buyerEmail - email uzivatele * @param string $secret - kryptovaci heslo pridelene uzivateli, urcene k podepisovani komunikace * * @return true * @return false */ public static function checkCreateBuyerResult($create_result, $goId, $buyerUsername, $buyerEmail, $secret) { $valid = true; if ($create_result) { if ($create_result->buyerGoId == "") { $valid = false; // echo "PS invalid buyerGoId<br>"; } if ($create_result->buyerUsername == "") { $valid = false; // echo "PS invalid buyerUsername<br>"; } if ($create_result->result != 'CALL_COMPLETED') { $valid = false; // echo "PS invalid call state state<br>"; } if ($create_result->resultDescription != 'BUYER_CREATED') { $valid = false; // echo "PS invalid call state description<br>"; } if ($valid) { $hashedSignature = GopayHelper::hash(GopayHelper::concatBuyer((double) $goId, $buyerUsername, $buyerEmail, $secret)); $decryptedHash = GopayHelper::decrypt($create_result->encryptedSignature, $secret); if ($decryptedHash != $hashedSignature) { $valid = false; // echo "PS invalid signature <br>"; } } } else { $valid = false; // echo "No create result <br>"; } return $valid; }