Documentation You are here: start » v » 2.0 » hmac_validation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
v:2.0:hmac_validation [2020/03/24 03:37] – [Bundled Products] adamv:2.0:hmac_validation [2024/03/11 14:38] (current) – [PHP: Helper Function] marija
Line 27: Line 27:
  
  
 +===== Language and Site Independent Solutions =====
  
 +Regardless of how you've built your site, you can use our Cloudflare Worker script, along with Cloudflare, to automatically protect your site. More info is here:
  
 +  * [[https://github.com/Foxy/foxy-cloudflare-addtocart-signing|Foxy Cloudflare Worker: Add-to-cart Signer]]
 +
 +Please let us know if you run into trouble getting that set up.
  
 ===== Language Specific Examples & Helper Files ===== ===== Language Specific Examples & Helper Files =====
 While you certainly can build your validation functionality from scratch, it may be a boon to use an existing library. Currently we only have official code for PHP but if you're interested in porting the PHP version to another language please [[https://forum.foxycart.com/|let us know]] and we'd be happy to provide assistance. While you certainly can build your validation functionality from scratch, it may be a boon to use an existing library. Currently we only have official code for PHP but if you're interested in porting the PHP version to another language please [[https://forum.foxycart.com/|let us know]] and we'd be happy to provide assistance.
 +
 +==== Webflow: Pre-Payment Webhook ====
 +If you're using Webflow, you can set up a serverless function on Netlify.com to verify your product prices against your Webflow product collection. This is slightly technical, but hopefully will be more straightforward than it looks, and will generally be free unless you're doing really heavy volume. Setting it up starts with a single click.
 +
 +  * [[https://github.com/Foxy/foxy-node-netlify-functions|Netlify Serverless Functions for the Foxy.io API]]
 +  * [[https://github.com/Foxy/foxy-node-netlify-functions/tree/main/src/functions/datastore-integration-webflow|Webflow pre-payment webhook details]]
 +
 +Let us know if you need help getting it set up.
 +
  
 ==== PHP: Automatic Validation with Minimal Effort ==== ==== PHP: Automatic Validation with Minimal Effort ====
Line 41: Line 55:
 <code php>function get_verification($var_name, $var_value, $var_code, $var_parent_code = "", $for_value = false) { <code php>function get_verification($var_name, $var_value, $var_code, $var_parent_code = "", $for_value = false) {
  $api_key = "your_api_key_here";  $api_key = "your_api_key_here";
- $encodingval = htmlspecialchars($var_code . $var_parent_code . $var_name . $var_value);+ $encodingval = htmlspecialchars($var_code . $var_parent_code . $var_name . $var_value, ENT_COMPAT);
  $label = ($for_value) ? $var_value : $var_name;  $label = ($for_value) ? $var_value : $var_name;
  return $label . '||' . hash_hmac('sha256', $encodingval, $api_key) . ($var_value === "--OPEN--" ? "||open" : "");  return $label . '||' . hash_hmac('sha256', $encodingval, $api_key) . ($var_value === "--OPEN--" ? "||open" : "");
Line 72: Line 86:
 <input type="hidden" name="<?php echo get_verification('price', '1.99', 'warmups'); ?>" value="1.99" /> <input type="hidden" name="<?php echo get_verification('price', '1.99', 'warmups'); ?>" value="1.99" />
 </code> </code>
 +
 +<WRAP center round tip 90%>
 +**Where should the signature be placed in a form element?** Note that the signature can be appended to either the ''name'' or the ''value'' of an input. Either will work just fine, although for radio inputs and select dropdowns, the signature //must// be appended to the ''value'' as the ''name'' is the same for all options of the field. See [[:#a_basic_overview|the implementation details]] for more information on that.
 +</WRAP>
  
 In a link in it's vanilla state would look like this: In a link in it's vanilla state would look like this:
Line 83: Line 101:
 $atc .= "&" . get_verification("price", "1.99", "warmups") . "=1.99"; $atc .= "&" . get_verification("price", "1.99", "warmups") . "=1.99";
 </code> </code>
 +
  
 **Bundled Products** **Bundled Products**
Line 195: Line 214:
 As the child product in a bundled product setup often has a different price than if the product were added by itself, we require that the product code used to hash all attributes of the child product contains both the parent code and the child code in the format ''{childcode}{parentcode}'' (but without the curly brackets).  As the child product in a bundled product setup often has a different price than if the product were added by itself, we require that the product code used to hash all attributes of the child product contains both the parent code and the child code in the format ''{childcode}{parentcode}'' (but without the curly brackets). 
  
-For example, if you are adding a T-shirt with the code "shirtand a child product with the code "poster", the child product attributes would be hashed with the code ''postershirt'', instead of just ''poster''. The parent product's attributes would be hashed like normal with the code ''shirt''.+For example, if you are adding a T-shirt with the code ''shirt'' and a child product with the code ''poster'', the child product attributes would be hashed with the code ''postershirt'', instead of just ''poster''. The parent product's attributes would be hashed like normal with the code ''shirt''.
 ==== An Example ==== ==== An Example ====
  

Page Tools

Site Tools