infosec-au/api_capillary_ecom.php Secret

## api_capillary_ecom.php
<?php

// Author : Shubs (@infosec_au)
// Edited by Supras to make it public + clear some parts
// Requirement : php, php-curl, php-xml
// $ php api_capillary_ecom.php
// the XML response is printed out to console

// APIs URL
// See : https://capillary.github.io/ecom-api-document/
$orderURL = 'https://www.martjack.com/developerapi/Customer/MERCHANT_ID/All'; // Don't forget to edit MERCHANT_ID value

// Don't forget to edit PUBLIC_KEY, SECRET values
$auth = new ReturnAuth(array('key' => 'PUBLIC_KEY', 'secret' => 'SECRET', 'url' => $orderURL)); // Don't forget to edit PUBLIC_KEY, SECRET values
$result = $auth->getRequestToken();
echo($result);

class ReturnAuth {
    var $key = 'PUBLIC_KEY'; // Don't forget to edit PUBLIC_KEY value
    var $secret = 'SECRET'; // Don't forget to edit SECRET value
    function __construct($config) {
        $this->key = 'PUBLIC_KEY'; // Don't forget to edit PUBLIC_KEY value
        $this->secret = 'SECRET'; // Don't forget to edit SECRET value
        $this->request_token = $config['url']; // secret from MJ

    }
    function getRequestToken() {
        // Default params
        $params = array("oauth_version" => "1.0", "oauth_nonce" => time(), "oauth_timestamp" => time(), "oauth_consumer_key" => $this->key, "oauth_signature_method" => "HMAC-SHA1");
        // BUILD SIGNATURE
        // encode params keys, values, join and then sort.
        $keys = $this->_urlencode_rfc3986(array_keys($params));
        $values = $this->_urlencode_rfc3986(array_values($params));
        $params = array_combine($keys, $values);
        uksort($params, 'strcmp');
        // convert params to string
        foreach ($params as $k => $v) {
            $pairs[] = $this->_urlencode_rfc3986($k) . '=' . $this->_urlencode_rfc3986($v);
        }
        $concatenatedParams = implode('&', $pairs);
        // form base string (first key)
        $baseString = "GET&" . $this->_urlencode_rfc3986($this->request_token) . "&" . $this->_urlencode_rfc3986($concatenatedParams);
        //~ $GLOBALS['log']->fatal("Base String " . $baseString);
        // form secret (second key)
        $secret = $this->_urlencode_rfc3986($this->secret) . "&";
        // make signature and append to params
        $params['oauth_signature'] = $this->_urlencode_rfc3986(base64_encode(hash_hmac('sha1', $baseString, $secret, TRUE)));
        // BUILD URL
        // Resort
        uksort($params, 'strcmp');
        // convert params to string
        foreach ($params as $k => $v) {
            $urlPairs[] = $k . "=" . $v;
        }
        $concatenatedUrlParams = implode('&', $urlPairs);
        // form url
        $url = $this->request_token . "?" . $concatenatedUrlParams;
        // Send to cURL
        //~ $GLOBALS['log']->fatal("print url to log");
        //~ $GLOBALS['log']->fatal($url);
        return $this->_http($url);
    }
    function _http($url, $post_data = null) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 100);
        curl_setopt($ch, CURLOPT_TIMEOUT, 100);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        if (isset($post_data)) {
            curl_setopt($ch, CURLOPT_POST, 1);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
        }
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/Json', 'Connection: Keep-Alive', 'apiversion: 3'));
        $response = curl_exec($ch);
        //~ $GLOBALS['log']->fatal($response);
        //~ $GLOBALS['log']->fatal(print_r($response,true));
        $this->http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        $this->last_api_call = $url;
        curl_close($ch);
        echo($response);
        $xml = simplexml_load_string($response);
        $json = json_encode($xml);
        $array = json_decode($json, TRUE);
        return $array;
    }
    function _urlencode_rfc3986($input) {
        if (is_array($input)) {
            return array_map(array('ReturnAuth', '_urlencode_rfc3986'), $input);
        } else if (is_scalar($input)) {
            return str_replace('+', ' ', str_replace('%7E', '~', rawurlencode($input)));
        } else {
            return '';
        }
    }
}
	<?php

