FAELIX/fulcrm_shoppingcart
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

use HMAC-protected URLs for shopping cart links

Browse Source
This commit is contained in:
Marek Isalski
2016-03-25 15:53:47 +00:00
parent a0aa082ffa
commit 8c58b66ec9
1 changed files with 40 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
fulcrm_shoppingcart.module
View File

@ -27,8 +27,8 @@ function fulcrm_shoppingcart_menu() {
'access arguments' => array('administer fulcrm shoppingcart'),
);
$items[ 'fulcrm/buy/%' ] = array( 'page callback' => 'fulcrm_shoppingcart_buy',
'page arguments' => array(2),
$items[ 'fulcrm/buy/%/%' ] = array( 'page callback' => 'fulcrm_shoppingcart_buy',
'page arguments' => array(2,3),
'type' => MENU_CALLBACK,
'access callback' => 'user_access',
'access arguments' => array('access content'),
@ -95,7 +95,19 @@ function fulcrm_shoppingcart_get_session_cart( $create = true ) {
}
}
function fulcrm_shoppingcart_buy( $product_id ) {
function _fulcrm_shoppingcart_buy_hmac( $product_id ) {
return drupal_hmac_base64( 'fulcrm:' . strval( $product_id ) . ':product_id', session_id() . drupal_get_hash_salt() );
}
function fulcrm_shoppingcart_buy_url( $product_id ) {
$hmac = _fulcrm_shoppingcart_buy_hmac( $product_id );
return url( 'fulcrm/buy/' . $product_id . '/' . $hmac );
}
function fulcrm_shoppingcart_buy( $product_id, $hmac ) {
$real_hmac = _fulcrm_shoppingcart_buy_hmac( $product_id );
if ( hash_equals( $real_hmac, $hmac ) ) {
$api_data = fulcrm_apiv2_GET( 'product/' . $product_id . '/',
$query = array( 'expand' => implode( ',', array( 'content_object',
'selector_object',
@ -118,6 +130,9 @@ function fulcrm_shoppingcart_buy( $product_id ) {
} else {
return 'error adding item to shopping basket';
}
} else {
drupal_not_found();
}
}
function fulcrm_shoppingcart_cart() {