WordPress.org
Get WordPress

Plugin Directory

Changeset 2308563


Ignore:
Timestamp:
05/20/2020 10:00:13 AM (6 years ago)
Author:
alonezcount
Message:

breaking changes:

  • Store session on WC order instead of cookie
  • move to CURL

minor changes:

  • fix notice error on dev environment
Location:
ezcount/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • ezcount/trunk/EZcount.php

    r2306493 r2308563  
    44 * Plugin URI:
    55 * Description: invoicing, clearing and paypal integration plugin.
    6  * Version: 1.6.1
     6 * Version: 1.7.2
    77 * Author: EZcount
    88 * Author URI:
     
    250250        public function getFormUrl($order_id) {
    251251            $order = new WC_Order($order_id);
     252
    252253            $sum = number_format($order->get_total(), 2, '.', '');
    253254            //create a one time token...
    254255            // some users open the clearing twice, and we want to user the right cookie for it
    255             $SessionIdAsBase32 = base_convert(crc32(time() . rand(0, 9999999)), 10, 32);
    256256
    257257            $api_url = EZcount_helpers::getApiBase() . 'payment/prepareSafeUrl/clearingFormForWeb';
     
    260260                "payments" => $this->maxpayments_list,
    261261                "currency" => "ILS",
    262                 "successUrl" => get_site_url() . '?wc-api=WC_Gateway_EZcount&response=success&order_id=' . $order_id . '&session_id=' . $SessionIdAsBase32,
     262                "successUrl" => get_site_url() . '?wc-api=WC_Gateway_EZcount&response=success&order_id=' . $order_id,
    263263                "failedUrl" => get_site_url() . '?wc-api=WC_Gateway_EZcount&response=failed&order_id=' . $order_id,
    264264            );
     265
     266
    265267            $result = EZcount_helpers::sendJsonRequest($api_url, $data);
    266268
    267             //encrypt the transaction ID
    268             $encrptedTransactionSecret = EZcount_helpers::encrypt($result->secretTransactionId, $this->api_key);
    269             //we want the time on the cookie so we'll know if the user opened the plugin multiple times
    270             // if the user open tab1, open tab2, and done the clearing in tab1, it will cause a bug
    271             $cookieKey = 'sti_' . $order_id . '_' . $SessionIdAsBase32;
    272             //set as session cookie
    273             setcookie($cookieKey, $encrptedTransactionSecret, null /*session*/, COOKIEPATH, COOKIE_DOMAIN, null, true);
     269            //store the transaction id as the order one
     270            $order->set_transaction_id($result->secretTransactionId);
     271            $order->save();
    274272
    275273            if (!$result->url) {
     
    319317
    320318            $order_id = (int)@$_GET['order_id'];
    321             //we use it for identifing the cookie
    322             $sessionIdAsBase32 = @$_GET['session_id'];
     319
    323320            //get order by id
    324321            $order = new WC_Order($order_id);
    325322
    326             //we used to use 'sti_' . $order_id and then moved to 'sti_'.$sessionIdAsBase32.'_' . $order_id
    327             if ($sessionIdAsBase32) {
    328                 $cookieKey = 'sti_' . $order_id . '_' . $sessionIdAsBase32;
    329             } else {
    330                 $cookieKey = 'sti_' . $order_id;
    331             }
    332 
    333             $encryptedCookie = $_COOKIE[$cookieKey];
    334             if (!$encryptedCookie) {
    335                 $msg = "transaction cookie not exists, please check any configuration that can make this situation, \n
    336                         1. CORS configurations\n
    337                         2. SSL configurations\n
    338                         3. any other configuration or lib that can block a session cookie\n\n\n\n"
    339                     . json_encode([
    340                         '$order_id' => $order_id,
    341                         '$_COOKIE' => $_COOKIE,
    342                         '$_SERVER' => $_SERVER
    343                     ]);
     323            $secretTransactionId = $order->get_transaction_id();
     324            if (!$secretTransactionId) {
     325                $msg = "Order transaction Id is empty, can't validate payment";
    344326                wp_mail($this->user_email, 'transaction cookie does not exists', $msg);
    345327                echo "VALIDATION ERROR #1.5 לא הצלחנו לבצע אישור לסליקה, אבל יתכן והיא עברה, אנא צרו קשר עם בעל החנות";
     
