Documentation You are here: start » integration » modx » hmac_price_validation

Table of Contents

type:
integration
supports-foxycart-version-from:
0.7.0
system:
MODx Revolution, MODx Evolution
name:
HMAC Price Validation
description:
A plugin to automatically verify all links and forms output using MODX Revo and Evo
tag:
hmac
date:
2011-06-28

Please note: The code on this page is submitted by members of the FoxyCart community, and may not verified by FoxyCart.com LLC in any way, shape, or form. Please double check the code before installing. If you need help with it please post in our forum, but if we cannot offer assistance (due to unfamiliarity with this particular system or language) we apologize in advance.

Depending on which version of MODx you're working with - please review the different sections below, with approaches for MODx Revo and Evolution.

Automatic HMAC Price Validation for MODX Revo + FoxyCart

Description

Automatically validates all links and forms on pages generated by MODX Revolution, according to FoxyCart's HMAC Price Validation functionality.

This plugin is easy to install, and should “just work”, so it is recommended for all MODX Revo installs.

Thanks to pixelchutes on our forums for this solution.

Installation

  1. Create a directory in your assets/plugins directory called foxycart_validation (creating the plugins/ folder if it doesn't already exist).
  2. Download the source foxycart.cart_validation.php file here and put it into the newly created assets/plugins/foxycart_validation/ directory.
  3. Edit that file and enter the appropriate $secret and $cart_url values. (The $secret value is your store's API / datafeed key.)
  4. Within MODx, under “Elements” create a plugin named “FoxyCart Validation”.
  5. Paste in the code below into the “Plugin Code” textarea.
  6. In the “System Events” tab, check the OnWebPagePrerender checkbox.
  7. Save the plugin.
  8. Go to your FoxyCart admin and enable the price validation under your “advanced” section. Save.
  9. Test.
  10. Test some more.

After creating the plugin - any add to cart link or forms on your website should be automatically signed for you.

Requirements

  • All add to carts need to have a code attribute, and it should not have leading or trailing whitespace.
  • Cannot use double-pipes in an input's name.
  • Empty textareas are assumed to be “open”.

Code

<?php
/**
 * FoxyCart Validation Plugin for MODx 2.x (Revolution)
 */
 
$e = &$modx->event;
switch ($e->name) {
  case 'OnWebPagePrerender':
    include $modx->config["base_path"].'assets/plugins/foxycart_validation/foxycart.cart_validation.php';
    $modx->resource->_output = FoxyCart_Helper::fc_hash_html($modx->resource->_output);
  break;
}
 
return;

Automatic HMAC Price Validation for MODX Evolution + FoxyCart

Description

Automatically validates all links and forms on pages generated by MODX Evolution, according to FoxyCart's HMAC Price Validation functionality.

This plugin is easy to install, and should “just work”, so it is recommended for all MODX Evolution installs.

Installation

  1. Create a directory in your assets/plugins/ directory called foxycart_validation.
  2. Download the source file here and put it into the newly created assets/plugins/foxycart_validation/ directory.
  3. Edit that file and enter the appropriate $secret and $cart_url values. (The $secret value is your store's API / datafeed key.)
  4. Create a plugin named “FoxyCart Validation”.
  5. In the “System Events” tab, check the OnWebPagePrerender checkbox.
  6. Paste in the code below and save.
  7. Go to your FoxyCart admin and enable the price validation under your “advanced” section. Save.
  8. Test.
  9. Test some more.

Requirements

  • Form “code” values should not have leading or trailing whitespace.
  • Cannot use double-pipes in an input's name.
  • Empty textareas are assumed to be “open”.

