Jump to content

ric_capucho

Members
  • Content count

    8
  • Joined

  • Last visited

Posts posted by ric_capucho


  1. Hi Ian-san,

     

    I think I've seen that name somewhere... but I'm not quite sure where. :-)

     

    Ok, I can delete the language string, but I'll need that later as I will in fact have a multi-language installation.

     

    However, how does WorldPay/osC retain my osCid for a NONSSL session? I thought I'd need that to tie my Worldpay SSL session to my osC NONSSL session? When I tried the alternative (no osCid or language), then when I returned to osC, (from either a cancel or a buy), the 'buyer' is logged out, and no meaningful WorldPay message returned.

     

    With regards to cookies, I tried this on two separate PCs, and both had the same problem. I'm now a bit worried that I picked two 'unusual' cookie PCs.

     

    Ric


  2. Hi All,

     

    Firstly, a big thank you to Mr Nimmit (Sam) for taking such a close interest in my problems. The good news is that it's now working nicely. Here's what I found out...

     

    Unless I'm crazy (I am) any Worldpay callbacks returning to an osC SSL session will figure out the original calling session (and associated osC order) simply by daisychaining the SSLs. All is well with osC SSL to WorldPay SSL and back to osC SSL. However, with regards to osC NONSSL to WorldPay SSL and back to osC NONSSL, there was a bug in the code. I actually used v1.5 to sort this one out, but I reckon it's also in v1.7.

    // Nimmit: Duplicate entry problem fix 18/2/04
    ? ? ?if(ENABLE_SSL){
    ? ? ? ?if(HTTP_SERVER != HTTPS_SERVER){
    ? ?// if servers are different use the https one to create the callback url
    ? ? ? ? ?$callback_url = tep_href_link(FILENAME_WPCALLBACK,'','SSL',false);
    ? ? ? ? ?$worldpay_callback = explode('https://', $callback_url);
    ? ? ? ?}
    ? ? ? ?else{
    ? ?// otherwise use the http
    ? ? ? ? ?$callback_url = tep_href_link(FILENAME_WPCALLBACK);
    ? ? ? ? ?$worldpay_callback = explode('http://', $callback_url);
    ? ? ? ?} ? 
    ? ? ?}
    ? else{
    ? ? $callback_url = tep_href_link(FILENAME_WPCALLBACK);
    ? ? ? ?$worldpay_callback = explode('http://', $callback_url);
    
    (...snip...)
    
    // Ian-san: Added dynamic callback and languages link here 6/4/2003:
    ? ? ? ?tep_draw_hidden_field('lang', $language_code) .
    ? ? ? ?tep_draw_hidden_field('MC_callback', $worldpay_callback[1] . '?language=' . $language_code) .
    ? ? ? ?tep_draw_hidden_field('MC_oscsid', $oscSid);

    What's happening is that a osC NONSSL session (my circumstances) was sending WorldPay the following callback string:

    $callback_url = tep_href_link(FILENAME_WPCALLBACK);
    $worldpay_callback = explode('http://', $callback_url);

    ...plus...

    tep_draw_hidden_field('MC_callback', $worldpay_callback[1] . '?language=' . $language_code) .

    ...so WorldPay is returning something like...

    http://website.com/catalog/wpcallback.php?osCsid=37a9b6732?language=en

    And there's the problem, as I was advised by that clever Mr Nimmit. The two question marks are a buggah's muddle. The second ? is not interpreted as the end of the session id, so the whole id has "?language=en" appended to the end of it. Not surprisingly, osC can't find the session. So, being a demon hacker, I just changed the "?" to a "&" and all worked fine...

    tep_draw_hidden_field('MC_callback', $worldpay_callback[1] . '&language=' . $language_code) .

    ...which gave me...

    http://website.com/catalog/wpcallback.php?osCsid=37a9b6732&language=en

    ...and all was sweetness and light.

     

    A word of warning: I'm guessing the bug is resolved for NONSSL osC sessions, but the amendment above would mess up an SSL session. Maybe Mr Nimmit can check it out?

     

    Anyways, I'm a happy bunny, and all's well in Moonfish land.

     

    Take care, Ric


  3. Hi Sam,

     

    Thanks for the fast reply.

     

    Here's the full content of .../includes/modules/payment/worldpay.php. I'm very sure I didn't change anything, but perhaps you might spot something anyway?

     

    I should add that I've been testing this by choosing 'cancel' within Worldpay, because I got sick of typing in credit card details time and again.

     

    Meanwhile, I see what you mean about the syntax of the & and ?. Methinks the second ? is at the root of all this. If you need to see the contents of the other files, let me know.

