/** * Utility function for generating a token. * * @return string token * @access public */ protected function getSecret() { global $user; $data = array('id' => $user->id, 'firstname' => $user->firstname, 'lastname' => $user->lastname, 'email' => $user->email, 'created' => $user->created); return generateHMAC(array_keys($data), $data); }
/** * Private method for validating request data * * @param array $linkData An array of keys to check * * @return boolean True on success * @access private */ private function _validateUBRequestData($linkData) { foreach ($linkData as $details) { $keyValueArray[$details] = $_GET[$details]; } $hashKey = generateHMAC($linkData, $keyValueArray); if ($_REQUEST['hashKey'] != $hashKey) { return false; } else { // Initialize gatheredDetails with any POST values we find; this will // allow us to repopulate the hold form with user-entered values if there // is an error. However, it is important that we load the POST data // FIRST and then override it with GET values in order to ensure that // the user doesn't bypass the hashkey verification by manipulating POST // values. $this->gatheredDetails = isset($_POST['gatheredDetails']) ? $_POST['gatheredDetails'] : array(); // Make sure the bib ID is included, even if it's not loaded as part of // the validation loop below. $this->gatheredDetails['id'] = $_GET['id']; // Get Values Passed from holdings.php $i = 0; foreach ($linkData as $details) { $this->gatheredDetails[$details] = $_GET[$details]; // Build Logon URL if ($i == 0) { $this->logonURL = "?" . $details . "=" . urlencode($_GET[$details]); } else { $this->logonURL .= "&" . $details . "=" . urlencode($_GET[$details]); } $i++; } $this->logonURL .= ($i == 0 ? '?' : '&') . "hashKey=" . urlencode($hashKey); } return true; }
/** * Get UB Request Form * * Supplies holdLogic with the form details required to place a UB request * * @param array $details An array of item data * @param array $HMACKeys An array of keys to hash * * @return string A url link (with HMAC key) * @access private */ private function _getUBRequestDetails($details, $HMACKeys) { global $configArray; $siteUrl = $configArray['Site']['url']; $id = $details['id']; // Generate HMAC $HMACkey = generateHMAC($HMACKeys, $details); // Add Params foreach ($details as $key => $param) { $needle = in_array($key, $HMACKeys); if ($needle) { $queryString[] = $key . "=" . urlencode($param); } } //Add HMAC $queryString[] = "hashKey=" . $HMACkey; // Build Params $urlParams = "?" . implode("&", $queryString); $link = $siteUrl . "/Record/" . urlencode($id) . "/UBRequest" . $urlParams . "#tabnav"; return $link; }
function getRefund($refundId, $environment, $secretKey = '') { if (isset($refundId) && $refundId != '' && isset($environment) && $environment != '') { /* Set Environment Variables */ $this->setEnvironment($environment); /* Set URI */ $uri = $this->endpoint . 'refunds/' . $refundId; /* Generate HMAC */ $concatenatedParameters = $refundId . ($secretKey == '' ? $this->secretKey : $secretKey); //echo 'HMAC string: ' . $concatenatedParameters; $hmac = generateHMAC($concatenatedParameters); //echo 'HMAC: ' . $hmac; /* Add HMAC to header and do request */ $response = \Httpful\Request::get($uri)->addHeader('hmac', $hmac)->send(); // send request } else { $response = array('Parameter: RefundId and/or Environment is missing or empty.'); } $responseLog = print_r($response, TRUE); //return 'Input parameters:' . "\r\n" . json_encode($refundId) . "\r\n\n" . 'Response:' . "\r\n" . strstr($responseLog, '('); return $response; }
/** * Utility function for generating a token. * * @param object $user User object * @param string $id Record ID * * @return string token * @access public */ private function _getSecret($user, $id) { $data = array('id' => $id, 'user_id' => $user->id, 'created' => $user->created); $secret = generateHMAC(array_keys($data), $data); return $secret; }