    347329            }
    348330
    349             //get the transaction_id from the cookie
    350             $secretTransactionId = EZcount_helpers::decrypt($encryptedCookie, $zc_payment->get_option('api_key'));
    351 
    352             if (!$secretTransactionId) {
    353                 $msg = "transaction transaction_id failed, is your cookies server correctly?\n\nAlso This might happen if you have more then one of our Iframes in your code, please check your source code, and see if the Iframe appears more than once\n\n" . json_encode([
    354                         'secretTransactionId' => $secretTransactionId,
    355                         'encryptedCookie' => $encryptedCookie,
    356                         '$_SERVER' => $_SERVER
    357                     ]);
    358                 wp_mail($this->user_email, 'transaction cookie does not exists', $msg);
    359                 echo "VALIDATION ERROR #2 לא הצלחנו לבצע אישור לסליקה, אבל יתכן והיא עברה, אנא צרו קשר עם בעל החנות";
    360                 die();
    361             }
    362331
    363332            $api_url = EZcount_helpers::getApiBase() . 'payment/validate/' . $secretTransactionId;
    364333            $result = EZcount_helpers::sendJsonRequest($api_url);
     334
     335            $sum = number_format($order->get_total(), 2, '.', '');
    365336            //this is a valid request
    366             if (!$result->success) {
     337            if (!$result->success || $result->cgp_payment_total != $sum) {
    367338                $msg = "transaction validation failed, is your Cookies expiry are too short?\n\n" . json_encode([
    368339                        '$result' => $result,
     340                        '$sum' => $sum,
    369341                        'secretTransactionId' => $secretTransactionId,
    370                         'encryptedCookie' => $encryptedCookie,
    371342                        '$_SERVER' => $_SERVER
    372343                    ]);
     
    445416            $cc_type_name = $_GET['ccTypeName'];
    446417            //does not appear in  1 paymnt..
    447             $cc_num_of_payments = $_GET['numOfPayments'];
     418            $cc_num_of_payments = isset($_GET['numOfPayments']) ? $_GET['numOfPayments'] : 1;
    448419            $paymentTotal = $_GET['paymentTotal'];
    449420

  • ezcount/trunk/EZcount_helpers.php

    r2001286 r2308563  
    33class EZcount_helpers {
    44    static public $lastResponseDebugStr;
    5    
     5
    66    public static function getApiBase() {
    77        //do validation
     
    1414
    1515    public static function sendJsonRequest($url, $data = array()) {
    16         if (!(1 * ini_get('allow_url_fopen'))) {
    17             self::$lastResponseDebugStr= "Please enable `allow_url_fopen` in your php.ini";
    18             return null;
    19         }
    20 
    2116        //do validation
    2217        $zc_payment = new WC_Gateway_EZcount();
     
    2722
    2823        $content = json_encode($data);
    29         $options = array(
    30             'http' => array(
    31                 'method' => 'POST',
    32                 'ignore_errors' => true, /* some API's return 500 error on API failures */
    33                 'content' => $content,
    34                 'header' => "Content-Type: application/json\r\n" .
    35                     "Accept: application/json\r\n"
    36             ),
    37             //node agent is using this method, the certificate is not wirking on private network IP so ignore SSL errors
    38             'ssl' => array(
    39                 "verify_peer" => false,
    40                 "verify_peer_name" => false
    41             )
    42         );
    43         //execute API request
    44         $context = stream_context_create($options);
    45         $jsonStr = file_get_contents($url, false, $context);
    46         self::$lastResponseDebugStr = $jsonStr;
     24        $responseObj = $data = wp_remote_post($url, array(
     25            'headers' => array('Content-Type' => 'application/json; charset=utf-8'),
     26            'body' => $content,
     27            'method' => 'POST',
     28            'data_format' => 'body',
     29            'sslverify' => false,
     30        ));
     31
     32        $jsonStr = wp_remote_retrieve_body($responseObj);
     33        //connection problem
     34        if (is_wp_error($responseObj) || wp_remote_retrieve_response_code($responseObj) != 200) {
     35            self::$lastResponseDebugStr = "Error in opening request, please check your Firewall, and check that CURL have permission to call the url " . $url . "\n response code" . wp_remote_retrieve_response_code($responseObj);
     36        } else {
     37            self::$lastResponseDebugStr = $jsonStr;
     38        }
    4739        return json_decode($jsonStr);
    4840    }

  • ezcount/trunk/readme.txt

    r2306493 r2308563  
    44Tags        : Invoicing and clearing for Woocommerce, by EasyCount.
    55Tested up to: 4.9.8
    6 Version     : 1.6.1
     6Version     : 1.7.2
    77Stable tag: trunk
    88Requires PHP: 5.4
Note: See TracChangeset for help on using the changeset viewer.