function _pugpig_subs_edition_credentials_response($product_id, $secret, $entitled = FALSE, $state, $comments = array(), $extras = array(), $error_message = '')
{
$writer = _pugpig_subs_start_xml_writer();
if ($entitled) {
$username = sha1(uniqid(mt_rand()));
// TODO: do we need a more secure random number?
$password = pugpig_generate_password($product_id, $username, $secret);
$writer->startElement('credentials');
$writer->writeElement('userid', $username);
$writer->writeElement('password', $password);
$writer->startElement('subscription');
$writer->writeAttribute('state', $state);
$writer->endElement();
$writer->writeElement('productid', $product_id);
foreach ($comments as $comment) {
$writer->writeComment($comment);
}
foreach ($extras as $name => $value) {
$writer->writeElement($name, $value);
}
$writer->endElement();
} else {
$writer->startElement('credentials');
$writer->startElement('error');
$writer->writeAttribute('status', "notentitled");
if (!empty($error_message)) {
$writer->writeAttribute('message', $error_message);
}
$writer->endElement();
$writer->startElement('subscription');
$writer->writeAttribute('state', $state);
$writer->endElement();
foreach ($comments as $comment) {
$writer->writeComment($comment);
}
foreach ($extras as $name => $value) {
$writer->writeElement($name, $value);
}
$writer->endElement();
$writer->endElement();
}
$writer->endDocument();
_pugpig_subs_end_xml_writer($writer);
}
function pugpig_send_itunes_edition_credentials($appStorePassword, $subscriptionPrefix, $allowedSubscriptionArray, $binaryReceipt, $secret, $comments = array(), $proxy_server = '', $proxy_port = '')
{
global $iTunesErrorCodes;
$itunesUrl = '';
$jsonResult = NULL;
$jsonReceipt = NULL;
$status = -1;
$exception = '';
if ($binaryReceipt) {
$base64Receipt = base64_encode($binaryReceipt);
$jsonReceipt = json_encode(array('receipt-data' => $base64Receipt, 'password' => $appStorePassword));
// Always verify your receipt first with the production URL; proceed to
// verify with the sandbox URL if you receive a 21007 status code.
// Following this approach ensures that you do not have to switch between
// URLs while your application is being tested or reviewed in the sandbox
// or is live in the App Store.
$itunesUrl = 'https://buy.itunes.apple.com/verifyReceipt';
$jsonResult = pugpig_validate_receipt_with_itunes($itunesUrl, $jsonReceipt, $proxy_server, $proxy_port);
if ($jsonResult) {
$status = $jsonResult->status;
$comments[] = "BUY: Got status {$status}.";
if (array_key_exists($status, $iTunesErrorCodes)) {
$comments[] = "BUY: " . $iTunesErrorCodes[$status];
}
if (isset($jsonResult->exception)) {
$exception = $jsonResult->exception;
}
} else {
$comments[] = "PUGPIG: Failed to connect to production iTunes. Maybe check your outbound rules.";
}
if ($status == 21007) {
$comments[] = "PUGPIG: Trying the Sandbox validator.";
$status = -1;
$exception = '';
$itunesUrl = 'https://sandbox.itunes.apple.com/verifyReceipt';
$jsonResult = pugpig_validate_receipt_with_itunes($itunesUrl, $jsonReceipt, $proxy_server, $proxy_port);
if ($jsonResult) {
$status = $jsonResult->status;
$comments[] = "SANDBOX: Got status {$status}.";
if (array_key_exists($status, $iTunesErrorCodes)) {
$comments[] = "SANDBOX: " . $iTunesErrorCodes[$status];
}
if (isset($jsonResult->exception)) {
$exception = $jsonResult->exception;
}
} else {
$comments[] = "PUGPIG: Failed to connect to sandbox iTunes. Maybe it is down.";
}
}
} else {
$comments[] = "PUGPIG: No receipt data sent.";
}
$writer = new XMLWriter();
$writer->openMemory();
$writer->setIndent(true);
$writer->setIndentString(' ');
$writer->startDocument('1.0', 'UTF-8');
if ($status == 0) {
$receiptData = $jsonResult->receipt;
$productId = $receiptData->product_id;
$comments[] = "PUGPIG: Receipt Product ID: {$productId}";
