search

phpish / shopify_app-skeleton

Skeleton Shopify App project using phpish/shopify
94 stars 41 forks source link

Invalid Request! Request or redirect did not come from Shopify #45

Open pkp2409 opened 6 years ago

pkp2409 commented 6 years ago

Hi, I'm converted the local server into https using "ngrok" method, still I'm facing the issue "Invalid Request! Request or redirect did not come from Shopify" desktop screenshot

Can you please to create the sample application using php in shopify

Thank you,

tareq0065 commented 6 years ago

I m getting too

ann1111 commented 5 years ago

Any updates in it ?

VickyFi commented 5 years ago

Did you find anything on that? I' m getting the same error too.

sunboy88 commented 5 years ago

Guys, skip oauth.php file, only need install.php to installed...

ahmu83 commented 5 years ago

I am getting this error when I try to install the shopify app Notice: Undefined index: signature in /vendor/phpish/shopify/shopify.php on line 21 Invalid Request! Request or redirect did not come from Shopify

I noticed that the url https://ID.ngrok.io/oauth.php?hmac=&shop=MY-TEST-STORE.myshopify.com&timestamp=1552491745 did not have the signature query string instead of the hmac query string. And I tried to update that instead in line 21 but it only removed the notice but the error (Invalid Request! Request or redirect did not come from Shopify) was still there

X4nd0R commented 4 years ago

The fix is not to skip oauth.php and go straight to install.php. When I did this I got stuck in an infinite loop. This issue is actually a duplicate and I posted the fix in there but just to make sure anyone who needs it finds this, I was able to solve this issue by editing the phpish file: /vendor/phpish/shopify/shopify.php. The is_valid_request() function should look like this:

function is_valid_request($query_params, $shared_secret)
{
    if (!isset($query_params['timestamp'])) return false;

    $seconds_in_a_day = 24 * 60 * 60;

    $older_than_a_day = $query_params['timestamp'] < (time() - $seconds_in_a_day);
    if ($older_than_a_day) return false;

    $signature = $query_params['hmac'];
    unset($query_params['hmac']);

    $message = http_build_query($query_params);

    return (hash_hmac('sha256', $message, $shared_secret) === $signature);
}

I believe the Shopify API/Oauth system has changed and phpish's code is out of date.

X4nd0R commented 4 years ago

After getting this working I still continued to have issues with this project (such as app not embedding, plus other issues). I ended up writing a fresh bare-bones app that is plug and play for Shopify. If anyone else is still having issues getting this working, please check mine out here: https://github.com/XenithTech/php-shopify-app-skeleton If you have any issues with it feel free to open a ticket and I will actively work on a solution.