I am successfully redirecting to ccavenue payment gateway but on clicking the cancel button it is showing the error "Security Error. Illegal access detected" in the redirect url page.
This is my redirecturl page:
<?php include('Aes.php');include('adler32.php')?>
<?php
$workingKey='myWorkingKey'; //Working Key should be provided here.
$encResponse=$_POST["encResponse"]; //This is the response sent by the CCAvenue Server
$rcvdString=decrypt($encResponse,$workingKey);
$AuthDesc="";
$MerchantId="";
$OrderId="";
$Amount=0;
$Checksum=0;
$veriChecksum=false;
$decryptValues=explode('&', $rcvdString);
$dataSize=sizeof($decryptValues);
echo "<center>";
for($i = 0; $i < $dataSize; $i++)
{
$information=explode('=',$decryptValues[$i]);
if($i==0) $MerchantId=$information[1];
if($i==1) $OrderId=$information[1];
if($i==2) $Amount=$information[1];
if($i==3) $AuthDesc=$information[1];
if($i==4) $Checksum=$information[1];
}
$rcvdString=$MerchantId.'|'.$OrderId.'|'.$Amount.'|'.$AuthDesc.'|'.$workingKey;
$veriChecksum=verifyChecksum(genchecksum($rcvdString), $Checksum);
if($veriChecksum==TRUE && $AuthDesc==="Y")
{
echo "<br>Thank you for shopping with us. Your credit card has been charged and your transaction is successful. We will be shipping your order to you soon.";
}
else if($veriChecksum==TRUE && $AuthDesc==="B")
{
echo "<br>Thank you for shopping with us.We will keep you posted regarding the status of your order through e-mail";
}
else if($veriChecksum==TRUE && $AuthDesc==="N")
{
echo "<br>Thank you for shopping with us.However,the transaction has been declined.";
}
else
{
echo "<br>Security Error. Illegal access detected";
}
echo "<br><br>";
echo "<table cellspacing=4 cellpadding=4>";
for($i = 0; $i < $dataSize; $i++)
{
$information=explode('=',$decryptValues[$i]);
echo '<tr><td>'.$information[0].'</td><td>'.$information[1].'</td></tr>';
}
echo "</table><br>";
echo "</center>";
?>
I googled about the issue but was not able to get any solution. How to solve this error..Please give some suggestions regarding the same?
I found from the documentation (might be outdated but i couldn't find an updated one) that you need to pass a paramater called cancel_url which CCAvenue will redirect the customer to this URL if the customer cancels the transaction on the billing page.
So in the page that you create the payment you need to add to your form something like this
<input type="hidden" id="cancel_url" name="cancel_url" value="the_url_where_you_will_proccess_canceled_orders">
You must already have something similar with redirect_url
There is nothing wrong with your code. You need to maintain separate page for cancel order, in which you need not to use CC avenue response code. Since, user didn't complete the payment you wont receive any response parameter from ccavenue. So, their is no need to $verifyCheckSum and $AuthDesc variables. They just cancelled their order willingly. So, just need to show them a msg "Your order has been cancelled", in your website.
Related
In the below code you can see a DIV class="inprg" shows up messages and a couple of buttons on the screen upon the value of database field 'trans_status = ' but user requires to reload the page. How can I make it auto?
<?php
$where="where qu_id={$b_info['qid']} and (trans_status = 'Completed') ";
$order_list=$obj->get_all_records("manage_order",$where,"order_id","DESC");
if(($_SESSION['u_id']==$buyeridaaa || ($_SESSION['u_id']==$s_id)) && !empty($r))
{
$token=$order_list[0]['token'];
$release_flag=$order_list[0]['release_flag'];
$ord_dispute=$order_list[0]['dispute'];
echo '<div class="toolbar"><div class="in_progr">';
if($release_flag=='N' && $ord_dispute=='N')
{
$inprog='<div id="order_status1" class="inprg" style="color:#81CC40">Deposited: '.$order_list[0]['order_amt'] .'₽</div>';
if($_SESSION['u_id']==$buyeridaaa)
{
echo '<form action="" method="post"><input type="hidden" name="tkn" value="'.$token.'">';
echo $dispute_b.'<button type="submit" class="release_btn" name="submit_release" value="1">Release</button>
</form>'.$inprog;
}
else if($_SESSION['u_id']==$s_id)
{
echo $inprog;
}
}
else if ($ord_dispute=='Y') {
echo '<div id="order_status2" class="inprg" style="color:red">Deal disputed!</div>';
}
else
{
echo '<div id="order_status3" class="inprg" style="color:orange">No Deposit!</div>';
}
echo '</div></div>';
}
?>
What you are looking for is called websockets: https://www.google.com/search?q=websockets
Websockets allow your frontend to hook up to your backend and allow your backend to sent messages to frontend on which the frontend can react.
