Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Reference files outside web root from TXP
I am experimenting with a simple way to encrypt paypal buttons on my site. I’ve been using this tutorial/code sample.
The php code references the certificates for the encryption in these lines:
# private key file to use
$MY_KEY_FILE = "/home#/myusername/paypal/my-prvkey.pem";# public certificate file to use
$MY_CERT_FILE = "/home#/myusername/paypal/my-pubcert.pem";# Paypal's public certificate
$PAYPAL_CERT_FILE = "/home#/myusername/paypal/paypal_cert.pem";It works fine when I run it from a php file in my web root.
When I try to use the code in a page in Textpattern, it isn’t able to reference the certificate files that are stored outside of my web root.
Link to Textpattern page with errors:
http://www.staceyirvin.com/buttontest
Does this have something to do with .htaccess? Is there any way to reference those certificate files from Txp without storing them in the web root?
Thanks in advance for any help!
Offline
Re: Reference files outside web root from TXP
Without seeing the entire code you’re using, I’m guessing this is a variable scope issue. See FAQ
Or it’s the ‘#’ after ‘home’ in the file paths ;)
Offline
Re: Reference files outside web root from TXP
Based on the output it might be this old script. At minimum the three variables would have to be defined as global by adding at the beginning:
global $MY_KEY_FILE, $MY_CERT_FILE, $PAYPAL_CERT_FILE, $OPENSSL;That said, I wouldn’t personally use that; it uses non-quoted variables in an executed command line. Good way to introduce exploitable hole to the website. The code really, really should escape and encode the $form array map, or call OpenSSL (or other crypto library) in a more appropriate way.
Offline
Re: Reference files outside web root from TXP
Since the output of this PHP script doesn’t change, I’d copy the encrypted output and use that in TXP instead of generating it again and again using PHP. That’s simpler than converting the script to use the appropriate PHP functions.
Offline
Re: Reference files outside web root from TXP
Thanks, Gocom and Ruud for your input. I am new to encryption and probably should just stick to making buttons in PayPal and pasting them. However, I really want to figure out a good/safe/efficient way to get dynamically encrypted buttons for images on my site. I have tons of photographs on my site and I’d like to offer them for sale in several different size/frame/price options. Each “add to cart” button’s options will remain exactly the same from one image to the next except for the image’s name. The name of the photo is passed to the page via a URL variable (name=photo-name-here).
I don’t want to tax the site by generating all of the buttons for each image over and over again using PHP. However, I also don’t have the time or desire to create10 buttons per image and then manually copy and paste them into my txp site. I was wondering if there might be a way to cache the encrypted button results after the first page load?
Regarding the error I posted initially, here’s a little more info:
I am calling the following code in my page using
<txp:php>require_once 'txptry.php';</txp:php>
txptry.php looks like this
And this is the code in my page where the encrypted button should show up:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_self">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="encrypted" value="<txp:php>
global $encrypted;
echo $encrypted;
</txp:php>">
<input type="submit" value="Add to Cart">
</form>However, these errors happen only when txptry.php is called from within a TXP page:
ERROR: MY_KEY_FILE not found ERROR: MY_CERT_FILE not found ERROR: PAYPAL_CERT_FILE not found
Offline
Re: Reference files outside web root from TXP
Try this:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" target="_self">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="encrypted" value="<txp:php>require_once 'txptry.php';</txp:php>">
<input type="submit" value="Add to Cart">
</form>And in the included PHP file, replace $encrypted = paypal_encrypt($form); with echo paypal_encrypt($form);
This assumes that you only show one button per page.
Offline
Re: Reference files outside web root from TXP
Instead of the PHP file you have, this might also work:
- uses built-in PHP functions:
- uses the ‘name’ parameter in the URL
- caches the crypt result
[code removed, working version can be found here ]
Last edited by ruud (2015-01-22 23:28:28)
Offline
Re: Reference files outside web root from TXP
Thanks, Ruud. Unfortunately, I am still getting errors. When I call the script from a TXP page, I get these errors basically saying that it can’t find my certificate files:
ERROR: MY_KEY_FILE not found
ERROR: MY_CERT_FILE not found
ERROR: PAYPAL_CERT_FILE not found
ERROR: encryption failed
The files are located outside the web root. When I call it from a regular .php file inside my web root, the script doesn’t have those errors. This is the stumbling block that has kept me from getting the encryption to work (with TXP) thus far.
What is it about TXP that seems to be causing this issue with finding the files outside the web root?
Offline
#9 2015-01-18 23:40:43
- uli
- Moderator
- From: Cologne
- Registered: 2006-08-15
- Posts: 4,304
Re: Reference files outside web root from TXP
Although I used the yab_shop plugin, I had issues that sounded similar. Until I found this post:
midmood wrote #200936:
SOLVED ******
It was a path problem
- you have to go to Admin > diagnostic in the textpattern backend,
- then copy the path stated under “$path_to_site:” and paste it in the plugin configguration file, modified to reflect the exact path to your certificates
Attention: the default certificate in the plugin configuration is stated as “paypal_cert.pem” but the certificate i actually downloaded from Paypal was “paypal_cert_pem.txt”…. I modified its name in “paypal_cert.pem” then uploaded it to the correct directory.
Can’t promise anything but until Ruud or Jukka return it might be worth trying. Best of luck!
In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links
Offline
Re: Reference files outside web root from TXP
I checked in diagnostics and the path to site is: /home2/myusername/public_html/staceyirvin
My path to the certificates is: /home2/myusername/paypal/certificate-name.pem
So, I’m stumped. The script works when I call it from a stand-alone php file in the same site directory (staceyirvin), but TXP just doesn’t want to work with the paths as they are. Hopefully Ruud or Jukka might have an idea. Thanks anyway for your input!
Offline
Re: Reference files outside web root from TXP
Try the script I posted above. First call it directly in your browser (with ?name=something), then try including it in a TXP template. If that doesn’t work and you’re willing to give me your login, I can have a look to see why this doesn’t work.
Offline
Re: Reference files outside web root from TXP
Stacey, did you manage to get it working?
Offline