use HMAC-protected URLs for shopping cart links
This commit is contained in:
parent
a0aa082ffa
commit
8c58b66ec9
@ -27,12 +27,12 @@ function fulcrm_shoppingcart_menu() {
|
||||
'access arguments' => array('administer fulcrm shoppingcart'),
|
||||
);
|
||||
|
||||
$items[ 'fulcrm/buy/%' ] = array( 'page callback' => 'fulcrm_shoppingcart_buy',
|
||||
'page arguments' => array(2),
|
||||
'type' => MENU_CALLBACK,
|
||||
'access callback' => 'user_access',
|
||||
'access arguments' => array('access content'),
|
||||
);
|
||||
$items[ 'fulcrm/buy/%/%' ] = array( 'page callback' => 'fulcrm_shoppingcart_buy',
|
||||
'page arguments' => array(2,3),
|
||||
'type' => MENU_CALLBACK,
|
||||
'access callback' => 'user_access',
|
||||
'access arguments' => array('access content'),
|
||||
);
|
||||
$items[ 'fulcrm/cart' ] = array( 'page callback' => 'fulcrm_shoppingcart_cart',
|
||||
'type' => MENU_CALLBACK,
|
||||
'access callback' => 'user_access',
|
||||
@ -95,28 +95,43 @@ function fulcrm_shoppingcart_get_session_cart( $create = true ) {
|
||||
}
|
||||
}
|
||||
|
||||
function fulcrm_shoppingcart_buy( $product_id ) {
|
||||
$api_data = fulcrm_apiv2_GET( 'product/' . $product_id . '/',
|
||||
$query = array( 'expand' => implode( ',', array( 'content_object',
|
||||
'selector_object',
|
||||
'person_ddatacollection',
|
||||
'organisation_ddatacollection',
|
||||
'thing_ddatacollection',
|
||||
'transaction_ddatacollection',
|
||||
'lineitem_ddatacollection',
|
||||
) ) ) );
|
||||
function _fulcrm_shoppingcart_buy_hmac( $product_id ) {
|
||||
return drupal_hmac_base64( 'fulcrm:' . strval( $product_id ) . ':product_id', session_id() . drupal_get_hash_salt() );
|
||||
}
|
||||
|
||||
if ( $api_data[ 'success' ] ) {
|
||||
switch ( fulcrm_apiv2_url_to_type( $api_data[ 'data' ][ 'content_object' ][ 'url' ] ) ) {
|
||||
case 'eventbookingtype':
|
||||
break;
|
||||
default:
|
||||
return 'cannot handle these products yet';
|
||||
function fulcrm_shoppingcart_buy_url( $product_id ) {
|
||||
$hmac = _fulcrm_shoppingcart_buy_hmac( $product_id );
|
||||
return url( 'fulcrm/buy/' . $product_id . '/' . $hmac );
|
||||
}
|
||||
|
||||
function fulcrm_shoppingcart_buy( $product_id, $hmac ) {
|
||||
$real_hmac = _fulcrm_shoppingcart_buy_hmac( $product_id );
|
||||
|
||||
if ( hash_equals( $real_hmac, $hmac ) ) {
|
||||
$api_data = fulcrm_apiv2_GET( 'product/' . $product_id . '/',
|
||||
$query = array( 'expand' => implode( ',', array( 'content_object',
|
||||
'selector_object',
|
||||
'person_ddatacollection',
|
||||
'organisation_ddatacollection',
|
||||
'thing_ddatacollection',
|
||||
'transaction_ddatacollection',
|
||||
'lineitem_ddatacollection',
|
||||
) ) ) );
|
||||
|
||||
if ( $api_data[ 'success' ] ) {
|
||||
switch ( fulcrm_apiv2_url_to_type( $api_data[ 'data' ][ 'content_object' ][ 'url' ] ) ) {
|
||||
case 'eventbookingtype':
|
||||
break;
|
||||
default:
|
||||
return 'cannot handle these products yet';
|
||||
}
|
||||
|
||||
return 'ok!';
|
||||
} else {
|
||||
return 'error adding item to shopping basket';
|
||||
}
|
||||
|
||||
return 'ok!';
|
||||
} else {
|
||||
return 'error adding item to shopping basket';
|
||||
drupal_not_found();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user