-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalidateAffiliatesPostBack.php
More file actions
48 lines (45 loc) · 1.87 KB
/
validateAffiliatesPostBack.php
File metadata and controls
48 lines (45 loc) · 1.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
define("POSTBACK_SECRET","961c8cbcb174566f5d5297049c666d95"); // Use your postback secret (copied from your user preferences)
if((isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST')) {
$date = isset($_POST["date"]) ? $_POST["date"] : null; // Sample format: 1997-07-16T19:20+01:00
$trackId = isset($_POST["track-id"]) ? $_POST["track-id"] : null;
$trackSubId = isset($_POST["track-subid"]) ? $_POST["track-subid"] : null;
$transactionId = isset($_POST["transaction-id"]) ? $_POST["transaction-id"] : null;
$amount = isset($_POST["amount"]) ? $_POST["amount"] : null;
$currency = isset($_POST["currency"]) ? $_POST["currency"] : null;
$country = isset($_POST["country"]) ? $_POST["country"] : null;
$signature = isset($_POST["signature"]) ? $_POST["signature"] : null;
$isValidSignature = signParameters(POSTBACK_SECRET, $_POST) == $_POST["signature"];
if($isValidSignature) {
// Signature valid
echo "OK";
/**
* @todo Insert transaction in your database. Your code here.
*/
} else {
// Signature not valid, FAIL!
header("HTTP/1.0 403 Forbidden");
echo "KO - Invalid signature";
exit;
}
} else {
header("HTTP/1.0 400 Bad Request");
echo "KO - Invalid method. Only POST allowed";
}
/**
* @param $postbackSecret
* @param array $params
* @return string
*/
function signParameters($postbackSecret, array $params) {
return md5(
$postbackSecret.
@$params["date"].
@$params["track-id"].
@$params["track-subid"].
@$params["transaction-id"].
@$params["amount"].
@$params["currency"].
@$params["country"]
);
}