private function authorize($signed_request)
{
$hash = sha256Encode($signed_request[1], $this->private_key);
$hash = base64Encode($hash);
if ($hash != $signed_request[0]) {
return false;
}
$context = json_decode(base64Decode($signed_request[1]));
$context = $context->context;
$this->token = $context->client->access_token;
$this->token_type = $context->client->token_type;
$this->project_id = $context->environment->current_project;
return true;
}
function decodeAndDecrypt($strIn)
{
global $strEncryptionPassword;
if (substr($strIn, 0, 1) == "@") {
//** HEX decoding then AES decryption, CBC blocking with PKCS5 padding - DEFAULT **
//** use initialization vector (IV) set from $strEncryptionPassword
$strIV = $strEncryptionPassword;
//** remove the first char which is @ to flag this is AES encrypted
$strIn = substr($strIn, 1);
//** HEX decoding
$strIn = pack('H*', $strIn);
//** perform decryption with PHP's MCRYPT module
return removePKCS5Padding(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $strEncryptionPassword, $strIn, MCRYPT_MODE_CBC, $strIV));
} else {
//** Base 64 decoding plus XOR decryption **
return simpleXor(base64Decode($strIn), $strEncryptionPassword);
}
}
function testBase64()
{
$hasErrors = false;
$allData = '';
for ($i = 0; $i < 64; $i += 4) {
$allData .= chr($i << 2 | $i + 1 >> 4) . chr($i + 1 << 4 | $i + 2 >> 2) . chr($i + 2 << 6 | $i + 3);
}
for ($size = 1; $size <= 48; $size++) {
$allDataBase64 = base64Encode(substr($allData, 0, $size));
printf("base64Encode(allData) = %s\n", $allDataBase64);
$allDataBase64DotSlash = base64EncodeDotSlash(substr($allData, 0, $size));
printf("base64EncodeDotSlash(allData) = %s\n", $allDataBase64DotSlash);
$allDataBase64DotSlashOrdered = base64EncodeDotSlashOrdered(substr($allData, 0, $size));
printf("base64EncodeDotSlashOrdered(allData) = %s\n\n", $allDataBase64DotSlashOrdered);
$testAllData = base64Decode($allDataBase64);
printf("base64Decode(allDataBase64) ret = %u: ", $testAllData === false ? 1 : 0);
$good = true;
for ($i = 0; $i < $size; $i++) {
if ($testAllData[$i] != $allData[$i]) {
$good = false;
}
}
if ($testAllData === false || !$good) {
$hasErrors = true;
}
printf("%s\n", $good ? "good" : "bad");
$testAllData = base64DecodeDotSlash($allDataBase64DotSlash);
printf("base64DecodeDotSlash(allDataBase64DotSlash) ret = %u: ", $testAllData === false ? 1 : 0);
$good = true;
for ($i = 0; $i < $size; $i++) {
if ($testAllData[$i] != $allData[$i]) {
$good = false;
}
}
if ($testAllData === false || !$good) {
$hasErrors = true;
}
printf("%s\n", $good ? "good" : "bad");
$testAllData = base64DecodeDotSlashOrdered($allDataBase64DotSlashOrdered);
printf("base64DecodeDotSlashOrdered(allDataBase64DotSlashOrdered) ret = %u: ", $testAllData === false ? 1 : 0);
$good = true;
for ($i = 0; $i < $size; $i++) {
if ($testAllData[$i] != $allData[$i]) {
$good = false;
}
}
if ($testAllData === false || !$good) {
$hasErrors = true;
}
printf("%s\n\n\n", $good ? "good" : "bad");
}
printf("Should error:\n");
$testAllData = base64Decode($allDataBase64DotSlash);
printf("base64Decode(allDataBase64DotSlash) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad");
if ($testAllData !== false) {
$hasErrors = true;
}
$testAllData = base64DecodeDotSlash($allDataBase64);
printf("base64DecodeDotSlash(allDataBase64) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad");
if ($testAllData !== false) {
$hasErrors = true;
}
$testAllData = base64DecodeDotSlashOrdered($allDataBase64);
