#1
  1. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,189
    Rep Power
    220

    A few questions about JVZOO api


    Hey;

    This is api doc of JV zoo.

    I got a couple simple quetions about this api and my code.

    I use this script to update our database when there is a sale, refund etc etc.

    This is their original code:

    PHP Code:
    <?php 
    function jvzipnVerification() {
        
    $secretKey "MyJVZIPNSecretKey";
        
    $pop "";
        
    $ipnFields = array();
        foreach (
    $_POST AS $key => $value) {
            if (
    $key == "cverify") {
                continue;
            }
            
    $ipnFields[] = $key;
        }
        
    sort($ipnFields);
        foreach (
    $ipnFields as $field) {
            
    // if Magic Quotes are enabled $_POST[$field] will need to be
            // un-escaped before being appended to $pop
            
    $pop $pop $_POST[$field] . "|";
        }
        
    $pop $pop $secretKey;
        if (
    'UTF-8' != mb_detect_encoding($pop))
        {
            
    $pop mb_convert_encoding($pop"UTF-8");
        }
        
    $calcedVerify sha1($pop);
        
    $calcedVerify strtoupper(substr($calcedVerify,0,8));
        return 
    $calcedVerify == $_POST["cverify"];
    }
    ?>

    I am thinking of assigning variables like this
    PHP Code:
    $email $_POST['ccustemail']; 
    And I do these assignements below:

    PHP Code:
    <?php

    defined
    ('BASEPATH') OR exit('No direct script access allowed');

    class 
    Jvzoo extends CI_Controller {

        public function 
    index() 
            { 
                function 
    jvzipnVerification() {
                    
    $secretKey "1234567890";
                    
    $pop "";
                    
    $ipnFields = array();
                    foreach (
    $_POST AS $key => $value
                        {
                            if (
    $key == "cverify"
                                {
                                    continue;
                                }
                            
    $ipnFields[] = $key;

                            
    //
                            
    $email $_POST['ccustemail'];
                            
    /*ccustname
                            cproditem
                            cprodtitle
                            cprodtype
                            ctransaction
                            ctransaffiliate
                            ctransamount
                            ctranspaymentmethod
                            ctransvendor
                            ctransreceipt
                            cupsellreceipt
                            caffitid*/
                            //
                        
    }
                    
    sort($ipnFields);
                    foreach (
    $ipnFields as $field) {
                        
    // if Magic Quotes are enabled $_POST[$field] will need to be
                        // un-escaped before being appended to $pop
                        
    $pop $pop $_POST[$field] . "|";
                    }
                    
    $pop $pop $secretKey;
                    if (
    'UTF-8' != mb_detect_encoding($pop))
                    {
                        
    $pop mb_convert_encoding($pop"UTF-8");
                    }
                    
    $calcedVerify sha1($pop);
                    
    $calcedVerify strtoupper(substr($calcedVerify,0,8));
                    return 
    $calcedVerify == $_POST["cverify"];
                }
        }        
    ?>

    Question 1:
    Is it correct to assign variables in that part of the code in the loop?

    Question 2:
    How can I test this easily? I've done apis Stripe, Paypal and some others. There I can do api webhook test and see the responsise on screen on my dashboard. But with these guys can't really. I can do manual test purchase but seems a bit hard not to see responses.

    Question 3:
    Function in function? Why not do just this:
    PHP Code:
    <?php

    defined
    ('BASEPATH') OR exit('No direct script access allowed');

    class 
    Jvzoo extends CI_Controller {

        public function 
    index() 
            { 
                    
    $secretKey "1234567890";
                    
    $pop "";
                    
    $ipnFields = array();
                    foreach (
    $_POST AS $key => $value
                        {
                            if (
    $key == "cverify"
                                {
                                    continue;
                                }
                            
    $ipnFields[] = $key;

                            
    //
                            
    $email $_POST['ccustemail'];
                            
    /*ccustname
                            cproditem
                            cprodtitle
                            cprodtype
                            ctransaction
                            ctransaffiliate
                            ctransamount
                            ctranspaymentmethod
                            ctransvendor
                            ctransreceipt
                            cupsellreceipt
                            caffitid*/
                            //
                        
    }
                    
    sort($ipnFields);
                    foreach (
    $ipnFields as $field) {
                        
    // if Magic Quotes are enabled $_POST[$field] will need to be
                        // un-escaped before being appended to $pop
                        
    $pop $pop $_POST[$field] . "|";
                    }
                    
    $pop $pop $secretKey;
                    if (
    'UTF-8' != mb_detect_encoding($pop))
                    {
                        
    $pop mb_convert_encoding($pop"UTF-8");
                    }
                    
    $calcedVerify sha1($pop);
                    
    $calcedVerify strtoupper(substr($calcedVerify,0,8));
                    return 
    $calcedVerify == $_POST["cverify"];
        }        
    ?>
    Question 4:

    How can we tell the request is valid coming from JVZOO?

    Thanks
  2. #2
  3. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,079
    Rep Power
    4101
    Originally Posted by English Breakfast Tea
    I am thinking of assigning variables like this
    Why?

