Clickbank IPN版本6 PHP / Laravel

Question

我正在尝试为Clickbank创建一个IPN监听器，但到目前为止还没有成功。

我使用了clickbank站点上列出的代码示例：https://support.clickbank.com/entries/22803622-Instant-Notification-Service

    <?php
// NOTE: the mcrypt libraries need to be installed and listed as an available extension in
// your phpinfo() to be able to use this method of decryption.
$secretKey = "YOUR SECRET KEY"; // secret key from your ClickBank account
 // get JSON from raw body...
$message = json_decode(file_get_contents('php://input'));
// Pull out the encrypted notification and the initialization vector for
// AES/CBC/PKCS5Padding decryption
$encrypted = $message->{'notification'};
$iv = $message->{'iv'};
error_log("IV: $iv");
// decrypt the body...
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128,
                                 substr(sha1($secretKey), 0, 32),
                                 base64_decode($encrypted),
                                 MCRYPT_MODE_CBC,
                                 base64_decode($iv)), "\0..\32");
error_log("Decrypted: $decrypted");
// convert the decrypted string to a JSON object...
$order = json_decode($decrypted);
// Ready to rock and roll - If the decoding of the JSON string wasn't successful,
// then you can assume the notification wasn't encrypted with your secret key.
?>

对于ipn v4，我设法获得了ipn测试器的验证确认，并将输出保存在我的日志中。但是对于v6，我甚至不能将输出保存到日志文件中。看起来clickbank甚至没有发送任何东西。他们的文档是模糊的，我想知道这段代码是否应该放在第一位工作。

有谁有这方面的经验吗？除了response 200之外，我还应该返回其他内容吗？

提前谢谢。

Answer 1

有几件事你可以做，它们在我的代码中工作得很好。(1) PHP版本--如果你使用的是PHP 7+，那就试着把它改成php5.6。(2)使用$HTTP_RAW_POST_DATA而不是file_get_contents (我知道file_get_contents更好，但是当它不能工作的时候使用替代方案)

下面是要尝试的代码，$secretKey = "Your Secrety Key"；

// get JSON from raw body...
//$message = json_decode(file_get_contents('php://input'));

$message = $HTTP_RAW_POST_DATA;
$message = json_decode($message, true);
$messageString = http_build_query($message);    //converts associative array in to string
error_log("message string: $messageString");
$encrypted = $message['notification'];
$iv = $message['iv'];
error_log("IV: $iv");

// decrypt the body...
$decrypted = trim(openssl_decrypt(base64_decode($encrypted),'AES-256-CBC',substr(sha1($secretKey), 0, 32),OPENSSL_RAW_DATA, base64_decode($iv)), "\0..\32");

error_log("Decrypted: $decrypted");

////UTF8 Encoding, remove escape back slashes, and convert the decrypted string to a JSON object...
$sanitizedData = utf8_encode(stripslashes($decrypted));
$jsonDecodeData = json_decode($decrypted, true);
$jsonDecodeDataString = http_build_query($jsonDecodeData);

Answer 2

<?php

function ipnVerification() {
    $secretKey="YOUR SECRET KEY";
    $pop = "";
    $ipnFields = array();
    foreach ($_POST as $key => $value) {
        if ($key == "cverify") {
            continue;
        }
        $ipnFields[] = $key;
    }
    sort($ipnFields);
    foreach ($ipnFields as $field) {
        // if Magic Quotes are enabled $_POST[$field] will need to be
        // un-escaped before being appended to $pop
        $pop = $pop . $_POST[$field] . "|";
    }
    $pop = $pop . $secretKey;
    $calcedVerify = sha1(mb_convert_encoding($pop, "UTF-8"));
    $calcedVerify = strtoupper(substr($calcedVerify,0,8));
    return $calcedVerify == $_POST["cverify"];
}

?>

您可以使用它来验证您的IPN。它将会工作得很好