5VUDt15X

· 7 years ago · Nov 30, 2018, 06:56 PM
1<?php
2//Template Name: Concierge Multipass
3date_default_timezone_set("UTC");
4
5class ShopifyMultipass {
6    private $encryption_key;
7    private $signature_key;
8
9    public function __construct($multipass_secret) {
10        // Use the Multipass secret to derive two cryptographic keys,
11        // one for encryption, one for signing
12        $key_material = hash("sha256", $multipass_secret, true);
13        $this->encryption_key = substr($key_material, 0, 16);
14        $this->signature_key = substr($key_material, 16, 16);
15    }
16
17    public function generate_token($customer_data_hash) {
18        // Store the current time in ISO8601 format.
19        // The token will only be valid for a small timeframe around this timestamp.
20        $customer_data_hash["created_at"] = date("c");
21
22        // Serialize the customer data to JSON and encrypt it
23        $ciphertext = $this->encrypt(json_encode($customer_data_hash));
24
25        // Create a signature (message authentication code) of the ciphertext
26        // and encode everything using URL-safe Base64 (RFC 4648)
27        return strtr(base64_encode($ciphertext . $this->sign($ciphertext)), '+/', '-_');
28    }
29
30    private function encrypt($plaintext) {
31        // Use a random IV
32        $iv = openssl_random_pseudo_bytes(16);
33
34        // Use IV as first block of ciphertext
35        return $iv . openssl_encrypt($plaintext, "AES-128-CBC", $this->encryption_key, OPENSSL_RAW_DATA, $iv);
36    }
37
38    private function sign($data) {
39        return hash_hmac("sha256", $data, $this->signature_key, true);
40    }
41}
42
43$returnTo = $_GET['return_to'];
44
45// Get WP current login user details and store it in array (you can add any parameters available in Shopify Multipass)
46$user = wp_get_current_user();
47if(!is_user_logged_in()){
48    wp_redirect($returnTo);
49    exit;
50}
51
52$customer_data = array(
53    "email" => $user->data->user_email,
54    "return_to" => $returnTo
55);
56
57//Shopify Multipass Secret key.
58$multipass_secret = "secret-key";
59$multipass = new ShopifyMultipass($multipass_secret);
60$token = $multipass->generate_token($customer_data);
61
62//This will redirect into your shopify store
63$my_store_domain = "demo.myshopify.com";
64wp_redirect('https://'.$my_store_domain.'/account/login/multipass/' . $token);
65Exit;
66?>