Created
April 8, 2012 12:36
-
-
Save rraptorr/2337035 to your computer and use it in GitHub Desktop.
PHP script to check payment callback for nk.pl payment API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/php -H | |
<?php | |
function error($msg) { | |
echo "ERROR: $msg\n"; | |
exit(2); | |
} | |
$required_options = array( | |
"key", | |
"secret", | |
"url", | |
"amount", | |
"message", | |
"parameters", | |
"viewerId", | |
"appId", | |
); | |
$options = getopt("", array_map(function($opt) { return $opt . ':'; }, $required_options)); | |
foreach($required_options as $option) { | |
if(!isset($options[$option])) { | |
error("missing option: $option"); | |
} | |
} | |
require_once('OAuth.php'); | |
$key = $options['key']; | |
$secret = $options['secret']; | |
$url = $options['url']; | |
$orderId = sha1(microtime()); | |
$params = array( | |
'amount' => $options['amount'], | |
'message' => $options['message'], | |
'parameters' => $options['parameters'], | |
'paymentType' => 'payment', | |
'orderId' => $orderId, | |
'orderedTime' => time(), | |
'submittedTime' => time(), | |
'viewerId' => $options['viewerId'], | |
'appId' => $options['appId'], | |
'containerDomain' => 'nk.pl', | |
); | |
$consumer = new OAuthConsumer($key, $secret); | |
$request = OAuthRequest::from_consumer_and_token($consumer, null, 'POST', $url, $params); | |
$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null); | |
$options = array( | |
CURLOPT_URL => $url, | |
CURLOPT_RETURNTRANSFER => true, | |
CURLOPT_HEADER => false, | |
CURLINFO_HEADER_OUT => true, | |
CURLOPT_FAILONERROR => false, | |
CURLOPT_CONNECTTIMEOUT_MS => 1000, | |
CURLOPT_TIMEOUT_MS => 5000, | |
CURLOPT_POST => true, | |
CURLOPT_POSTFIELDS => $request->to_postdata(), | |
); | |
$ch = curl_init(); | |
curl_setopt_array($ch, $options); | |
$data = curl_exec($ch); | |
$content_type = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); | |
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE); | |
if (preg_match('/^application\/json($|;)/', $content_type) !== 1) { | |
error("Provider's endpoint returned unexpected content-type: " . $content_type); | |
} | |
if (!$data) { | |
error("Missing reply from provider endpoint"); | |
} | |
$response = json_decode($data, true); | |
if (false === is_array($response)) { | |
error("Provider's endpoint returned malformed JSON data"); | |
} | |
if (false === isset($response['orderId'])) { | |
error("Missing orderId in endpoint reply"); | |
} | |
if (false === isset($response['responseCode'])) { | |
error("Missing responseCode in endpoint reply"); | |
} | |
if (false === isset($response['signature'])) { | |
error("Missing HMAC SHA1 signature in endpoint reply"); | |
} | |
if ($response['orderId'] <> $orderId) { | |
error("orderId mismatch"); | |
} | |
$signed_string = $response['orderId'] . $response['responseCode'] . (isset($response['responseMessage']) ? $response['responseMessage'] : ''); | |
$expected_signature = hash_hmac('sha1', $signed_string, $secret); | |
if ($response['signature'] <> $expected_signature) { | |
error("HMAC SHA1 signature is invalid"); | |
} | |
if ($response['responseCode'] <> 'ok') { | |
error("Provider endpoint returned code: {$response['responseCode']}: " . (isset($response['responseMessage']) ? $response['responseMessage'] : 'no details')); | |
} | |
echo "OK: $orderId\n"; | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This code requires OAuth PHP library.