From 6e5c2033deb791457c821bdaf0d14fe0f8cc745d Mon Sep 17 00:00:00 2001 From: Jeff Schilling Date: Tue, 12 Jan 2010 19:19:40 -0500 Subject: [PATCH] Adding support for distinct fastspring keys - one for license generation, the original key for order notifications --- application.php | 10 ++++++++++ fastspring-license.php | 5 ++++- includes/class.objects.php | 2 +- mysql.sql | 2 ++ 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/application.php b/application.php index 88e30a8..012a432 100644 --- a/application.php +++ b/application.php @@ -37,6 +37,7 @@ $app->cf_product_code = $_POST['cf_product_code']; $app->cf_license_url = $_POST['cf_license_url']; $app->of_email_notify = $_POST['of_email_notify']; + $app->fs_license_key = $_POST['fs_license_key']; $app->update(); redirect('application.php?id=' . $app->id); @@ -67,6 +68,7 @@ $cf_product_code = $_POST['cf_product_code']; $cf_license_url = $_POST['cf_license_url']; $of_email_notify = $_POST['of_email_notify']; + $fs_license_key = $_POST['fs_license_key']; } } else @@ -95,6 +97,7 @@ $cf_product_code = $app->cf_product_code; $cf_license_url = $app->cf_license_url; $of_email_notify = $app->of_email_notify; + $fs_license_key = $app->fs_license_key; } ?> @@ -249,6 +252,13 @@

+ Security key from FastSpring used for order notifications +

+ +

+ + + Security key from FastSpring used for requests (used with CocoaFob)

diff --git a/fastspring-license.php b/fastspring-license.php index 8599986..bdac87e 100644 --- a/fastspring-license.php +++ b/fastspring-license.php @@ -4,6 +4,9 @@ * We'll generate the license here (protects us from embedding our private key @ FastSpring) * We'll configure FastSpring to send it back to us with the completed order @ which time we'll add * it to the order +* +* Note: There are multiple security keys in FastSpring - the license request has a distinct key from the order +* notification request */ require 'includes/master.inc.php'; @@ -16,7 +19,7 @@ } // FastSpring security check... - if(md5($_REQUEST['security_data'] . $app->fs_security_key) != $_REQUEST['security_hash']) + if(md5($_REQUEST['security_data'] . $app->fs_license_key) != $_REQUEST['security_hash']) die('Security check failed.'); diff --git a/includes/class.objects.php b/includes/class.objects.php index 657614f..c3b07ec 100644 --- a/includes/class.objects.php +++ b/includes/class.objects.php @@ -28,7 +28,7 @@ class Application extends DBObject { public function __construct($id = null) { - parent::__construct('applications', array('name', 'link', 'bundle_name', 's3key', 's3pkey', 's3bucket', 's3path', 'sparkle_key', 'sparkle_pkey', 'ap_key', 'ap_pkey', 'from_email', 'email_subject', 'email_body', 'license_filename', 'custom_salt', 'license_type', 'return_url', 'fs_security_key', 'i_use_this_key', 'tweet_terms', 'cf_product_code', 'cf_license_url', 'of_email_notify'), $id); + parent::__construct('applications', array('name', 'link', 'bundle_name', 's3key', 's3pkey', 's3bucket', 's3path', 'sparkle_key', 'sparkle_pkey', 'ap_key', 'ap_pkey', 'from_email', 'email_subject', 'email_body', 'license_filename', 'custom_salt', 'license_type', 'return_url', 'fs_security_key', 'i_use_this_key', 'tweet_terms', 'cf_product_code', 'cf_license_url', 'of_email_notify', 'fs_license_key'), $id); } public function versions() diff --git a/mysql.sql b/mysql.sql index 9ab735c..d0a3cbd 100644 --- a/mysql.sql +++ b/mysql.sql @@ -43,6 +43,8 @@ CREATE TABLE `applications` ( 'cf_product_code' varchar(45) NOT NULL, 'cf_license_url' varchar(45) NOT NULL, 'of_email_notification' varchar(128) NOT NULL + 'fs_license_key' varchar(45) DEFAULT NULL; + PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;