private function authorize($signed_request) { $hash = sha256Encode($signed_request[1], $this->private_key); $hash = base64Encode($hash); if ($hash != $signed_request[0]) { return false; } $context = json_decode(base64Decode($signed_request[1])); $context = $context->context; $this->token = $context->client->access_token; $this->token_type = $context->client->token_type; $this->project_id = $context->environment->current_project; return true; }
function decodeAndDecrypt($strIn) { global $strEncryptionPassword; if (substr($strIn, 0, 1) == "@") { //** HEX decoding then AES decryption, CBC blocking with PKCS5 padding - DEFAULT ** //** use initialization vector (IV) set from $strEncryptionPassword $strIV = $strEncryptionPassword; //** remove the first char which is @ to flag this is AES encrypted $strIn = substr($strIn, 1); //** HEX decoding $strIn = pack('H*', $strIn); //** perform decryption with PHP's MCRYPT module return removePKCS5Padding(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $strEncryptionPassword, $strIn, MCRYPT_MODE_CBC, $strIV)); } else { //** Base 64 decoding plus XOR decryption ** return simpleXor(base64Decode($strIn), $strEncryptionPassword); } }
function testBase64() { $hasErrors = false; $allData = ''; for ($i = 0; $i < 64; $i += 4) { $allData .= chr($i << 2 | $i + 1 >> 4) . chr($i + 1 << 4 | $i + 2 >> 2) . chr($i + 2 << 6 | $i + 3); } for ($size = 1; $size <= 48; $size++) { $allDataBase64 = base64Encode(substr($allData, 0, $size)); printf("base64Encode(allData) = %s\n", $allDataBase64); $allDataBase64DotSlash = base64EncodeDotSlash(substr($allData, 0, $size)); printf("base64EncodeDotSlash(allData) = %s\n", $allDataBase64DotSlash); $allDataBase64DotSlashOrdered = base64EncodeDotSlashOrdered(substr($allData, 0, $size)); printf("base64EncodeDotSlashOrdered(allData) = %s\n\n", $allDataBase64DotSlashOrdered); $testAllData = base64Decode($allDataBase64); printf("base64Decode(allDataBase64) ret = %u: ", $testAllData === false ? 1 : 0); $good = true; for ($i = 0; $i < $size; $i++) { if ($testAllData[$i] != $allData[$i]) { $good = false; } } if ($testAllData === false || !$good) { $hasErrors = true; } printf("%s\n", $good ? "good" : "bad"); $testAllData = base64DecodeDotSlash($allDataBase64DotSlash); printf("base64DecodeDotSlash(allDataBase64DotSlash) ret = %u: ", $testAllData === false ? 1 : 0); $good = true; for ($i = 0; $i < $size; $i++) { if ($testAllData[$i] != $allData[$i]) { $good = false; } } if ($testAllData === false || !$good) { $hasErrors = true; } printf("%s\n", $good ? "good" : "bad"); $testAllData = base64DecodeDotSlashOrdered($allDataBase64DotSlashOrdered); printf("base64DecodeDotSlashOrdered(allDataBase64DotSlashOrdered) ret = %u: ", $testAllData === false ? 1 : 0); $good = true; for ($i = 0; $i < $size; $i++) { if ($testAllData[$i] != $allData[$i]) { $good = false; } } if ($testAllData === false || !$good) { $hasErrors = true; } printf("%s\n\n\n", $good ? "good" : "bad"); } printf("Should error:\n"); $testAllData = base64Decode($allDataBase64DotSlash); printf("base64Decode(allDataBase64DotSlash) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad"); if ($testAllData !== false) { $hasErrors = true; } $testAllData = base64DecodeDotSlash($allDataBase64); printf("base64DecodeDotSlash(allDataBase64) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad"); if ($testAllData !== false) { $hasErrors = true; } $testAllData = base64DecodeDotSlashOrdered($allDataBase64); printf("base64DecodeDotSlashOrdered(allDataBase64) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad"); if ($testAllData !== false) { $hasErrors = true; } if ($hasErrors) { printf("*** FAILED ***\n"); } else { printf("*** PASSED ***\n"); } return $hasErrors; }
