Validate signature in the IPN

  • Resolved christer_f

    (@christer_f)


    7 years, 8 months ago

    Merci à Mathieu pour ce plugin bien utile ! (now switching to English for the benefit of others).
    I have installed the plugin and I’m running it in test mode at the moment. Everything works fine except the validation of the signature received from PayPlug in the IPN. This is probably because I can’t get hold of the correct PayPlug public key – and their support team seems to think that since I use this plugin, this is not their problem.

    I’m building my code on an example I found in the PayPlug API doc, with basically these steps:

    
$headers = getallheaders();
$headers = array_change_key_case($headers, CASE_UPPER);
$signature = base64_decode($headers['PAYPLUG-SIGNATURE']);
$body = file_get_contents('php://input');
$data = json_decode($body);
$publicKey = openssl_pkey_get_public($pbkey);
$isSignatureValid = (openssl_verify($body , $signature, $publicKey, OPENSSL_ALGO_SHA1) === 1);

    This always fails, probably because I don’t have the correct value in $pbkey.
    All other data received in the IPN looks fine.

    Any ideas?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author mathieuaubert

    (@mathieuaubert)

    Hi @christer_f,

    Thanks for your thanks ??

    I think it’s same problem in this post : https://www.ads-software.com/support/topic/configure-ipn_url-to-notify-application-that-payment-is-complete/#post-6952468

    if( class_exists( 'PAYPLUG_Plugin' ) ){
    ob_start();
    print_r( PAYPLUG_Plugin::getIpn() );
    $ipn = ob_get_contents();
    ob_end_clean();
    mail( "EMAIL","IPN Received", $ipn);
    exit;
}
Result in email :
Array
(
    [amount] => 1250
    [customData] =>
    [customer] =>
    [email] => EMAIL
    [firstName] =>
    [idTransaction] => XXXXXX
    [lastName] =>
    [order] => 12345
    [origin] =>
    [state] => paid
    [isTest] => 1
)
See : IPN Field in https://payplug-php.readthedocs.io/en/v1.1

    Does that solve your problem?

    Thread Starter christer_f

    (@christer_f)

    Hi Mathieu!
    Great, thanks a lot. I hadn’t realised that your plugin also provides IPN processing, so I developed that myself. But having looked into your code I found that you have everything I need – and I also found the PayPlug public key for the test environment in your code, which is what I was initially looking for.
    So – problem solved. Thanks again.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Validate signature in the IPN’ is closed to new replies.