    Originally Posted by English Breakfast Tea
    Question 1:
    Is it correct to assign variables in that part of the code in the loop?
    Probably not. At the very least you don't want to do that inside the loop. With the code there the variables would only be available within that function, so unless you're adding more code I don't see the point.

    Originally Posted by English Breakfast Tea
    Question 2:
    How can I test this easily? I've done apis Stripe, Paypal and some others. There I can do api webhook test and see the responsise on screen on my dashboard. But with these guys can't really. I can do manual test purchase but seems a bit hard not to see responses.
    Simulate a request, either through their tools if they have them or on your own (for example with just a simple HTML form that posts to the file). If you can't see the output then log things to a file or use xdebug and a debugger to step through the code.


    Originally Posted by English Breakfast Tea
    Question 3:
    Function in function? Why not do just this:
    They don't show a function within a function. Their intent is for you to copy that function to a file somewhere and include it, then just use it.
    eg:
    PHP Code:
    <?php
    defined
    ('BASEPATH') OR exit('No direct script access allowed');
    require 
    'jvzipn.php';
    class 
    Jvzoo extends CI_Controller {
        public function 
    index(){ 
            if (
    jvzipnVerification()){
            }
        }
    }
    If you'd rather copy it over to another method on your class, you can do that instead.
    PHP Code:
    class Jvzoo extends CI_Controller {
        public function 
    index() 
        { 
              if (
    $this->jvzipnVerification()){
              }
        }

        private function 
    jvzipnVerification() { 
            
    $secretKey "1234567890"
            
    $pop ""
            
    $ipnFields = array(); 
            foreach (
    $_POST AS $key => $value)  
            { 
                if (
    $key == "cverify")  
                {
                    continue; 
                } 
                
    $ipnFields[] = $key
            } 
            
    sort($ipnFields); 
            foreach (
    $ipnFields as $field) { 
                
    // if Magic Quotes are enabled $_POST[$field] will need to be 
                // un-escaped before being appended to $pop 
                
    $pop $pop $_POST[$field] . "|"
            } 
            
    $pop $pop $secretKey
            if (
    'UTF-8' != mb_detect_encoding($pop)) 
            { 
                
    $pop mb_convert_encoding($pop"UTF-8"); 
            } 
            
    $calcedVerify sha1($pop); 
            
    $calcedVerify strtoupper(substr($calcedVerify,0,8)); 
            return 
    $calcedVerify == $_POST["cverify"]; 
        } 

    Originally Posted by English Breakfast Tea
    Question 4:
    How can we tell the request is valid coming from JVZOO?
    That's the whole point of this function. They send a $_POST['cverify'] value which is calculated using the post data and your secret. It serves to verify the request hasn't been tampered with and that it was originally sent by JVZOO.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  4. #3
  5. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,189
    Rep Power
    220
    Hey;

    I did this. But on sales doesn't seem to be called.

    Basically this part doesn't pass if($this->jvzipn_verification()) and I get the api failed email (JVZOO API CALL DIDN\'T GO THROUGH).

    Can you spot any errors?

    PHP Code:
    <?php

    defined
    ('BASEPATH') OR exit('No direct script access allowed');

    class 
    Jvzoo_api extends CI_Controller {

        public function 
    index() 
            { 
                if(
    $this->jvzipn_verification())
                    {
                        
    $this->inster_transaction_into_database();
                        
    mail('myemail@yahoo.com','Valid Request JVZOO API CALL ',$data);
                    } 
                else 
                    {
                        
    mail('myemail@yahoo.com','JVZOO API CALL DIDN\'T GO THROUGH',$data);
                        echo 
    "Invalid api request";
                    }           
            }       
        public function 
    inster_transaction_into_database()
            {
                if(
    $_POST['cprodtype']=='STANDARD')
                    {
                        
    $recurring 0;
                    }
                else 
                    {
                        
    $recurring 1;
                    } 
                
                
    $data = array(
                        
    'transaction_time'=>date('c'),
                        
    'email' => 'test@gmail.com',
                        
    'receipt' => $_POST['ctransreceipt'],
                        
    'first_name' => $_POST['ccustname'],
                        
    'jvzoo_cprodtitle' => $_POST['cprodtitle'],
                        
    'jvzoo_cproditem' => $_POST['cproditem'],
                        
    'first_name' => $_POST['ccustname'],
                        
    'recurring' => $recurring,
                        
    'transaction_time' => $_POST['ctransaction'],
                        
    'jvzoo_ctransamount' => $_POST['ctransamount'],
                        
    'jvzoo_ctranspaymentmethod' => $_POST['ctranspaymentmethod'],
                        
    'jvzoo_ctransvendor' => $_POST['ctransvendor']
                );
                
                
    mail('myemail@yahoo.com','JVZOO API CALL',$data);
                
    $this->db->insert('cb_transcations'$data);
            }    
        public function 
    jvzipn_verification() 
            {
                
    $secretKey "secretkey";
                    
    $pop ""
                    
    $ipnFields = array(); 
                    foreach (
    $_POST AS $key => $value)  
                    { 
                        if (
    $key == "cverify")  
                        {
                            continue; 
                        } 
                        
