WorldPay: Incorrect Transaction Hash

[IMF2000]

Hi there,

 

I have RBS worldpay setup and working successfully except for the following issue:

 

Callbacks are working, on a successful new order, the order is updated as follows:

 

EG:

 

 

12/31/2010 00:05:21 Preparing [WorldPay] WorldPay: Transaction Verified

 

But then a few seconds later:

 

12/31/2010 00:05:25 Preparing [WorldPay] WorldPay: Incorrect Transaction Hash

 

Before:

 

12/31/2010 00:05:25 Preparing [WorldPay]

 

This happens on every order. I have located the code that generates the above:

 

 

function before_process() in includes/modules/payment/worldpay_junior.php

 

$sql_data_array = array('orders_id' => $order_id,

'orders_status_id' => MODULE_PAYMENT_WORLDPAY_JUNIOR_PREPARE_ORDER_STATUS_ID,

'date_added' => 'now()',

'customer_notified' => '0',

'comments' => (($hash_result == true) ? 'WorldPay: Transaction Verified' : 'WorldPay: Incorrect Transaction Hash'));

 

 

 

Any ideas what could be causing an issue with the hash result or why it is iterating over the function twice?

 

 

Here is an edited version of the callback email:

 

RBS WorldPay Post Values

\nauthAmountString : £65.00

_SP_charEnc : UTF-8

M_sid : ccda3bxxxxxXXXxxxXXXxxxXXXxx

desc : FOO SHOP

tel : 0123456789

MC_callback :

foo.net/ext/modules/payment/worldpay/junior_callback.php

countryMatch : Y

cartId : 1234

M_hash : 47XXXXXXXXXXXXXXXXXXXXXxxxXXXXx0b

lang : en

callbackPW : MYPASSWORD

rawAuthCode : A

amountString : £65.00

transStatus : Y

authCost : 65.00

currency : GBP

installation : 1234

amount : 65.00

countryString : Sweden

M_lang : english

transTime : 1293750319266

testMode : 0

name : CustomerName

ipAddress : CustomerIP

fax :

rawAuthMessage : cardbe.msg.authorised

instId : 1234

AVS : 1234

compName : The Company Name

M_cid : 1234

authAmount : 65.00

postcode : 1234

cardType : Visa

cost : 65.00

authCurrency : GBP

country : SE

charenc : UTF-8

email : customer@email

address : cust address

transId : 2028257460

authentication : ARespH.card.authentication.0

msgType : authResult

authMode : A

[IMF2000]

Did a bit more investigation:

 

found that in ext/modules/payment/worldpay/junior_callback.php

 

 

if (isset($_POST['M_hash']) && !empty($_POST['M_hash']) && ($_POST['M_hash'] == md5($_POST['M_sid'] . $_POST['M_cid'] . $_POST['cartId'] . $_POST['M_lang'] . number_format($_POST['amount'], 2) . M

ODULE_PAYMENT_WORLDPAY_JUNIOR_MD5_PASSWORD))) {

$pass = true;

}

 

This is passing true so the MD5 is matching OK.

 

 

in /includes/modules/payment/worldpay_junior.php

 

 

if (isset($HTTP_GET_VARS['hash']) && !empty($HTTP_GET_VARS['hash']) && ($HTTP_GET_VARS['hash'] == md5(tep_session_name() . $customer_id . $order_id . $language . number_format($order->info['total'], 2) . MODULE_PAYMENT_WORLDPAY_JUNIOR_MD5_PASSWORD))) {

$hash_result = true;

}

 

is returning false..

 

For now I just set $hash_result to true as I've not been able to isolate which part of the above is causing it to fail.

 

Anyone else encountered these issues?