search

j3k0 / cordova-plugin-purchase

In-App Purchase for Cordova on iOS, Android and Windows
https://purchase.cordova.fovea.cc
1.3k stars 537 forks source link

Subscriptions receipt validation not working #153

Closed mabuntuu15 closed 9 years ago

mabuntuu15 commented 9 years ago

I used below line for receipt validation.

store.validator = "https://api.fovea.cc:1982/check-purchase";

But this is not working for my app. Otherwise In app purchase is working fine. Only receipt validation is not working.

How to use reeceipt.fovea.cc? Do I need to apply for their API access? OR How to validate receipt for Android and iOS in PHP?

westoj commented 9 years ago

https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html

store.validator = function(p, callback){ //send p.transaction.transactionReceipt to the your server to validate as in above docs. }

Moussawi7 commented 9 years ago

Hi @mabuntuu15 , you can validate receipt for IOS 

    function validate_receipt($receipt) {
        try {
   //$end_point = 'https://sandbox.itunes.apple.com/verifyReceipt';
    $end_point = 'https://buy.itunes.apple.com/verifyReceipt';
            $ch = curl_init($end_point);
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array('receipt-data' => $receipt)));
            $response = curl_exec($ch);
            $errno = curl_errno($ch);
            $errmsg = curl_error($ch);
            curl_close($ch);
            if ($errno !== 0) {
                throw new Exception($errmsg, $errno);
            }
            $data = json_decode($response);
            if (isset($data->status) && $data->status === 0) {
                return $data->receipt;
            } else {
                return FALSE;
            }
        } catch (Exception $ex) {
            return FALSE;
        }
    }

or for android:

  function validate_receipt($signed_data, $signature) {
   $public_key = "XXXXXXXXXXX";//could be retrieved from google play store
        $key = "-----BEGIN PUBLIC KEY-----\n" .
                chunk_split($public_key, 64, "\n") .
                '-----END PUBLIC KEY-----';

        $key = openssl_get_publickey($key);
        $signature = base64_decode($signature);
        $result = openssl_verify(
                $signed_data, $signature, $key);
        return ($result === 1);
    }
mabuntuu15 commented 9 years ago

Thanks. :thumbsup: Here is a good solution for PHP

ef33zy commented 7 years ago

@mabuntuu15 are you able to share how you passed the info from js (your app) to the php for validation, using the solution you shared? I seem to be struggling with that. I think I've set up composer.json correctly.