     

    Ric

     

    ========================================================

    <?php

    /*

    $Id: worldpay.php,v MS1a 2003/04/06 21:30

    Author : Graeme Conkie (graeme@conkie.net)

    Title: WorldPay Payment Callback Module V4.0 Version 1.6

     

    Revisions:

     

    Paulz added minor changes to enable control of 'Payment Zone' added function update_status

    Version MS1a Cleaned up code, moved static English to language file to allow for bi-lingual use,

    Now posting language code to WP, Redirect on failure now to Checkout Payment,

    Reduced re-direct time to 8 seconds, added MD5, made callback dynamic

    NOTE: YOU MUST CHANGE THE CALLBACK URL IN WP ADMIN TO <wpdisplay item="MC_callback">

    Version 1.4 Removes boxes to prevent users from clicking away before update,

    Fixes currency for Yen,

    Redirects to Checkout_Process after 10 seconds or click by user

    Version 1.3 Fixes problem with Multi Currency

    Version 1.2 Added Sort Order and Default order status to work with snapshots after 14 Jan 2003

    Version 1.1 Added Worldpay Pre-Authorisation ability

    Version 1.0 Initial Payment Module

     

    osCommerce, Open Source E-Commerce Solutions

    http://www.oscommerce.com

     

    Copyright © 2003

    Released under the GNU General Public License

    */

     

    class worldpay {

    var $code, $title, $description, $enabled;

     

    // class constructor

    function worldpay() {

    global $order;

    $this->code = 'worldpay';

    $this->title = MODULE_PAYMENT_WORLDPAY_TEXT_TITLE;

    $this->description = MODULE_PAYMENT_WORLDPAY_TEXT_DESCRIPTION;

    $this->sort_order = MODULE_PAYMENT_WORLDPAY_SORT_ORDER;

    $this->enabled = ((MODULE_PAYMENT_WORLDPAY_STATUS == 'True') ? true : false);

     

    if ((int)MODULE_PAYMENT_WORLDPAY_ORDER_STATUS_ID > 0) {

    $this->order_status = MODULE_PAYMENT_WORLDPAY_ORDER_STATUS_ID;

    }

     

    if (is_object($order)) $this->update_status();

     

    $this->form_action_url = 'https://select.worldpay.com/wcc/purchase';

     

    }

     

    // class methods

    function update_status() {

    global $order;

     

    if ( ($this->enabled == true) && ((int)MODULE_PAYMENT_WORLDPAY_ZONE > 0) ) {

    $check_flag = false;

    $check_query = tep_db_query("select zone_id from " . TABLE_ZONES_TO_GEO_ZONES . " where geo_zone_id = '" . MODULE_PAYMENT_WORLDPAY_ZONE . "' and zone_country_id = '" . $order->billing['country']['id'] . "' order by zone_id");

    while ($check = tep_db_fetch_array($check_query)) {

    if ($check['zone_id'] < 1) {

    $check_flag = true;

    break;

    } elseif ($check['zone_id'] == $order->billing['zone_id']) {

    $check_flag = true;

    break;

    }

    }

    if ($check_flag == false) {

    $this->enabled = false;

    }

     

    }

    }

     

    // class methods

    function javascript_validation() {

    return false;

    }

     

    function selection() {

    return array('id' => $this->code,

    'module' => $this->title);

    }

     

    function pre_confirmation_check() {

    return false;

    }

     

    function confirmation() {

    return false;

    }

     

    function process_button() {

    // Ian-san: Need to declare language_id global here 6/4/2003:

    global $HTTP_POST_VARS, $languages_id, $shipping_cost, $total_cost, $shipping_selected, $shipping_method, $currencies, $currency, $customer_id , $order;

    $worldpay_url = tep_session_name() . '=' . tep_session_id();

     

    // Multi Currency - Graeme Conkie ver 1.3 - Set up variable

    // Added decimal point code - contributed by Ian Davidson (Feb 08,2003) - For Yen currency

    $OrderAmt = number_format($order->info['total'] * $currencies->get_value($currency), $currencies->get_decimal_places($currency), '.', '') ;

     

    // Multi Currency - ver 1.3

    $process_button_string =

    tep_draw_hidden_field('instId', MODULE_PAYMENT_WORLDPAY_ID) .

    tep_draw_hidden_field('currency', $currency) .

    tep_draw_hidden_field('desc', 'Purchase from '.STORE_NAME) .

     

    // Send URL and session name - contributed by Nick Vermeulen 08 Feb, 2003

    tep_draw_hidden_field('cartId', $worldpay_url ) .