There are multiple libraries and services available to help you establish this. I suggest you first study the technology and available tools.
I am trying to check if a user has taken a quiz before and if he/she has, I want them to be not able to take the quiz again. I implemented the code to do this by using cookies and for some reason my code refuses to stop a user from taking the quiz again. I've been staring at this for a very long time now so help would be nice!
Notes: $_SESSION["index"] is set to 0 initially from a previous page and $_COOKIE['quizTakers"] is an empty array initially. Each Question comes one at a time.
<?php
session_start();
#get array of quizTakers from cookie
$addUser = unserialize($_COOKIE['quizTakers']);
$userN = $_SESSION['username'];
#check if user has taken quiz already and make sure you only check once and not after every question submit
if(count($addUser) != 0 && intval($_SESSION["index"]) == 0 ){
foreach ($addUser as $user) {
if( strcmp($userN,$user) ){
echo "You already took the quiz! <br \>";
echo "<form action=\"changeUser.php\" method=\"post\"> Go Back: <input type=\"submit\"><br \> </form>";
exit();
}
}
array_push($addUser, $userN);
setcookie('quizTakers', serialize($addUser), time()+86400);
echo "loop was entered <br />";
}
#if array is empty(this is should execute the every first time someone takes the quiz
elseif (count($addUser) == 0) {
#add user to array if this is first person taking a quiz yo
array_push($addUser, $userN);
setcookie('quizTakers', serialize($addUser), time()+86400);
echo "cookie added line 29 <br/>";
}
$indexTemp = intVal($_SESSION["index"]);
if(isset($_SESSION["notFirstIndex"])){
#get array of correct answers
$correctAns = $_SESSION["correctAnswers"];
#get particular answer at current index
$currentCorrectAns = intval($correctAns[$indexTemp]) +1;
$userAns = intval($_POST['ans']);
echo "The User picked: ".$userAns." and the correct Answer was: ".$currentCorrectAns."<br/>";
if($userAns == intVal($currentCorrectAns)){
echo " you were correct! <br />";
$_SESSION["totalCorrect"] += 1;
}
else{
echo "you were wrong";
$_SESSION["totalIncorrect"] +=1;
}
}
elseif(!isset($_SESSION['notFirstIndex'])){
echo "Welcome to your quiz, $userN <br />";
echo "You havent answered any questions yet! <br />";
}
?>
<!DOCTYPE html>
<html>
<HR>
</html>
<?php
#When questions are over show results
if($_SESSION["numQuestions"] == $indexTemp){
$_SESSION["index"] = 0;
echo "Your Results are: <br /> ";
echo "Total Questions: ".$_SESSION["numQuestions"]."<br/>";
echo "Total Correct: ".$_SESSION["totalCorrect"]."<br/>";
echo "Total Incorrect: ".$_SESSION["totalIncorrect"]."<br/>";
$percentage = (intval($_SESSION["totalCorrect"]) / intval($_SESSION["numQuestions"])) * 100 ;
echo "Percentage Rightht: $percentage % <br/ >";
echo "<form action=\"process.php\" method=\"post\"> Back to Main screen: <input type=\"submit\"><br \> </form>";
$takers = unserialize($_COOKIE['quizTakers']);
echo $takers[0];
if(count($takers) == 1){
echo "<br />";
echo "You were the first Quiz Taker: <br />";
echo "Total Takers: 1 <br />";
echo "Number Right: ".$_SESSION["totalCorrect"]."<br/>";
echo "Number Incorrect: ".$_SESSION["totalIncorrect"]."<br/>";
echo "Average: $percentage % <br/ >";
exit();
}
exit();
}
$filename = $_SESSION["quizOfTheDay"];
$quizStuff = file($filename);
$ctr =1;
$questionInfo = $quizStuff[$indexTemp];
$questionParse = explode("#", $questionInfo);
#$_SESSION["correctAns"] = $questionParse[2];
#echo $_SESSION["correctAns"]." from line 56 <br />";
$_SESSION['notFirstIndex'] = "true";
$answerChoices = explode(":",$questionParse[1]);
echo "$questionParse[0]? <br />";
?>
<!DOCTYPE html>
<html>
<form action="questions.php" method="post">
<?php
foreach ($answerChoices as $answerChoice) {
echo "<input type='radio' name='ans' id='q1' value=".$ctr."> <label for='q1'>".$answerChoice."</label> <br />";
$ctr +=1;
}
$_SESSION["index"] = $indexTemp +1;
?>
<input type="submit" name="submit" value="GO!">
</form>
</html>
Before the cookie is set, $_COOKIE['quizTakers'] doesn't exist, and when you call unserialize() on this you set $addUsers to false. Then when you try to do array_push($addUser, $userN);, this fails because $addUser isn't an array, so $addUser is still false. Then you put this into the cookie.
