itunes's receipt validator by

README.md

In App Purchase Receipt Validator - PHP

Host this on any box which is running PHP and has direct outbound web access and it will be able to validate iOS IAP receipts for you (Sandbox or Production environment configurable).

Feel free to use this code in anything you make, with the standard disclaimer that if it doesn't work / blows up the universe, you're on your own.

Alternatively, the latest version is hosted at: http://www.chrismaddern.com/validate-itunes-receipt/

This points to production.

There is a Sandbox version embedded here: http://www.chrismaddern.com/validate-app-store-iap-receipt-codes-online-tool/

The PHP is rough, but it works - any forks / pull requests are more than welcome!!

example.php

<?php

include __DIR__ . '/../itunesReceiptValidator.php';

if (isset($_GET['receipt'])) {
    $receipt  = $_GET['receipt'];
}
else {
    print 'No receipt to validate. Exiting.<br />';
    return;
}

$endpoint = isset($_GET['sandbox']) ? itunesReceiptValidator::SANDBOX_URL : itunesReceiptValidator::PRODUCTION_URL;

try {
    $rv = new itunesReceiptValidator($endpoint, 'fake_receipt');

    print 'Environment: ' .
      ($rv->getEndpoint() === itunesReceiptValidator::SANDBOX_URL) ? 'Sandbox' : 'Production' .
      '<br />';

    $info = $rv->validateReceipt();
    echo 'Success';
    var_dump($info);
}
catch (Exception $ex) {
    echo $ex->getMessage() . '<br />';
}

index.php

<html>
<head>
<title>Validate iTunes In App Purchase Receipt Code Online Tool</title>
<meta name="description" value="A tool to allow you to verify iTunes In-App Purchase Receipt Codes against Apple's Servers. PHP Implementation." />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>

<script type="text/javascript">
    var urlToSend = 'example.php?receipt=' + '<?php echo $_GET['receipt'] ?>';
    if(!('<?php echo $_GET['receipt'] ?>' == '')) {
        $.get(
            urlToSend,
            { language: "php", version: 5 },
            function(responseText) {
                $("#retData").html('<br /><br /><br />' + responseText + '<br /><a href="index.php">Try another </a>');
            },
            "html"
        );
    }
</script>

</head>
<body>

<div id="retData" style="float:center; text-align:center; font-family:helvetica,arial; font-size:16px;">
<?php if($_GET['receipt'] != '') { ?>
<br /><br /><br />Validating receipt code:<br /> <?php echo $_GET['receipt'] ?><br /><br /><br /><img src="loading.gif" />
<?php } else { ?>
<br /><br />
<form name="receipttoken" action="index.php" method="get">
Enter Receipt Token (b64)<br /><br />  <textarea type="text" style="width:300px; height:200px; font-family:helvetica,arial; font-size:16px;" name="receipt"></textarea><br /><br />
<input type="submit" value="Validate" />
</form>
<?php } ?>
</div>
</body>
</html> 

itunesReceiptValidator.php

<?php
class itunesReceiptValidator {

    const SANDBOX_URL    = 'https://sandbox.itunes.apple.com/verifyReceipt';
    const PRODUCTION_URL = 'https://buy.itunes.apple.com/verifyReceipt';

    function __construct($endpoint, $receipt = NULL) {
        $this->setEndPoint($endpoint);

        if ($receipt) {
            $this->setReceipt($receipt);
        }
    }

    function getReceipt() {
        return $this->receipt;
    }

    function setReceipt($receipt) {
        if (strpos($receipt, '{') !== false) {
            $this->receipt = base64_encode($receipt);
        } else {
            $this->receipt = $receipt;
        }
    }

    function getEndpoint() {
        return $this->endpoint;
    }

    function setEndPoint($endpoint) {
        $this->endpoint = $endpoint;
    }

    function validateReceipt() {
        $response = $this->makeRequest();

        $decoded_response = $this->decodeResponse($response);

        if (!isset($decoded_response->status) || $decoded_response->status != 0) {
            throw new Exception('Invalid receipt. Status code: ' . (!empty($decoded_response->status) ? $decoded_response->status : 'N/A'));
        }

        if (!is_object($decoded_response)) {
            throw new Exception('Invalid response data');
        }

		return $decoded_response->receipt;
    }

    private function encodeRequest() {
        return json_encode(array('receipt-data' => $this->getReceipt()));
    }

    private function decodeResponse($response) {
        return json_decode($response);
    }

    private function makeRequest() {
        $ch = curl_init($this->endpoint);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $this->encodeRequest());

        $response = curl_exec($ch);
        $errno    = curl_errno($ch);
        $errmsg   = curl_error($ch);
        curl_close($ch);

        if ($errno != 0) {
            throw new Exception($errmsg, $errno);
        }

        return $response;
    }
}