Code

/**
 * FoxyCart Validation Plugin for MODx 1.x (Evolution)
 *
 * @author FoxyCart.com
 * @copyright FoxyCart.com LLC, 2010
 * @version 0.7.0.20100730
 * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
 * @example  http://wiki.foxycart.com/docs/cart/validation
 *
 * Requirements:
 *   - Form "code" values should not have leading or trailing whitespace.
 *   - Cannot use double-pipes in an input's name
 *   - Empty textareas are assumed to be "open"
 */
 
$e = &$modx->Event;
 
switch ($e->name) {
	case "OnWebPagePrerender":
		$validate = $modx->config["base_path"].'assets/plugins/foxycart_validation/foxycart.cart_validation.php';
		if (file_exists($validate)) {
			include_once($validate);
			$doc = $modx->documentOutput;
			$modx->documentOutput = FoxyCart_Helper::fc_hash_html($doc);
		}
		break;
 
	default:  // stop here
		return;
		break;
}

Manual HMAC Price Validation for MODX Evolution + FoxyCart

Description

Creates a snippet to manually validates links and forms in your pages, according to FoxyCart's HMAC Price Validation functionality.

Installation

Create a MODX snippet

Snippet Name: FoxyCartGetHMAC

Snippet Code (paste into text box): 

<?php
if(!function_exists(get_verification)) {
function get_verification($var_name, $var_value, $var_code) {
$api_key = 'KEY HERE';
$encodingval = htmlspecialchars($var_code) . htmlspecialchars($var_name) . htmlspecialchars($var_value);
return '||'.hash_hmac('sha256', $encodingval, $api_key).($var_value === "--OPEN--" ? "||open" : "");
 
//Use the following to test whether api_key has a value or not (only use in safe, sandbox scenarios!)
//return '$api_key||'.hash_hmac('sha256', $encodingval, $api_key).($var_value === "--OPEN--" ? "||open" : "");
}
}
 
( isset($varName) ) ? $varName : $varName = '';
( isset($varValue) ) ? $varValue : $varValue = '';
( isset($varCode) ) ? $varCode : $varCode = '';
 
if (empty($varName) || empty($varValue) || empty($varCode)) {
return;
}
 
return get_verification($varName, $varValue, $varCode);
?>

Snippet Usage

[[FoxyCartGetHMAC &varName=`input-name-attrib-tag-here` &varValue=`input-value-attrib-tag-here` &varCode=`sku-code-here` ]]

Example: 

<input type="hidden" name="code[[FoxyCartGetHMAC &varName=`code` &varValue=`[*sku*]` &varCode=`[*sku*]`]]" value="[*sku*]"/>

Notice the parts where the variable name code is the same: name=“code and &varName=`code` and where the value is the same: value=”[*sku*]“ and &varValue=`[*sku*]` and where &varCode=`[*sku*]` should be something unique to your product, like the SKU code

Example Form

Assuming you're using template variables price as [*price*] and sku as [*sku*] and using the pagetitle and SKU for the product name as [*pagetitle*] - [*sku*], and that there's only a single SKU for a single product represented by a resource in the MODX Tree: 

<form name="buypanel" class="buypanel" id="buypanel" action="https://SHOPNAME.foxycart.com/cart" method="post" accept-charset="utf-8">
  <input type="hidden" name="code[[FoxyCartGetHMAC &varName=`code` &varValue=`[*sku*]` &varCode=`[*sku*]`]]" value="[*sku*]"/>
  <input type="hidden" name="name" value="[*pagetitle*] - [*sku*][[FoxyCartGetHMAC &varName=`name` &varValue=`[*pagetitle*] - [*sku*]` &varCode=`[*sku*]`]]"/>
  <input type="hidden" name="price[[FoxyCartGetHMAC &varName=`price` &varValue=`[*price*]` &varCode=`[*sku*]`]]" value="[*price*]"/>
  <input type="input" name="quantity[[FoxyCartGetHMAC &varName=`quantity` &varValue=`--OPEN--` &varCode=`[*sku*]`]]" value="1"/>
  <input type="submit" name="submit[[FoxyCartGetHMAC &varName=`submit` &varValue=`--OPEN--` &varCode=`[*sku*]`]]" value="BUY NOW"/>
</form>

Page Tools

Site Tools