<?php
// Script to create a signature 
define('API_BASE_URL', 'https://api.allopass.com/rest'); 
define('API_KEY', '239b6646535da246ea189216d5a582b7'); 
define('API_SECRET_KEY', '3e384f56da31753023b167b3ef03a2ee'); 
define('API_HASH_FUNCTION', 'sha1'); 
date_default_timezone_set('UTC'); 
// STEPS 1 and 2: Construction of query parameters 
$trxid = '674ecec1-76bb-4b72-8093-bdafaef35816';
$queryParameters = array(
'format' => 'json',
'api_key' => API_KEY,
'api_hash' => API_HASH_FUNCTION,
'api_ts' => time()
);

// STEP 3 : Sort parameters by ascending alphabetical order by name of parameter 
ksort($queryParameters); 

/* STEP 4 
* Prepare a string to hash 
* with the hash function "API_HASH_FUNCTION" 
*/ 
$stringToHash = ''; 
foreach ($queryParameters as $parameter =>$value) { 
$stringToHash .= $parameter . (is_array($value) ? implode('', $value) : $value); 
} 
$stringToHash .= API_SECRET_KEY; 

// STEP 5: Creation of signature 
$signature = hash(API_HASH_FUNCTION, $stringToHash); 

// STEP 6 : Generating URL 
$queryParameters['api_sig'] = $signature; 
$url = API_BASE_URL . '/transaction/'.$trxid.'?'. http_build_query($queryParameters); 

$sock = curl_init($url);
curl_setopt_array($sock, array(
CURLOPT_HEADER =>false,
CURLOPT_RETURNTRANSFER =>true,
CURLOPT_CONNECTTIMEOUT =>10,
CURLOPT_LOW_SPEED_TIME =>10,
CURLOPT_TIMEOUT =>10
));

$response = curl_exec($sock);
echo $response;

if (0< ($curlErrno = curl_errno($sock))) { 
trigger_error("CURL Error ($curlErrno): " . curl_error($sock), E_USER_NOTICE); 
header('Location: /error/unavailable.php'); 
exit(); 
} 
$httpStatusCode = curl_getinfo($sock, CURLINFO_HTTP_CODE); 
$httpHeaderSize = curl_getinfo($sock, CURLINFO_HEADER_SIZE); 
curl_close($sock); 
// Read the API response returned in the $response variable by the curl_exec () function 
$responseHeaders = array(); 
$rawHeaders = substr($response, 0, $httpHeaderSize - 4); 
$responseBody = substr($response, $httpHeaderSize); 

foreach (explode("\r\n", $rawHeaders) as $header) { 
list($name, $value) = explode(':', $header); 
$responseHeaders[$name] = $value; 
} 
if (isset($responseHeaders['X-Allopass-Response-Signature'])) { 
// STEPS 2 and 3: Calculation of the signature 
$returnedResponseSignature = $responseHeaders['X-Allopass-Response-Signature']; 
$computedResponseSignature = hash(API_HASH_FUNCTION, $responseBody . API_SECRET_KEY); 
// STEP 4: Checking the signature returned by the API 
if (trim($returnedResponseSignature) != trim($computedResponseSignature)) { 
header('Location: /error/forbidden.php'); 
exit(); 
} 
} 

$xml = simplexml_load_string($response);
echo $xml->buy_url;
?>