     

    // Assign Multi Currency Variable to Amount

    tep_draw_hidden_field('amount', $OrderAmt) ;

     

    // Pre Auth Mod 3/1/2002 - Graeme Conkie

    if (MODULE_PAYMENT_WORLDPAY_USEPREAUTH == 'True') $process_button_string .= tep_draw_hidden_field('authMode', MODULE_PAYMENT_WORLDPAY_PREAUTH);

     

    // Ian-san: Create callback and language links here 6/4/2003:

    $callback_url = tep_href_link(FILENAME_WPCALLBACK);

    // $callback_url = tep_href_link(FILENAME_WPCALLBACK, '', (ENABLE_SSL ? 'SSL' : 'NONSSL'), true);

    $worldpay_callback = explode('http://', $callback_url);

    $language_code_raw = tep_db_query("select code from " . TABLE_LANGUAGES . " where languages_id ='$languages_id'");

    $language_code_array = tep_db_fetch_array($language_code_raw);

    $language_code = $language_code_array['code'];

     

    $address = htmlspecialchars($order->customer['street_address'] . "\n" . $order->customer['suburb'] . "\n" . $order->customer['city'] . "\n" . $order->customer['state'], ENT_QUOTES);

    $process_button_string .=

    tep_draw_hidden_field('testMode', MODULE_PAYMENT_WORLDPAY_MODE) .

    tep_draw_hidden_field('name', $order->customer['firstname'] . ' ' . $order->customer['lastname']) .

    tep_draw_hidden_field('address', $address) .

    tep_draw_hidden_field('postcode', $order->customer['postcode']) .

    tep_draw_hidden_field('country', $order->customer['country']['iso_code_2']) .

    tep_draw_hidden_field('tel', $order->customer['telephone']) .

    tep_draw_hidden_field('myvar', 'Y') .

    tep_draw_hidden_field('fax', $order->customer['fax']) .

    tep_draw_hidden_field('email', $order->customer['email_address']) .

     

    // Ian-san: Added dynamic callback and languages link here 6/4/2003:

    tep_draw_hidden_field('lang', $language_code) .

    tep_draw_hidden_field('MC_callback', $worldpay_callback[1] . '?language=' . $language_code) .

    tep_draw_hidden_field('MC_oscsid', $oscSid);

     

    // Ian-san: Added MD5 here 6/4/2003:

    if (MODULE_PAYMENT_WORLDPAY_USEMD5 == '1') {

    $md5_signature_fields = 'amount:language:email';

    $md5_signature = MODULE_PAYMENT_WORLDPAY_MD5KEY . ':' . (number_format($order->info['total'] * $currencies->get_value($currency), $currencies->get_decimal_places($currency), '.', '')) . ':' . $language_code . ':' . $order->customer['email_address'];

    $md5_signature_md5 = md5($md5_signature);

     

    $process_button_string .= tep_draw_hidden_field('signatureFields', $md5_signature_fields ) .

    tep_draw_hidden_field('signature',$md5_signature_md5);

    }

    return $process_button_string ;

    }

     

    function before_process() {

    global $HTTP_POST_VARS;

    }

     

    function after_process() {

    return false;

    }

     

    function output_error() {

    return false;

    }

     

    function check() {

    if (!isset($this->_check)) {

    $check_query = tep_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_STATUS'");

    $this->_check = tep_db_num_rows($check_query);

    }

    return $this->_check;

    }

     

    function install() {

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Enable WorldPay Module', 'MODULE_PAYMENT_WORLDPAY_STATUS', 'True', 'Do you want to accept WorldPay payments?', '6', '1', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())");

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Worldpay Installation ID', 'MODULE_PAYMENT_WORLDPAY_ID', '00000', 'Your WorldPay Select Junior ID', '6', '2', now())");

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Mode', 'MODULE_PAYMENT_WORLDPAY_MODE', '100', 'The mode you are working in (100 = Test Mode Accept, 101 = Test Mode Decline, 0 = Live', '6', '5', now())");

     

    // Ian-san: Added MD5 here 6/4/2003:

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Use MD5', 'MODULE_PAYMENT_WORLDPAY_USEMD5', '0', 'Use MD5 encyption for transactions? (1 = Yes, 0 = No)', '6', '4', now())");

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('MD5 secret key', 'MODULE_PAYMENT_WORLDPAY_MD5KEY', '', 'MD5 secret key. Must also be entered into Worldpay installation config', '6', '5', now())");

     

    // Pre Auth Mod - Graeme Conkie 13/1/2003

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Sort order of display.', 'MODULE_PAYMENT_WORLDPAY_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '0', now())");

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Use Pre-Authorisation?', 'MODULE_PAYMENT_WORLDPAY_USEPREAUTH', 'False', 'Do you want to pre-authorise payments? Default=False. You need to request this from WorldPay before using it.', '6', '3', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now())");

