Go to main content

Navigation menu

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » How do I…?
  3. » FoxyCart HMAC Product Verification scripts not working with TXP

Pages: 1

#1 2013-12-09 17:16:13

photonomad
Member
Registered: 2005-09-10
Posts: 290
Website

FoxyCart HMAC Product Verification scripts not working with TXP

SOLVED:

The global api_key was causing the problem. Instead of referencing the global $api_key variable, you have to define the api_key in the function. Now it works. Hopefully this will help is any other TXP users who trying using FoxyCart and run into this problem.

The fix:

<txp:php>
function get_verification($var_name, $var_value, $var_code) {
	$api_key = "my api key here";
	$encodingval = htmlspecialchars($var_code) . htmlspecialchars($var_name) . htmlspecialchars($var_value);
	return '||'.hash_hmac('sha256', $encodingval, $api_key).($var_value === "--OPEN--" ? "||open" : "");
}
</txp:php>

———————————————————

FoxyCart’s HMAC Product Verification prevents tampering with FoxyCart product links and forms based on HMAC SHA-256. They offer a PHP Helper Function to hash individual product links or forms on a page.

It works fine on my server outside of my TXP installation. However, it fails in TXP. TXP v4.5.4, PHP v5.4 Allow PHP in Pages (and Articles) is set to Yes in TXP advanced settings. No php errors are thrown by the code when debugging is on in TXP. Below I’ve included the php helper and product link code from my page template in TXP: 

<txp:php>
$api_key = "my api key here";
function get_verification($var_name, $var_value, $var_code) {
	global $api_key;
	$encodingval = htmlspecialchars($var_code) . htmlspecialchars($var_name) . htmlspecialchars($var_value);
	return '||'.hash_hmac('sha256', $encodingval, $api_key).($var_value === "--OPEN--" ? "||open" : "");
}
</txp:php>
<txp:php>
$name = Music CD';
$code = 'musiccd123';
$price = '15';
$category = 'DEFAULT';
$button_url  = 'https://mydomain.foxycart.com/cart?';
$button_url .= 'name=' . urlencode($name) . get_verification('name', $name, $code) . '&';
$button_url .= 'price=' . urlencode($price) . get_verification('price', $price, $code) . '&';
$button_url .= 'code=' . urlencode($code) . get_verification('code', $code, $code) . '&';
$button_url .= 'category=' . urlencode($category) . get_verification('category', $category, $code);
echo '<a href="'.$button_url.'">BUY NOW</a><br />';
</txp:php>

FoxyCart also offers an “automatic validation script”:github:https://github.com/FoxyCart/FoxyCart-Cart-Validation—PHP that is supposed to sign all the products on an entire page. It works fine alone on my server, but fails within Textpattern.

Any Textpattern specific thoughts or clues on how to get this type of validation to work inside TXP pages would be greatly appreciated. Thanks!

Last edited by photonomad (2013-12-09 22:27:35)

Offline

Pages: 1

  1. Index
  2. » How do I…?
  3. » FoxyCart HMAC Product Verification scripts not working with TXP

Board footer

Powered by FluxBB