Base64_encode alternative

[AperoCD]

Working on posting a module to the addons site, the validator is failing due to the use of the base64_encode() function. This function is required to encode a curl header with authentication to a payment gateway. Is there a supported alternative to this function?

 

Thanks!

[prestashopninja]

Hi,

 

- Kindly ask your further questions in the relevant forum section.

 

- Try to set the headers manually:

 

(Example taken from php.net website)

 

 <?php 

         $credentials = "username:password"; 
         
         // Read the XML to send to the Web Service 
         $request_file = "./SampleRequest.xml"; 
        $fh = fopen($request_file, 'r'); 
        $xml_data = fread($fh, filesize($request_file)); 
        fclose($fh); 
                
        $url = "http://www.example.com/services/calculation"; 
        $page = "/services/calculation"; 
        $headers = array( 
            "POST ".$page." HTTP/1.0", 
            "Content-type: text/xml;charset=\"utf-8\"", 
            "Accept: text/xml", 
            "Cache-Control: no-cache", 
            "Pragma: no-cache", 
            "SOAPAction: \"run\"", 
            "Content-length: ".strlen($xml_data), 
            "Authorization: Basic " . base64_encode($credentials) 
        ); 
       
        $ch = curl_init(); 
        curl_setopt($ch, CURLOPT_URL,$url); 
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
        curl_setopt($ch, CURLOPT_TIMEOUT, 60); 
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); 
        curl_setopt($ch, CURLOPT_USERAGENT, $defined_vars['HTTP_USER_AGENT']); 
        
        // Apply the XML to our curl call 
        curl_setopt($ch, CURLOPT_POST, 1); 
        curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data); 

        $data = curl_exec($ch); 

        if (curl_errno($ch)) { 
            print "Error: " . curl_error($ch); 
        } else { 
            // Show me the result 
            var_dump($data); 
            curl_close($ch); 
        }

[AperoCD]

Thanks. So that's pretty much what I've got in my module. The validator site comes back and says base64_encode() method is forbidden. Is there an alternative we're supposed to use?

[prestashopninja]

and what happens when you try to pass the credentials plaintext?

 

curl_setopt($process, CURLOPT_USERPWD, $username . ":" . $password);

[bellini13]

You should continue using the function and tell the addons team that this is required functionality for your external vendor connectivity.  They may complain a bit, but there is nothing wrong with using base64 encode and decode, there are absolutely no security issues with it in the manner you are using it.