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, use_function, date_added) values ('Set Order Status', 'MODULE_PAYMENT_WORLDPAY_ORDER_STATUS_ID', '0', 'Set the status of orders made with this payment module to this value', '6', '0', 'tep_cfg_pull_down_order_statuses(', 'tep_get_order_status_name', now())");

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Pre-Auth', 'MODULE_PAYMENT_WORLDPAY_PREAUTH', 'A', 'The mode you are working in (A = Pay Now, E = Pre Auth). Ignored if Use PreAuth is False.', '6', '4', now())");

    // Paulz zone control 04/04/2004

    tep_db_query("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, use_function, set_function, date_added) values ('Payment Zone', 'MODULE_PAYMENT_WORLDPAY_ZONE', '0', 'If a zone is selected, only enable this payment method for that zone.', '6', '2', 'tep_get_zone_class_title', 'tep_cfg_pull_down_zone_classes(', now())");

    // Ian-san: Added MD5 here 6/4/2003:

    tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_USEMD5'");

    tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_WORLDPAY_MD5KEY'");

    }

     

    function remove() {

    tep_db_query("delete from " . TABLE_CONFIGURATION . " where configuration_key in ('" . implode("', '", $this->keys()) . "')");

    }

     

    function keys() {

    return array('MODULE_PAYMENT_WORLDPAY_STATUS', 'MODULE_PAYMENT_WORLDPAY_ID','MODULE_PAYMENT_WORLDPAY_MODE','MODULE_PAYMENT_WORLDPAY_USEPREAUTH','MODULE_PAYMENT_WORLDPAY_PREAUTH','MODULE_PAYMENT_WORLDPAY_ZONE','MODULE_PAYMENT_WORLDPAY_SORT_ORDER','MODULE_PAYMENT_WORLDPAY_ORDER_STATUS_ID');

    }

    }

    ?>

     

    ========================================================


  4. Hello World,

     

    Well, I've installed Worldpay v4.0 v1.7 as per installation guide. I'm pretty sure I've checked all the steps in the install.txt file. Things went well, until callback. I've scanned the threads, and all to no avail. I've experimented and experimented, but still I get the following...

     

    ====================================================

    1062 - Duplicate entry '37a9b673de0f6f24e9295b59e833f622' for key 1

     

    insert into sessions values ('37a9b673de0f6f24e9295b59e833f622?language=en', '1083161710', 'cart|O:12:\"shoppingcart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationhistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:14:\"wpcallback.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:1:{s:6:\"osCsid\";s:44:\"37a9b673de0f6f24e9295b59e833f622?language=en\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}autologon_link|s:164:\"http://www.moonfishgroup.com/TESTCommerce/wpcallback.php?osCsid=37a9b673de0f6f24e9295b59e833f622%3Flanguage%3Den&osCsid=37a9b673de0f6f24e9295b59e833f622?language=en\";autologon_executed|s:4:\"true\";')

     

    [TEP STOP]

     

    1062 - Duplicate entry '37a9b673de0f6f24e9295b59e833f622' for key 1

     

    insert into sessions values ('37a9b673de0f6f24e9295b59e833f622?language=en', '1083161710', 'cart|O:12:\"shoppingcart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationhistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:14:\"wpcallback.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:1:{s:6:\"osCsid\";s:44:\"37a9b673de0f6f24e9295b59e833f622?language=en\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}autologon_link|s:164:\"http://www.moonfishgroup.com/TESTCommerce/wpcallback.php?osCsid=37a9b673de0f6f24e9295b59e833f622%3Flanguage%3Den&osCsid=37a9b673de0f6f24e9295b59e833f622?language=en\";autologon_executed|s:4:\"true\";')

     

    [TEP STOP]

     

     

    Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0

    ====================================================

     

    Now I know, from reading through this and other threads, that this message is an old friend, but all the fixits recommended thus far haven't worked.

     

    Here's what's 'different' about my installation:

     

    i. No SSL on osCommerce side

    ii. All sessions = false

     

    ...and here's what I've found out: If I manually enter the following...

     

    http://moonfishgroup.com/TESTCommerce/wpca...3Flanguage%3Den

     

    ...then I get the nasty sessions message. But if I remove the "%3Flanguage%3Den" at the end of the callback string, then all is sweetness and light...

     

    http://moonfishgroup.com/TESTCommerce/wpca...9295b59e833f622

     

    Any ideas? I'm guessing WorldPay is sending back the language=en as part of the callback, and this is 'fooling' osCommerce into reloading the session? Er, I really don't know what I'm talking about, but I guess I've given someone smarter than me enough clues...

     

    Ric

×