    $ipnFields[] = $key
                    } 
                    
    sort($ipnFields); 
                    foreach (
    $ipnFields as $field) { 
                        
    // if Magic Quotes are enabled $_POST[$field] will need to be 
                        // un-escaped before being appended to $pop 
                        
    $pop $pop $_POST[$field] . "|"
                    } 
                    
    $pop $pop $secretKey
                    if (
    'UTF-8' != mb_detect_encoding($pop)) 
                    { 
                        
    $pop mb_convert_encoding($pop"UTF-8"); 
                    } 
                    
    $calcedVerify sha1($pop); 
                    
    $calcedVerify strtoupper(substr($calcedVerify,0,8)); 
    mail('myemail@yahoo.com','JV ZOO REPORT',$calcedVerify);
    mail('myemail@yahoo.com','JV ZOO REPORT POST',$_POST["cverify"]);
                    return 
    $calcedVerify == $_POST["cverify"];     
            } 
        }           
    ?>

    And at if I email these, I get these:

    PHP Code:
    mail('myemail@yahoo.com','JV ZOO REPORT',$calcedVerify); 
    Emails me: 1841C348

    PHP Code:
    mail('myemail@yahoo.com','JV ZOO REPORT POST',$_POST["cverify"]); 
    Emails me: 8FD0F1CD
    Last edited by English Breakfast Tea; August 18th, 2017 at 09:21 AM.
  6. #4
  7. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,189
    Rep Power
    220
    Wtf!!!

    I took $this->inster_transaction_into_database(); out of if condition and it worked!

    Basically changed
    PHP Code:
    if($this->jvzipn_verification())
                    {
                        
    $this->inster_transaction_into_database();
                        
    mail('myemail@yahoo.com','Valid Request JVZOO API CALL ',$data);
                    } 
    to

    PHP Code:
                        $this->inster_transaction_into_database(); 
    What am I doing wrong?
  8. #5
  9. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,079
    Rep Power
    4101
    Are you sure you're using the correct secret value?

    I'd log the entire $_POST array so you can simulate the request and adjust your code until it matches.

    Code:
    mail('myemail@example.com', 'Request details', base64_encode(serialize($_POST)));
    Code:
    $_POST = base64_decode(unserialize('dataFromTheEmail'));
    You can try asking their support if you can't get it figured out.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  10. #6
  11. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,189
    Rep Power
    220
    Originally Posted by kicken
    Are you sure you're using the correct secret value?

    I'd log the entire $_POST array so you can simulate the request and adjust your code until it matches.

    Code:
    mail('myemail@example.com', 'Request details', base64_encode(serialize($_POST)));
    Code:
    $_POST = base64_decode(unserialize('dataFromTheEmail'));
    PHP Code:
    $var "SOME-LONG-STRING----7czowOiIiO3M6NzoiY2N1c3RjYyI7czowOiIiO3M6MTA6ImNjdXN0ZW1haWwiO3M6MTg6ImJlbkBvc3NtZW1iZXJzLmNvbSI7czo5OiJjY3VzdG5hbWUiO3M6MTY6InNleWVkIGIgamF6YXllcmkiO3M6MTA6ImNjdXN0c3RhdGUiO3M6MDoiIjtzOjk6ImNwcm9kaXRlbSI7czo2OiIyNzQxNzEiO3M6MTA6ImNwcm9kdGl0bGUiO3M6Mzc6IkdldCBZb3VyIEV4IEJhY2sgV2l0aCAiWEJBQ0sgTUFDSElORSIiO3M6OToiY3Byb2R0eXBlIjtzOjg6IlNUQU5EQVJEIjtzOjEyOiJjdHJhbnNhY3Rpb24iO3M6NDoiU0FMRSI7czoxNToiY3RyYW5zYWZmaWxpYXRlIjtzOjE6IjAiO3M6MTI6ImN0cmFuc2Ftb3VudCI7czo0OiIxLjAwIjtzOjE5OiJjdHJhbnNwYXltZW50bWV0aG9kIjtzOjQ6IlBZUEwiO3M6MTM6ImN0cmFuc3JlY2VpcHQiO3M6MTc6IlFWNzBVQ0FVQUJQQk5PSlJEIjtzOjEwOiJjdHJhbnN0aW1lIjtzOjEwOiIxNTAzMTM2MjcyIjtzOjEyOiJjdHJhbnN2ZW5kb3IiO3M6NjoiMzYwMzM1IjtzOjE0OiJjdXBzZWxscmVjZWlwdCI7czowOiIiO3M6OToiY3ZlbmR0aHJ1IjtzOjA6IiI7czo3OiJjdmVyaWZ5IjtzOjg6IkRCRTZCMzRFIjt9";
            
    $_POST base64_decode(unserialize($var));
            
    print_r($_POST); 
    Prints this:

    Severity: Notice

    Message: unserialize(): Error at offset 0 of 812 bytes
  12. #7
  13. A Change of Season
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,189
    Rep Power
    220
    Yo Kicken got it working. Thanks for your help.

    I was using Vendor Applications App Secret Key instead of the main account secret key.

    Thanks again man (or woman)

IMN logo majestic logo threadwatch logo seochat tools logo