function _pugpig_subs_edition_credentials_response($product_id, $secret, $entitled = FALSE, $state, $comments = array(), $extras = array(), $error_message = '') { $writer = _pugpig_subs_start_xml_writer(); if ($entitled) { $username = sha1(uniqid(mt_rand())); // TODO: do we need a more secure random number? $password = pugpig_generate_password($product_id, $username, $secret); $writer->startElement('credentials'); $writer->writeElement('userid', $username); $writer->writeElement('password', $password); $writer->startElement('subscription'); $writer->writeAttribute('state', $state); $writer->endElement(); $writer->writeElement('productid', $product_id); foreach ($comments as $comment) { $writer->writeComment($comment); } foreach ($extras as $name => $value) { $writer->writeElement($name, $value); } $writer->endElement(); } else { $writer->startElement('credentials'); $writer->startElement('error'); $writer->writeAttribute('status', "notentitled"); if (!empty($error_message)) { $writer->writeAttribute('message', $error_message); } $writer->endElement(); $writer->startElement('subscription'); $writer->writeAttribute('state', $state); $writer->endElement(); foreach ($comments as $comment) { $writer->writeComment($comment); } foreach ($extras as $name => $value) { $writer->writeElement($name, $value); } $writer->endElement(); $writer->endElement(); } $writer->endDocument(); _pugpig_subs_end_xml_writer($writer); }
function pugpig_send_itunes_edition_credentials($appStorePassword, $subscriptionPrefix, $allowedSubscriptionArray, $binaryReceipt, $secret, $comments = array(), $proxy_server = '', $proxy_port = '') { global $iTunesErrorCodes; $itunesUrl = ''; $jsonResult = NULL; $jsonReceipt = NULL; $status = -1; $exception = ''; if ($binaryReceipt) { $base64Receipt = base64_encode($binaryReceipt); $jsonReceipt = json_encode(array('receipt-data' => $base64Receipt, 'password' => $appStorePassword)); // Always verify your receipt first with the production URL; proceed to // verify with the sandbox URL if you receive a 21007 status code. // Following this approach ensures that you do not have to switch between // URLs while your application is being tested or reviewed in the sandbox // or is live in the App Store. $itunesUrl = 'https://buy.itunes.apple.com/verifyReceipt'; $jsonResult = pugpig_validate_receipt_with_itunes($itunesUrl, $jsonReceipt, $proxy_server, $proxy_port); if ($jsonResult) { $status = $jsonResult->status; $comments[] = "BUY: Got status {$status}."; if (array_key_exists($status, $iTunesErrorCodes)) { $comments[] = "BUY: " . $iTunesErrorCodes[$status]; } if (isset($jsonResult->exception)) { $exception = $jsonResult->exception; } } else { $comments[] = "PUGPIG: Failed to connect to production iTunes. Maybe check your outbound rules."; } if ($status == 21007) { $comments[] = "PUGPIG: Trying the Sandbox validator."; $status = -1; $exception = ''; $itunesUrl = 'https://sandbox.itunes.apple.com/verifyReceipt'; $jsonResult = pugpig_validate_receipt_with_itunes($itunesUrl, $jsonReceipt, $proxy_server, $proxy_port); if ($jsonResult) { $status = $jsonResult->status; $comments[] = "SANDBOX: Got status {$status}."; if (array_key_exists($status, $iTunesErrorCodes)) { $comments[] = "SANDBOX: " . $iTunesErrorCodes[$status]; } if (isset($jsonResult->exception)) { $exception = $jsonResult->exception; } } else { $comments[] = "PUGPIG: Failed to connect to sandbox iTunes. Maybe it is down."; } } } else { $comments[] = "PUGPIG: No receipt data sent."; } $writer = new XMLWriter(); $writer->openMemory(); $writer->setIndent(true); $writer->setIndentString(' '); $writer->startDocument('1.0', 'UTF-8'); if ($status == 0) { $receiptData = $jsonResult->receipt; $productId = $receiptData->product_id; $comments[] = "PUGPIG: Receipt Product ID: {$productId}"; $purchaseDate = $receiptData->original_purchase_date; $restoreDate = $receiptData->purchase_date; $expiresDate = ''; if (property_exists($receiptData, 'expires_date')) { $expiresDate = $receiptData->expires_date; } if ($expiresDate) { $expiresDate = gmdate('Y-m-d H:i:s \\E\\t\\c/\\G\\M\\T', $expiresDate / 1000); } // If this is an allowed subscription product, use the ID in the query string // We either match the prefix, or $is_subscription_product = FALSE; if (!empty($subscriptionPrefix) && strpos($productId, $subscriptionPrefix) === 0) { $is_subscription_product = TRUE; $comments[] = "PUGPIG: Subscription found - {$productId} matches {$subscriptionPrefix}"; } if (in_array($productId, $allowedSubscriptionArray)) { $is_subscription_product = TRUE; $comments[] = "PUGPIG: Subscription found - {$productId} in supplied array"; } if ($is_subscription_product) { $productId = $_GET['productid']; } else { $comments[] = "PUGPIG: Using product ID from receipt data"; } $username = sha1(mt_rand()); // TODO: do we need a more secure random number? $password = pugpig_generate_password($productId, $username, $secret); $writer->startElement('credentials'); $writer->writeElement('userid', $username); $writer->writeElement('password', $password); $writer->writeElement('productid', $productId); $writer->writeElement('purchasedate', $purchaseDate); $writer->writeElement('restoredate', $restoreDate); $writer->writeElement('expiresdate', $expiresDate); $writer->writeElement('validationurl', $itunesUrl); $writer->endElement(); } else { $writer->startElement('error'); $writer->writeAttribute('status', $status); $writer->writeAttribute('exception', $exception); $writer->writeAttribute('validationurl', $itunesUrl); $writer->writeElement('subs_prefix', $subscriptionPrefix); $writer->writeElement('subs_list', implode(",", $allowedSubscriptionArray)); $writer->endElement(); } foreach ($comments as $comment) { $writer->writeComment(" " . $comment . " "); } $writer->endDocument(); header('Content-type: text/xml'); echo $writer->outputMemory(); exit; }
function _pugpig_subs_edition_credentials_response($product_id, $secret, $entitled = false, $state, $comments = array(), $extras = array(), $error_message = '', $token = '', $extra_headers = array()) { $comments[] = "Generated: " . date(DATE_RFC822); $comments[] = "Requested Product ID: " . $product_id; $writer = _pugpig_subs_start_xml_writer(); if ($entitled) { $username = empty($token) ? sha1(uniqid(mt_rand())) : $token; $password = pugpig_generate_password($product_id, $username, $secret); $writer->startElement('credentials'); $writer->writeElement('userid', $username); $writer->writeElement('password', $password); // Do a fairly unpleasant callback to get addtional extra headers if (function_exists('pugpig_get_extra_credential_headers')) { $external_extras = pugpig_get_extra_credential_headers($product_id, $username, $comments); if (isset($external_extras) && !empty($external_extras)) { $extra_headers = array_merge($extra_headers, $external_extras); } } foreach ($extra_headers as $key => $value) { $writer->startElement('header'); $writer->writeAttribute('name', $key); $writer->text($value); $writer->endElement(); } _pugpig_subs_write_comments($writer, $comments); foreach ($extras as $name => $value) { $writer->writeElement($name, $value); } $writer->endElement(); } else { $writer->startElement('credentials'); $writer->startElement('error'); $writer->writeAttribute('status', "notentitled"); if (!empty($error_message)) { $writer->writeAttribute('message', $error_message); } $writer->endElement(); _pugpig_subs_write_comments($writer, $comments); foreach ($extras as $name => $value) { $writer->writeElement($name, $value); } $writer->endElement(); $writer->endElement(); } $writer->endDocument(); _pugpig_subs_end_xml_writer($writer); }