Fortumo reciept verificaton

Question

Can anyone help to configure this its doing my nut in now.

This will be useful: https://developers.fortumo.com/cross-platform-mobile-payments/

I have the secret key and the widget set up i just need it add the stuff to my database e.g coins + 1 in a query but the code inserted into the successful payment bit wont run. So time to start again fresh.

Any help will be appreciated.

<?php

  // check that the request comes from Fortumo server
  if(!in_array($_SERVER['REMOTE_ADDR'],
array('1.2.3.4', '2.3.4.5'))) {
header("HTTP/1.0 403 Forbidden");
die("Error: Unknown IP");
  }

  // check the signature
  $secret = ''; // insert your secret between ''
  if(empty($secret) || !check_signature($_GET, $secret)) {
header("HTTP/1.0 404 Not Found");
die("Error: Invalid signature");
      }

  $sender = $_GET['sender'];//phone num.
  $amount = $_GET['amount'];//credit
  $cuid = $_GET['cuid'];//resource i.e. user
  $payment_id = $_GET['payment_id'];//unique id
  $test = $_GET['test']; // this parameter is present only when the payment is a test payment, it's value is either 'ok' or 'fail'

  //hint: find or create payment by payment_id
  //additional parameters: operator, price, user_share, country

  if(preg_match("/completed/i", $_GET['status'])) {
// mark payment as successful
  } 

  // print out the reply
  if($test){
echo('TEST OK');
  }
  else {
echo('OK');
  }

  function check_signature($params_array, $secret) {
ksort($params_array);

$str = '';
foreach ($params_array as $k=>$v) {
  if($k != 'sig') {
    $str .= "$k=$v";
  }
}
$str .= $secret;
$signature = md5($str);

return ($params_array['sig'] == $signature);
  }
?>

score 0 · Answer 1 · answered Apr 12 '16 at 08:10

The first lines of the code example validates that the request comes from Fortumo IP address, if not then it the script dies.

// check that the request comes from Fortumo server
if(!in_array($_SERVER['REMOTE_ADDR'],
    array('1.2.3.4', '2.3.4.5'))) {
    header("HTTP/1.0 403 Forbidden");
    die("Error: Unknown IP");
}

Write to support@fortumo.com to get the latest IP addresses to validate (and replace the example values 1.2.3.4 with them).

Meanwhile you can comment out the ip check and continue building your script.

Thanks I have done that, I also have to comment out the signature check as this also produces the error this I think is why when I have a completed script it isn't working — A. Maxwell, Apr 12 '16 at 10:48

Fortumo reciept verificaton

1 Answers1