	// Author : Shubs (@infosec_au)
	// Edited by Supras to make it public + clear some parts
	// Requirement : php, php-curl, php-xml
	// $ php api_capillary_ecom.php
	// the XML response is printed out to console

	// APIs URL
	// See : https://capillary.github.io/ecom-api-document/
	$orderURL = 'https://www.martjack.com/developerapi/Customer/MERCHANT_ID/All'; // Don't forget to edit MERCHANT_ID value

	// Don't forget to edit PUBLIC_KEY, SECRET values
	$auth = new ReturnAuth(array('key' => 'PUBLIC_KEY', 'secret' => 'SECRET', 'url' => $orderURL)); // Don't forget to edit PUBLIC_KEY, SECRET values
	$result = $auth->getRequestToken();
	echo($result);

	class ReturnAuth {
	var $key = 'PUBLIC_KEY'; // Don't forget to edit PUBLIC_KEY value
	var $secret = 'SECRET'; // Don't forget to edit SECRET value
	function __construct($config) {
	$this->key = 'PUBLIC_KEY'; // Don't forget to edit PUBLIC_KEY value
	$this->secret = 'SECRET'; // Don't forget to edit SECRET value
	$this->request_token = $config['url']; // secret from MJ

	}
	function getRequestToken() {
	// Default params
	$params = array("oauth_version" => "1.0", "oauth_nonce" => time(), "oauth_timestamp" => time(), "oauth_consumer_key" => $this->key, "oauth_signature_method" => "HMAC-SHA1");
	// BUILD SIGNATURE
	// encode params keys, values, join and then sort.
	$keys = $this->_urlencode_rfc3986(array_keys($params));
	$values = $this->_urlencode_rfc3986(array_values($params));
	$params = array_combine($keys, $values);
	uksort($params, 'strcmp');
	// convert params to string
	foreach ($params as $k => $v) {
	$pairs[] = $this->_urlencode_rfc3986($k) . '=' . $this->_urlencode_rfc3986($v);
	}
	$concatenatedParams = implode('&', $pairs);
	// form base string (first key)
	$baseString = "GET&" . $this->_urlencode_rfc3986($this->request_token) . "&" . $this->_urlencode_rfc3986($concatenatedParams);
	//~ $GLOBALS['log']->fatal("Base String " . $baseString);
	// form secret (second key)
	$secret = $this->_urlencode_rfc3986($this->secret) . "&";
	// make signature and append to params
	$params['oauth_signature'] = $this->_urlencode_rfc3986(base64_encode(hash_hmac('sha1', $baseString, $secret, TRUE)));
	// BUILD URL
	// Resort
	uksort($params, 'strcmp');
	// convert params to string
	foreach ($params as $k => $v) {
	$urlPairs[] = $k . "=" . $v;
	}
	$concatenatedUrlParams = implode('&', $urlPairs);
	// form url
	$url = $this->request_token . "?" . $concatenatedUrlParams;
	// Send to cURL
	//~ $GLOBALS['log']->fatal("print url to log");
	//~ $GLOBALS['log']->fatal($url);
	return $this->_http($url);
	}
	function _http($url, $post_data = null) {
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 100);
	curl_setopt($ch, CURLOPT_TIMEOUT, 100);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
	if (isset($post_data)) {
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
	}
	curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/Json', 'Connection: Keep-Alive', 'apiversion: 3'));
	$response = curl_exec($ch);
	//~ $GLOBALS['log']->fatal($response);
	//~ $GLOBALS['log']->fatal(print_r($response,true));
	$this->http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
	$this->last_api_call = $url;
	curl_close($ch);
	echo($response);
	$xml = simplexml_load_string($response);
	$json = json_encode($xml);
	$array = json_decode($json, TRUE);
	return $array;
	}
	function _urlencode_rfc3986($input) {
	if (is_array($input)) {
	return array_map(array('ReturnAuth', '_urlencode_rfc3986'), $input);
	} else if (is_scalar($input)) {
	return str_replace('+', ' ', str_replace('%7E', '~', rawurlencode($input)));
	} else {
	return '';
	}
	}
	}