bonnie/postPurchaseWidgetSecurity.php

## postPurchaseWidgetSecurity.php
<?php

  // arguments considered for security in the post-purchase widget
  define(PPW_SECURITY_ARGS, serialize(array('wid', 'email', 'value', 'event_id', 'event_type', 'products', 'channel', 'sub_channel', 'sub_channel_detail', 'external_customer_id','name','first_name','last_name','address_line_1','address_line_2','city','state','postal_code','country','home_phone','work_phone','mobile_phone','birthdate','home_store')));
	define(SECRET_KEY, <<your secret key>>);
	define(WID, <<your widget id>>);


  function array_to_sorted_string($a) {
    ksort($a);
    $string = '';
    foreach ($a as $key => $val) {
      if (is_array($val)) {
        $string .= $key . array_to_sorted_string($val);
      } else {
        $string .= $key . $val;
      }
    }
    return $string;
  }

  function calculate_sig($arg_list) {

	  $params = array();
	  foreach ($arg_list as $key => $value) {
	    if (in_array ($key, unserialize(PPW_SECURITY_ARGS))) {
		    // for php, non-associative array is treated like associative array with
		    // integer keys, so no translation is necessary
		    $params[$key] = $value;
	    }
	  }

    // add the widget id
    $params['wid'] = WID;

    $string_to_hash = SECRET_KEY . array_to_sorted_string($params);
    return md5($string_to_hash);
	}

	echo('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">');
	echo('<html>');
	echo('  <head>');
	echo('    <title>Post-Purchase Widget test page</title>');
	echo('<script type=\'text/javascript\'>');
	echo('  document.write(unescape("%3Cscript%20src=\'"+((\'https:\' == document.location.protocol ? \'https://\' : \'http://\')')
	echo(' + \'d3aa0ztdn3oibi.cloudfront.net/javascripts/ff.loyalty.widget.stage.js\')');
	echo('+"\'%20type=\'text/javascript\'%3E%3C/script%3E"));');
	echo('</script>');
	echo('  </head>');
	echo('  <body>');

	$ppw_args = array();
	$ppw_args['email'] = <<customer email>>;
	$ppw_args['event_id'] = <<unique event_id>>;
	$ppw_args['value'] = <<purchase value>>;
	$ppw_args['referral_tracking'] = 'true';
	$ppw_args['products'] = array();

  // example values filled in for product array items
	array_push($ppw_args['products'], array('name' => 'item1', 'product_id' => '12345', 'price' => '25', 'categories' => 'cleansers'));
	array_push($ppw_args['products'], array('name' => 'item2', 'product_id' => '54321', 'price' => '75', 'categories' => 'toners'));

	// get security sig;
	$sig = calculate_sig($ppw_args);
	$ppw_args['sig'] = $sig;

	// translate the arguments into JavaScript form using json_encode
	$argstring = json_encode($ppw_args);

	echo('<script type="text/javascript">');
	echo('_ffLoyalty.displayPostPurchaseWidget("' . WID . '", ' . $argstring . ');');
	echo('</script>');
	echo('  </body>');
	echo('  </html>');

?>
	<?php

	// arguments considered for security in the post-purchase widget
	define(PPW_SECURITY_ARGS, serialize(array('wid', 'email', 'value', 'event_id', 'event_type', 'products', 'channel', 'sub_channel', 'sub_channel_detail', 'external_customer_id','name','first_name','last_name','address_line_1','address_line_2','city','state','postal_code','country','home_phone','work_phone','mobile_phone','birthdate','home_store')));
	define(SECRET_KEY, <<your secret key>>);
	define(WID, <<your widget id>>);


	function array_to_sorted_string($a) {
	ksort($a);
	$string = '';
	foreach ($a as $key => $val) {
	if (is_array($val)) {
	$string .= $key . array_to_sorted_string($val);
	} else {
	$string .= $key . $val;
	}
	}
	return $string;
	}

	function calculate_sig($arg_list) {

	$params = array();
	foreach ($arg_list as $key => $value) {
	if (in_array ($key, unserialize(PPW_SECURITY_ARGS))) {
	// for php, non-associative array is treated like associative array with
	// integer keys, so no translation is necessary
	$params[$key] = $value;
	}
	}

	// add the widget id
	$params['wid'] = WID;

	$string_to_hash = SECRET_KEY . array_to_sorted_string($params);
	return md5($string_to_hash);
	}

	echo('<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">');
	echo('<html>');
	echo(' <head>');
	echo(' <title>Post-Purchase Widget test page</title>');
	echo('<script type=\'text/javascript\'>');
	echo(' document.write(unescape("%3Cscript%20src=\'"+((\'https:\' == document.location.protocol ? \'https://\' : \'http://\')')
	echo(' + \'d3aa0ztdn3oibi.cloudfront.net/javascripts/ff.loyalty.widget.stage.js\')');
	echo('+"\'%20type=\'text/javascript\'%3E%3C/script%3E"));');
	echo('</script>');
	echo(' </head>');
	echo(' <body>');

	$ppw_args = array();
	$ppw_args['email'] = <<customer email>>;
	$ppw_args['event_id'] = <<unique event_id>>;
	$ppw_args['value'] = <<purchase value>>;
	$ppw_args['referral_tracking'] = 'true';
	$ppw_args['products'] = array();

	// example values filled in for product array items
	array_push($ppw_args['products'], array('name' => 'item1', 'product_id' => '12345', 'price' => '25', 'categories' => 'cleansers'));
	array_push($ppw_args['products'], array('name' => 'item2', 'product_id' => '54321', 'price' => '75', 'categories' => 'toners'));

	// get security sig;
	$sig = calculate_sig($ppw_args);
	$ppw_args['sig'] = $sig;

	// translate the arguments into JavaScript form using json_encode
	$argstring = json_encode($ppw_args);

	echo('<script type="text/javascript">');
	echo('_ffLoyalty.displayPostPurchaseWidget("' . WID . '", ' . $argstring . ');');
	echo('</script>');
	echo(' </body>');
	echo(' </html>');

	?>