/** * process callback */ function paymentProcess($order_id, $crypt) { //hack for changing white space to + sign $crypt = str_replace(' ', '+', $crypt); require_once 'models/ecommerce/ecommerce_order.php'; $Order = new ecommerce_order(); require_once 'lib/protx.functions.php'; //decode crypt $pg_data_x = simpleXor(base64Decode($crypt), ECOMMERCE_TRANSACTION_PROTX_PASSWORD); //explode protx data $pg_data = getToken($pg_data_x); /** * PROTX: * vpstxid [int] * avscv2 [int] * txauthno[int] * vpsstatus[int] */ /* $pg_data_x = explode('&', $pg_data_x); for ($i=1; $i<count($pg_data_x); $i++) { $param = explode('=', $pg_data_x[$i]); $pg_data[$param[0]] = $param[1]; } */ //print_r($pg_data); // check if $pg_data['VendorTxCode'] = $_GET['order_id'] $this->msgProtxStatus($pg_data['Status']); $order_data = $Order->getOrder($order_id); //print_r($order_data); /** * optional: save only orders in valid status */ /* if ($order_data['status'] == 1 || $order_data['status'] == 2 || $order_data['status'] == 3 || $order_data['status'] == 4) { msg("Ecommerce_transaction: Order in status New (paid), Dispatched, Completed, Cancelled", 'error', 2); msg("This order (id=$order_id) was already paid before.", 'error'); } */ $transaction_data['order_id'] = $order_data['id']; $transaction_data['pg_data'] = serialize($pg_data); $transaction_data['currency_code'] = GLOBAL_DEFAULT_CURRENCY; if (is_numeric($pg_data['Amount'])) { $transaction_data['amount'] = $pg_data['Amount']; } else { $transaction_data['amount'] = 0; } $transaction_data['created'] = date('c'); $transaction_data['type'] = 'protx'; if ($pg_data['Status'] == 'OK') { $transaction_data['status'] = 1; } else { $transaction_data['status'] = 0; } /** * insert */ if ($id = $this->Transaction->insert($transaction_data)) { // in payment_success must be everytime Status OK if ($pg_data['Status'] == 'OK') { $Order->setStatus($order_id, 1); //send email to admin require_once 'models/common/common_email.php'; $EmailForm = new common_email(); $_Onxshop_Request = new Onxshop_Request("component/ecommerce/order_detail~order_id={$order_data['id']}~"); $order_data['order_detail'] = $_Onxshop_Request->getContent(); //this allows use customer data and company data in the mail template //is passed as DATA to template in common_email->_format $GLOBALS['common_email']['transaction'] = $transaction_data; $GLOBALS['common_email']['order'] = $order_data; if (!$EmailForm->sendEmail('new_order_paid', 'n/a', $order_data['client']['customer']['email'], $order_data['client']['customer']['first_name'] . " " . $order_data['client']['customer']['last_name'])) { msg('ecommerce_transaction: Cant send email.', 'error', 2); } if ($Order->conf['mail_to_address']) { if (!$EmailForm->sendEmail('new_order_paid', 'n/a', $Order->conf['mail_to_address'], $Order->conf['mail_to_name'])) { msg('ecommerce_transaction: Cant send email.', 'error', 2); } } } else { $Order->setStatus($order_id, 5); } return $id; } else { //to be sure... if ($pg_data['Status'] == 'OK') { msg("Payment for order {$order_id} was successfully Authorised, but I cant save the transaction TxAuthNo {$pg_data['TxAuthNo']}!", 'error'); } msg("payment/protx: cannot insert serialized pg_data: {$transaction_data['pg_data']}", 'error'); return false; } }