-
-
Save menny/1985010 to your computer and use it in GitHub Desktop.
function verify_app_store_in_app($receipt, $is_sandbox) | |
{ | |
//$sandbox should be TRUE if you want to test against itunes sandbox servers | |
if ($is_sandbox) | |
$verify_host = "ssl://sandbox.itunes.apple.com"; | |
else | |
$verify_host = "ssl://buy.itunes.apple.com"; | |
$json='{"receipt-data" : "'.$receipt.'" }'; | |
//opening socket to itunes | |
$fp = fsockopen ($verify_host, 443, $errno, $errstr, 30); | |
if (!$fp) | |
{ | |
// HTTP ERROR | |
return false; | |
} | |
else | |
{ | |
//iTune's request url is /verifyReceipt | |
$header = "POST /verifyReceipt HTTP/1.0\r\n"; | |
$header .= "Content-Type: application/x-www-form-urlencoded\r\n"; | |
$header .= "Content-Length: " . strlen($json) . "\r\n\r\n"; | |
fputs ($fp, $header . $json); | |
$res = ''; | |
while (!feof($fp)) | |
{ | |
$step_res = fgets ($fp, 1024); | |
$res = $res . $step_res; | |
} | |
fclose ($fp); | |
//taking the JSON response | |
$json_source = substr($res, stripos($res, "\r\n\r\n{") + 4); | |
//decoding | |
$app_store_response_map = json_decode($json_source); | |
$app_store_response_status = $app_store_response_map->{'status'}; | |
if ($app_store_response_status == 0)//eithr OK or expired and needs to synch | |
{ | |
//here are some fields from the json, btw. | |
$json_receipt = $app_store_response_map->{'receipt'}; | |
$transaction_id = $json_receipt->{'transaction_id'}; | |
$original_transaction_id = $json_receipt->{'original_transaction_id'}; | |
$json_latest_receipt = $app_store_response_map->{'latest_receipt_info'}; | |
return true; | |
} | |
else | |
{ | |
return false; | |
} | |
} | |
} |
function verify_market_in_app($signed_data, $signature, $public_key_base64) | |
{ | |
$key = "-----BEGIN PUBLIC KEY-----\n". | |
chunk_split($public_key_base64, 64,"\n"). | |
'-----END PUBLIC KEY-----'; | |
//using PHP to create an RSA key | |
$key = openssl_get_publickey($key); | |
//$signature should be in binary format, but it comes as BASE64. | |
//So, I'll convert it. | |
$signature = base64_decode($signature); | |
//using PHP's native support to verify the signature | |
$result = openssl_verify( | |
$signed_data, | |
$signature, | |
$key, | |
OPENSSL_ALGO_SHA1); | |
if (0 === $result) | |
{ | |
return false; | |
} | |
else if (1 !== $result) | |
{ | |
return false; | |
} | |
else | |
{ | |
return true; | |
} | |
} |
For Google, what exactly is in $signed_data please ? Exemple ?
please help, what does "$signed_data" mean? Please explain, it would be better if you share a working copy of code with all param values.
$signed_data = originalJson
Thank you for the job! This is very likely to be a stupid question, but: what is the script supposed to echo to the app?
Sorry for this basic and might be stupid question , but what is $signature here ? Can anyone give the all 3 paramters dummy value so i can test directly ... ( verify_market_in_app.php
)
I tried android code. but this is not working... can any body help?
@amiruldinqureshi It is original json or receipt you obtain from object "purchase" in android app by purchase.getOriginalJson();
I implemented this code, however, the response is always false. Are there any new changes to the receipt or signature fields from expected values?
please help, what does "$signature" mean? Please explain, it would be better if you share a working copy of code with all param values.
signature is the attached signature of the order.. really long base64 string.. and signed_data is the orders 'receipt' field JSON looks like:
{"orderId":"GPA.3340-1993-0359-####","packageName":"com.###.###","productId":"## ....... }
Hi.
I'm not good at php language. Is it possible to give me a full sample, and a short description about how to get sent parameters in server side?
Thanks.