<?php
function getPayload( $app_secret_key , $data ) {
// Get the encryption key (16 first bytes of the app's client_secret key)
$encryption_key = substr ( $app_secret_key , 0 , 16 ) ;
// Decrypt payload
$json_data = aes_128_decrypt( $encryption_key , $data ) ;
// Decode json
return $json_data ;
}
function aes_128_decrypt( $key , $data ) {
// Ecwid sends data in url-safe base64. Convert the raw data to the original base64 first
// Get binary data
// Initialization vector is the first 16 bytes of the received data
$iv = substr ( $decoded , 0 , 16 ) ;
// The payload itself is is the rest of the received data
$payload = substr ( $decoded , 16 ) ;
// Decrypt raw binary payload
$json = openssl_decrypt( $payload , "aes-128-cbc" , $key , OPENSSL_RAW_DATA, $iv ) ;
//$json = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $payload, MCRYPT_MODE_CBC, $iv); // You can use this instead of openssl_decrupt, if mcrypt is enabled in your system
return $json ;
}
// Get payload from the GET and process it
$ecwid_payload = "ng7W9c9jLhkX7ATMpafNAd5Vt_skEaFAqnQaw0Ing1iwYQOwB0Q_CuCS8yQeHeorTdCpZWDTNrzhcq_umX7IaAFUPPgs0zyddY7Er1tA0aze5kWGHUV54fJHoVEJHMmVEi-G5g8ZnNopIFu0YQgQqLpCq8TP2zFJunSTA7VXHTmqHNAD2JXaUb-VylcJWzgV0vaCoGyHqaPbsNNw6HSWkAzhh8dLmsYB0uzsZ_zl3wVXubCL4p2N53PmNPBLCgoC" ;
$client_secret = "zcKf1Zt0UsO43S46Un3pxIgs91R1xMGs" ;
$result = getPayload( $client_secret , $ecwid_payload ) ;
print ( $result ) ;
PD9waHAKCmZ1bmN0aW9uIGdldFBheWxvYWQoJGFwcF9zZWNyZXRfa2V5LCAkZGF0YSkgewogIC8vIEdldCB0aGUgZW5jcnlwdGlvbiBrZXkgKDE2IGZpcnN0IGJ5dGVzIG9mIHRoZSBhcHAncyBjbGllbnRfc2VjcmV0IGtleSkKICAkZW5jcnlwdGlvbl9rZXkgPSBzdWJzdHIoJGFwcF9zZWNyZXRfa2V5LCAwLCAxNik7CgogIC8vIERlY3J5cHQgcGF5bG9hZAogICRqc29uX2RhdGEgPSBhZXNfMTI4X2RlY3J5cHQoJGVuY3J5cHRpb25fa2V5LCAkZGF0YSk7CgogIC8vIERlY29kZSBqc29uCiAgJGpzb25fZGVjb2RlZCA9IGpzb25fZGVjb2RlKCRqc29uX2RhdGEsIHRydWUpOwogIHJldHVybiAkanNvbl9kYXRhOwp9CgpmdW5jdGlvbiBhZXNfMTI4X2RlY3J5cHQoJGtleSwgJGRhdGEpIHsKICAvLyBFY3dpZCBzZW5kcyBkYXRhIGluIHVybC1zYWZlIGJhc2U2NC4gQ29udmVydCB0aGUgcmF3IGRhdGEgdG8gdGhlIG9yaWdpbmFsIGJhc2U2NCBmaXJzdAogICRiYXNlNjRfb3JpZ2luYWwgPSBzdHJfcmVwbGFjZShhcnJheSgnLScsICdfJyksIGFycmF5KCcrJywgJy8nKSwgJGRhdGEpOwoKICAvLyBHZXQgYmluYXJ5IGRhdGEKICAkZGVjb2RlZCA9IGJhc2U2NF9kZWNvZGUoJGJhc2U2NF9vcmlnaW5hbCk7CgogIC8vIEluaXRpYWxpemF0aW9uIHZlY3RvciBpcyB0aGUgZmlyc3QgMTYgYnl0ZXMgb2YgdGhlIHJlY2VpdmVkIGRhdGEKICAkaXYgPSBzdWJzdHIoJGRlY29kZWQsIDAsIDE2KTsKCiAgLy8gVGhlIHBheWxvYWQgaXRzZWxmIGlzIGlzIHRoZSByZXN0IG9mIHRoZSByZWNlaXZlZCBkYXRhCiAgJHBheWxvYWQgPSBzdWJzdHIoJGRlY29kZWQsIDE2KTsKCiAgLy8gRGVjcnlwdCByYXcgYmluYXJ5IHBheWxvYWQKICAkanNvbiA9IG9wZW5zc2xfZGVjcnlwdCgkcGF5bG9hZCwgImFlcy0xMjgtY2JjIiwgJGtleSwgT1BFTlNTTF9SQVdfREFUQSwgJGl2KTsKICAvLyRqc29uID0gbWNyeXB0X2RlY3J5cHQoTUNSWVBUX1JJSk5EQUVMXzEyOCwgJGtleSwgJHBheWxvYWQsIE1DUllQVF9NT0RFX0NCQywgJGl2KTsgLy8gWW91IGNhbiB1c2UgdGhpcyBpbnN0ZWFkIG9mIG9wZW5zc2xfZGVjcnVwdCwgaWYgbWNyeXB0IGlzIGVuYWJsZWQgaW4geW91ciBzeXN0ZW0KCiAgcmV0dXJuICRqc29uOwp9CgovLyBHZXQgcGF5bG9hZCBmcm9tIHRoZSBHRVQgYW5kIHByb2Nlc3MgaXQKJGVjd2lkX3BheWxvYWQgPSAibmc3VzljOWpMaGtYN0FUTXBhZk5BZDVWdF9za0VhRkFxblFhdzBJbmcxaXdZUU93QjBRX0N1Q1M4eVFlSGVvclRkQ3BaV0RUTnJ6aGNxX3VtWDdJYUFGVVBQZ3MwenlkZFk3RXIxdEEwYXplNWtXR0hVVjU0ZkpIb1ZFSkhNbVZFaS1HNWc4Wm5Ob3BJRnUwWVFnUXFMcENxOFRQMnpGSnVuU1RBN1ZYSFRtcUhOQUQySlhhVWItVnlsY0pXemdWMHZhQ29HeUhxYVBic05OdzZIU1drQXpoaDhkTG1zWUIwdXpzWl96bDN3Vlh1YkNMNHAyTjUzUG1OUEJMQ2dvQyI7CiRjbGllbnRfc2VjcmV0ID0gInpjS2YxWnQwVXNPNDNTNDZVbjNweElnczkxUjF4TUdzIjsgCgokcmVzdWx0ID0gZ2V0UGF5bG9hZCgkY2xpZW50X3NlY3JldCwgJGVjd2lkX3BheWxvYWQpOwoKcHJpbnQoJHJlc3VsdCk7Cg==