$purchaseDate = $receiptData->original_purchase_date;
$restoreDate = $receiptData->purchase_date;
$expiresDate = '';
if (property_exists($receiptData, 'expires_date')) {
$expiresDate = $receiptData->expires_date;
}
if ($expiresDate) {
$expiresDate = gmdate('Y-m-d H:i:s \\E\\t\\c/\\G\\M\\T', $expiresDate / 1000);
}
// If this is an allowed subscription product, use the ID in the query string
// We either match the prefix, or
$is_subscription_product = FALSE;
if (!empty($subscriptionPrefix) && strpos($productId, $subscriptionPrefix) === 0) {
$is_subscription_product = TRUE;
$comments[] = "PUGPIG: Subscription found - {$productId} matches {$subscriptionPrefix}";
}
if (in_array($productId, $allowedSubscriptionArray)) {
$is_subscription_product = TRUE;
$comments[] = "PUGPIG: Subscription found - {$productId} in supplied array";
}
if ($is_subscription_product) {
$productId = $_GET['productid'];
} else {
$comments[] = "PUGPIG: Using product ID from receipt data";
}
$username = sha1(mt_rand());
// TODO: do we need a more secure random number?
$password = pugpig_generate_password($productId, $username, $secret);
$writer->startElement('credentials');
$writer->writeElement('userid', $username);
$writer->writeElement('password', $password);
$writer->writeElement('productid', $productId);
$writer->writeElement('purchasedate', $purchaseDate);
$writer->writeElement('restoredate', $restoreDate);
$writer->writeElement('expiresdate', $expiresDate);
$writer->writeElement('validationurl', $itunesUrl);
$writer->endElement();
} else {
$writer->startElement('error');
$writer->writeAttribute('status', $status);
$writer->writeAttribute('exception', $exception);
$writer->writeAttribute('validationurl', $itunesUrl);
$writer->writeElement('subs_prefix', $subscriptionPrefix);
$writer->writeElement('subs_list', implode(",", $allowedSubscriptionArray));
$writer->endElement();
}
foreach ($comments as $comment) {
$writer->writeComment(" " . $comment . " ");
}
$writer->endDocument();
header('Content-type: text/xml');
echo $writer->outputMemory();
exit;
}
function _pugpig_subs_edition_credentials_response($product_id, $secret, $entitled = false, $state, $comments = array(), $extras = array(), $error_message = '', $token = '', $extra_headers = array())
{
$comments[] = "Generated: " . date(DATE_RFC822);
$comments[] = "Requested Product ID: " . $product_id;
$writer = _pugpig_subs_start_xml_writer();
if ($entitled) {
$username = empty($token) ? sha1(uniqid(mt_rand())) : $token;
$password = pugpig_generate_password($product_id, $username, $secret);
$writer->startElement('credentials');
$writer->writeElement('userid', $username);
$writer->writeElement('password', $password);
// Do a fairly unpleasant callback to get addtional extra headers
if (function_exists('pugpig_get_extra_credential_headers')) {
$external_extras = pugpig_get_extra_credential_headers($product_id, $username, $comments);
if (isset($external_extras) && !empty($external_extras)) {
$extra_headers = array_merge($extra_headers, $external_extras);
}
}
foreach ($extra_headers as $key => $value) {
$writer->startElement('header');
$writer->writeAttribute('name', $key);
$writer->text($value);
$writer->endElement();
}
_pugpig_subs_write_comments($writer, $comments);
foreach ($extras as $name => $value) {
$writer->writeElement($name, $value);
}
$writer->endElement();
} else {
$writer->startElement('credentials');
$writer->startElement('error');
$writer->writeAttribute('status', "notentitled");
if (!empty($error_message)) {
$writer->writeAttribute('message', $error_message);
}
$writer->endElement();
_pugpig_subs_write_comments($writer, $comments);
foreach ($extras as $name => $value) {
$writer->writeElement($name, $value);
}
$writer->endElement();
$writer->endElement();
}
$writer->endDocument();
_pugpig_subs_end_xml_writer($writer);
}