printf("base64DecodeDotSlashOrdered(allDataBase64) ret = %u: %s\n", $testAllData === false ? 1 : 0, $testAllData === false ? "good" : "bad");
if ($testAllData !== false) {
$hasErrors = true;
}
if ($hasErrors) {
printf("*** FAILED ***\n");
} else {
printf("*** PASSED ***\n");
}
return $hasErrors;
}
/**
* process callback
*/
function paymentProcess($order_id, $crypt)
{
//hack for changing white space to + sign
$crypt = str_replace(' ', '+', $crypt);
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
require_once 'lib/protx.functions.php';
//decode crypt
$pg_data_x = simpleXor(base64Decode($crypt), ECOMMERCE_TRANSACTION_PROTX_PASSWORD);
//explode protx data
$pg_data = getToken($pg_data_x);
/**
* PROTX:
* vpstxid [int]
* avscv2 [int]
* txauthno[int]
* vpsstatus[int]
*/
/*
$pg_data_x = explode('&', $pg_data_x);
for ($i=1; $i<count($pg_data_x); $i++) {
$param = explode('=', $pg_data_x[$i]);
$pg_data[$param[0]] = $param[1];
}
*/
//print_r($pg_data);
// check if $pg_data['VendorTxCode'] = $_GET['order_id']
$this->msgProtxStatus($pg_data['Status']);
$order_data = $Order->getOrder($order_id);
//print_r($order_data);
/**
* optional: save only orders in valid status
*/
/*
if ($order_data['status'] == 1 || $order_data['status'] == 2 || $order_data['status'] == 3 || $order_data['status'] == 4) {
msg("Ecommerce_transaction: Order in status New (paid), Dispatched, Completed, Cancelled", 'error', 2);
msg("This order (id=$order_id) was already paid before.", 'error');
}
*/
$transaction_data['order_id'] = $order_data['id'];
$transaction_data['pg_data'] = serialize($pg_data);
$transaction_data['currency_code'] = GLOBAL_DEFAULT_CURRENCY;
if (is_numeric($pg_data['Amount'])) {
$transaction_data['amount'] = $pg_data['Amount'];
} else {
$transaction_data['amount'] = 0;
}
$transaction_data['created'] = date('c');
$transaction_data['type'] = 'protx';
if ($pg_data['Status'] == 'OK') {
$transaction_data['status'] = 1;
} else {
$transaction_data['status'] = 0;
}
/**
* insert
*/
if ($id = $this->Transaction->insert($transaction_data)) {
// in payment_success must be everytime Status OK
if ($pg_data['Status'] == 'OK') {
$Order->setStatus($order_id, 1);
//send email to admin
require_once 'models/common/common_email.php';
$EmailForm = new common_email();
$_Onxshop_Request = new Onxshop_Request("component/ecommerce/order_detail~order_id={$order_data['id']}~");
$order_data['order_detail'] = $_Onxshop_Request->getContent();
//this allows use customer data and company data in the mail template
//is passed as DATA to template in common_email->_format
$GLOBALS['common_email']['transaction'] = $transaction_data;
$GLOBALS['common_email']['order'] = $order_data;
if (!$EmailForm->sendEmail('new_order_paid', 'n/a', $order_data['client']['customer']['email'], $order_data['client']['customer']['first_name'] . " " . $order_data['client']['customer']['last_name'])) {
msg('ecommerce_transaction: Cant send email.', 'error', 2);
}
if ($Order->conf['mail_to_address']) {
if (!$EmailForm->sendEmail('new_order_paid', 'n/a', $Order->conf['mail_to_address'], $Order->conf['mail_to_name'])) {
msg('ecommerce_transaction: Cant send email.', 'error', 2);
}
}
} else {
$Order->setStatus($order_id, 5);
}
return $id;
} else {
//to be sure...
if ($pg_data['Status'] == 'OK') {
msg("Payment for order {$order_id} was successfully Authorised, but I cant save the transaction TxAuthNo {$pg_data['TxAuthNo']}!", 'error');
}
msg("payment/protx: cannot insert serialized pg_data: {$transaction_data['pg_data']}", 'error');
return false;
}
}
