Skip to content

Commit

Permalink
Verify all http params. Give better error messages
Browse files Browse the repository at this point in the history
  • Loading branch information
jusasiiv committed Apr 3, 2019
1 parent e3c89a4 commit c9ba980
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 21 deletions.
39 changes: 23 additions & 16 deletions catalog/controller/extension/payment/blockonomics.php
Original file line number Diff line number Diff line change
Expand Up @@ -138,25 +138,28 @@ public function invoice() {
$data['satoshi_amount'] = $satoshi_amount;
$data['fiat_amount'] = $fiat_amount;

$btc_address = $this->blockonomics->genBTCAddress();
$data['btc_address'] = $btc_address;
$data['btc_href'] = "bitcoin:".$btc_address."?amount=".$satoshi_amount;

$this->blockonomics->log('info', $btc_address, 1);
$this->blockonomics->log('info', $price, 1);
$current_time = time();
$data['orderTimestamp'] = $current_time;
$order_id = $order_info['order_id'];
$data['order_id'] = $order_id;

$data['success_url'] = $this->url->link('checkout/success');
$data['websocket_url'] = $this->blockonomics->blockonomics_websocket_url;
$data['timeout_url'] = $this->url->link('extension/payment/blockonomics/timeout', $this->config->get('config_secure'));

if ( $btc_address != "" ) {
$response = $this->blockonomics->genBTCAddress();
if(!isset($response->error)) {
$btc_address=$response->address;
$data['btc_address'] = $btc_address;
$data['btc_href'] = "bitcoin:".$btc_address."?amount=".$satoshi_amount;

$this->blockonomics->log('info', $btc_address, 1);
$this->blockonomics->log('info', $price, 1);
$current_time = time();
$data['orderTimestamp'] = $current_time;
$order_id = $order_info['order_id'];
$data['order_id'] = $order_id;

$data['success_url'] = $this->url->link('checkout/success');
$data['websocket_url'] = $this->blockonomics->blockonomics_websocket_url;
$data['timeout_url'] = $this->url->link('extension/payment/blockonomics/timeout', $this->config->get('config_secure'));

//Insert into blockonomics orders table
$this->db->query("INSERT IGNORE INTO ".DB_PREFIX."blockonomics_bitcoin_orders (id_order, timestamp, addr, txid, status,value, bits, bits_payed) VALUES
('".(int)$order_id."','".(int)$current_time."','".$btc_address."', '', -1,'".(float)$fiat_amount."','".(int)$bits."', 0)");
} else {
$data['address_error'] = $response->error;
}

$this->response->setOutput($this->load->view('extension/payment/blockonomicsinvoice', $data));
Expand Down Expand Up @@ -233,6 +236,10 @@ public function callback() {

$this->log('info', 'Callback Handler called');

if($this->setting('callback_secret') != $secret) {
die('Invalid secret');
}

//Upate order info
$query="UPDATE ".DB_PREFIX."blockonomics_bitcoin_orders SET status='".(int)$status."',txid='".$txid."',bits_payed=".(int)$value." WHERE addr='".$addr."'";
$this->db->query($query);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
{{ content_top }}
<h1>{{ heading_title }}</h1>

{% if btc_address != "" %}
{% if address_error == "" %}
<div id="payment-view">
<div id="btc-href" data-href="{{ btc_href }}"></div>
<div id="btc-address" data-address="{{ btc_address }}"></div>
Expand Down Expand Up @@ -62,7 +62,7 @@
{% else %}
<div id="address-error">
<h3>Could not generate new bitcoin address.</h3>
<i>Note to webmaster: Your webhost is blocking outgoing HTTPS connections. Blockonomics requires an outgoing HTTPS (port 443) to generate new address. Check with your webhost to allow this. Also make sure that <a href="https://www.crybit.com/enable-allow_url_fopen/" target="_blank">allow_url_fopen is On</a> on your server. If issue persists, log a ticket on <a href="http://blockonomics.freshdesk.com/" target="_blank">http://blockonomics.freshdesk.com/</a></i>
<i>Note to webmaster: {{ address_error }}. If issue persists, log a ticket on <a href="http://blockonomics.freshdesk.com/" target="_blank">http://blockonomics.freshdesk.com/</a></i>
</div>
{% endif %}

Expand Down
16 changes: 13 additions & 3 deletions system/library/blockonomics.php
Original file line number Diff line number Diff line change
Expand Up @@ -124,11 +124,21 @@ public function genBTCAddress(){
curl_close($ch);

$responseObj = json_decode($data);
if (!isset($responseObj)) {
return '';
if($httpcode != 200) {
if (isset($responseObj->message)) {
if ($responseObj->message=='Could not find matching xpub') {
$responseObj->error = 'There is a problem in your callback url';
} else {
$responseObj->error = $responseObj->message;
}
}
if($httpcode == 401) {
$responseObj = new stdClass();
$responseObj->error = 'API Key is invalid';
}
}

return $responseObj->address;
return $responseObj;
}
/**
* Constructs some helpful diagnostic info.
Expand Down

0 comments on commit c9ba980

Please sign in to comment.