-
-
Save menny/1985010 to your computer and use it in GitHub Desktop.
| function verify_app_store_in_app($receipt, $is_sandbox) | |
| { | |
| //$sandbox should be TRUE if you want to test against itunes sandbox servers | |
| if ($is_sandbox) | |
| $verify_host = "ssl://sandbox.itunes.apple.com"; | |
| else | |
| $verify_host = "ssl://buy.itunes.apple.com"; | |
| $json='{"receipt-data" : "'.$receipt.'" }'; | |
| //opening socket to itunes | |
| $fp = fsockopen ($verify_host, 443, $errno, $errstr, 30); | |
| if (!$fp) | |
| { | |
| // HTTP ERROR | |
| return false; | |
| } | |
| else | |
| { | |
| //iTune's request url is /verifyReceipt | |
| $header = "POST /verifyReceipt HTTP/1.0\r\n"; | |
| $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; | |
| $header .= "Content-Length: " . strlen($json) . "\r\n\r\n"; | |
| fputs ($fp, $header . $json); | |
| $res = ''; | |
| while (!feof($fp)) | |
| { | |
| $step_res = fgets ($fp, 1024); | |
| $res = $res . $step_res; | |
| } | |
| fclose ($fp); | |
| //taking the JSON response | |
| $json_source = substr($res, stripos($res, "\r\n\r\n{") + 4); | |
| //decoding | |
| $app_store_response_map = json_decode($json_source); | |
| $app_store_response_status = $app_store_response_map->{'status'}; | |
| if ($app_store_response_status == 0)//eithr OK or expired and needs to synch | |
| { | |
| //here are some fields from the json, btw. | |
| $json_receipt = $app_store_response_map->{'receipt'}; | |
| $transaction_id = $json_receipt->{'transaction_id'}; | |
| $original_transaction_id = $json_receipt->{'original_transaction_id'}; | |
| $json_latest_receipt = $app_store_response_map->{'latest_receipt_info'}; | |
| return true; | |
| } | |
| else | |
| { | |
| return false; | |
| } | |
| } | |
| } |
| function verify_market_in_app($signed_data, $signature, $public_key_base64) | |
| { | |
| $key = "-----BEGIN PUBLIC KEY-----\n". | |
| chunk_split($public_key_base64, 64,"\n"). | |
| '-----END PUBLIC KEY-----'; | |
| //using PHP to create an RSA key | |
| $key = openssl_get_publickey($key); | |
| //$signature should be in binary format, but it comes as BASE64. | |
| //So, I'll convert it. | |
| $signature = base64_decode($signature); | |
| //using PHP's native support to verify the signature | |
| $result = openssl_verify( | |
| $signed_data, | |
| $signature, | |
| $key, | |
| OPENSSL_ALGO_SHA1); | |
| if (0 === $result) | |
| { | |
| return false; | |
| } | |
| else if (1 !== $result) | |
| { | |
| return false; | |
| } | |
| else | |
| { | |
| return true; | |
| } | |
| } |
Sorry for this basic and might be stupid question , but what is $signature here ? Can anyone give the all 3 paramters dummy value so i can test directly ... ( verify_market_in_app.php
)
I tried android code. but this is not working... can any body help?
@amiruldinqureshi It is original json or receipt you obtain from object "purchase" in android app by purchase.getOriginalJson();
I implemented this code, however, the response is always false. Are there any new changes to the receipt or signature fields from expected values?
please help, what does "$signature" mean? Please explain, it would be better if you share a working copy of code with all param values.
signature is the attached signature of the order.. really long base64 string.. and signed_data is the orders 'receipt' field JSON looks like:
{"orderId":"GPA.3340-1993-0359-####","packageName":"com.###.###","productId":"## ....... }
Thank you for the job! This is very likely to be a stupid question, but: what is the script supposed to echo to the app?