The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

XMl Datafeed and CodeIgnitor

tookingstookings Member
in Bugs & Feature Requests edited April 2008
Just thought I would post this in case anyone happens to use CI with the FoxyCart datafeed... CI may munge up your rc4crypt'ed urlencoded POST data and leave you with gibberish when you decrypt it.

While I later got CI to pass is through -- I originally just moved the decrypt and DB instert of the raw XML to a little external helper script. Then a call into a CI script in the main system does all the parsing and heavy lifting.

Not sure if anyone else out there in the foxy world uses CI -- but in just in case, thought this might save someone a few hours of hair pulling. :)

(And...once I have the CI library for fully handling the datafeed cleaned up, I'll update with a link, in case it might useful.)
Comments
  • jkelpjkelp Member
    Hi tookings,
    I know this is an old post but do you still remember how you got CI to pass through the correct POST data from the FoxyCart datafeed?

    I'm having the same issue where the POST data inside and outside of CI are different. I'd like to receive the datafeed inside of CI.

    Thanks.
  • lancelance Member, Community Support Member
    @jkelp -

    I haven't dealt with this issue recently, but as I recall this has to do with a setting in CI that filters all POST data using XSS filtering. Global XSS filtering is a good thing if you are accepting lots of external data input, but if most of your data input is controlled, you can turn off global filtering and filter ona case by case basis.

    Lance
  • That sounds about right.......I'll see if I can find some of the old code and see how we did it though.
  • jkelpjkelp Member
    Thank you lance and tookings.
  • tookingstookings Member
    edited April 2012
    Very interesting. Always fun to look at how you did something years ago.... Attached below is one way we did it early on...not saying its a good idea, but it worked (this was FC v0.6). Later I think we did some direct CI stuff, but it had tradeoffs.

    Essentially, foxycart submitted to this script, which simply took the datafeed and saved it as a record in the database. This was a "raw" script, outside of CodeIgnitor. Then, it ran CI to actually process the database saved version of the datafeed via a curl call....so no features in CI would need to be disabled, etc. Also nice to always have a record of every datafeed sitting by in a raw "as sent" format.

    So....that is one option. Code of a stripped down version of the helper script below, with all unique data removed. (And doesn't include later error checking, logging, and better security...but you get the idea. Then you'd process the DB rows of the datafeed in CI, mark them complete, etc...ie. do all the real work in CI. This has CI called with curl in script, as we need it "real-time" but for a lot of purposes, a 1 minute cron, etc, would work fine.)

    <?php
    $key = "foxy_key";
    
    if (isset($_POST['FoxyData'])) 
    	{
    	$FoxyData_encrypted = urldecode($_POST['FoxyData']);
    	$FoxyData_decrypted = _decrypt($key, $FoxyData_encrypted, 0);
    	
    	if (!mysql_connect('localhost', 'db_user', 'db_pass')) 
    		die("no connection to MySQL");
    	if (!mysql_select_db('db')) 
    		die("couldn't select database");			
    	
    	$query = "INSERT INTO OrdersRaw (created_at,foxy_data) ".
    		"VALUES (NOW(),'".
    		mysql_escape_string($FoxyData_decrypted) ."')";
    	
    	if(mysql_query($query))
    		{ 
    		//if things ran OK, run the CodeIgnitor parser
    		//Processes all new DB datafeed entries
    		exec("curl -sf --user htaccess_user:htaccess_password --url
    		http://www.domain.com/privatetools/parsedf06/keycode/";);
    		echo "foxy"; 
    		}
    	else
    		{ 
    		echo "error"; 
    		}
    	} 
    else 
    	{
    	echo "no data!";
    	}
    
    function _encrypt ($pwd, $data, $ispwdHex = 0)
    	{
    	if ($ispwdHex)
    		{ $pwd = @pack('H*', $pwd); } 
    
    	$key[] = '';
    	$box[] = '';
    	$cipher = '';
    
    	$pwd_length = strlen($pwd);
    	$data_length = strlen($data);
    
    	for ($i = 0; $i < 256; $i++)
    		{
    		$key[$i] = ord($pwd[$i % $pwd_length]);
    		$box[$i] = $i;
    		}
    	for ($j = $i = 0; $i < 256; $i++)
    		{
    		$j = ($j + $box[$i] + $key[$i]) % 256;
    		$tmp = $box[$i];
    		$box[$i] = $box[$j];
    		$box[$j] = $tmp;
    		}
    	for ($a = $j = $i = 0; $i < $data_length; $i++)
    		{
    		$a = ($a + 1) % 256;
    		$j = ($j + $box[$a]) % 256;
    		$tmp = $box[$a];
    		$box[$a] = $box[$j];
    		$box[$j] = $tmp;
    		$k = $box[(($box[$a] + $box[$j]) % 256)];
    		$cipher .= chr(ord($data[$i]) ^ $k);
    		}
    	return $cipher;
    	}
    
    function _decrypt ($pwd, $data, $ispwdHex = 0)
    	{
    	return _encrypt($pwd, $data, $ispwdHex);
    	}
    ?>
    

Sign In or Register to comment.