The next time the user runs the script, you read false from the cookie, and the username isn't found in this, so you don't stop the user from taking the quiz again.
You're making this much more complicated than it needs to be. You don't need to put an array into the cookie, because cookies aren't shared by all the users. Just set a cookie to a simple string and test whether the cookie is set.
if (isset($_COOKIE['took_quiz'])) {
echo "You already took the quiz! <br \>";
echo "<form action=\"changeUser.php\" method=\"post\"> Go Back: <input type=\"submit\"><br \> </form>";
exit();
}
setcookie('took_quiz', 'true', time()+86400);
As others pointed out, users can get around this by clearing cookies. So if you need something more secure, you need to implement a login system and use a database or file to track which users have already taken the quiz.
I have not read your code, but did you foundamentally understand the concept of a cookie/session?
A cookie will store data at the browser and sends it everytime the website is requested. A session, will store the data on the server, but will store a cookie a the clients side to identify the user on subsequent requests.
So the user can simple wipe the cookies (in both cases) and the server does not know, that this user has ever taken the quiz.
What you can try is a combination of IP address and browser metric, but beware that IP adresses can change (very quick ;) )
Cookies could be erased by the user and you wouldn't know if they did your quiz or not .
You may need to force people to register to gain access to your quiz if you want a permanent way to know if they completed them or not as cookies can easily be wiped.
What are the fields I should validate in DoExpressCheckoutPaymentResponse or is it necessary to validate it?
I was validating the :
$response->DoExpressCheckoutPaymentResponseDetails->PaymentInfo->SellerDetails->PayPalAccountID
But it does not seem to be always provided.
I also validate the GrossAmount (value and currencyCode) and TransactionID in a similar way.
The only thing you need to do is to check the ACK value of the DoExpressCheckout API call.
If the ACK=Success, the transaction completed successfully.
With the PHP merchant SDK you can do something like this:
$DoECReq = new DoExpressCheckoutPaymentReq();
$DoECReq->DoExpressCheckoutPaymentRequest = $DoECRequest;
try {
/* wrap API method calls on the service object with a try catch */
$DoECResponse = $paypalService->DoExpressCheckoutPayment($DoECReq);
} catch (Exception $ex) {
include_once("../Error.php");
exit;
}
if(isset($DoECResponse)) {
echo "<table>";
echo "<tr><td>Ack :</td><td><div id='Ack'>$DoECResponse->Ack</div> </td></tr>";
if(isset($DoECResponse->DoExpressCheckoutPaymentResponseDetails->PaymentInfo)) {
echo "<tr><td>TransactionID :</td><td><div id='TransactionID'>". $DoECResponse->DoExpressCheckoutPaymentResponseDetails->PaymentInfo[0]->TransactionID."</div> </td></tr>";
}
echo "</table>";
echo "<pre>";
print_r($DoECResponse);
echo "</pre>";
}
It's advised by PayPal to integrate the IPN as well. I always rely on them before validating the payment.
There is more information about how to implement them on the PayPal developer website: https://developer.paypal.com/webapps/developer/docs/classic/products/instant-payment-notification/
I create a new payment gateway in cscart. After get success result from payment gateway cs cart redirect it to checkout page and show incomplete checkout.Please help me to solve this issue.
Because you did not provide any code, I made an example code for processing the response:
if ($mode == 'return') {
// this means, that the payment processor returned from 3rd party checkout page
$order_info = fn_get_order_info($_REQUEST['order_id'], true);
// you should have a response code (this section depends on your payment gateway)
if ($_REQUEST['response_code'] == "S") {
// the transaction was successful!
$pp_response['order_status'] = 'P';
$pp_response['transaction_id'] = $_REQUEST['transaction_id'];
$pp_response["reason_text"] = $_REQUEST['response_code'] . ": " . $_REQUEST['transaction_id']);
fn_finish_payment($_REQUEST['order_id'], $pp_response, false);
fn_order_placement_routines('route', $_REQUEST['order_id']);
} else {
// the transaction was NOT successful!
$pp_response['order_status'] = 'N';
$pp_response['transaction_id'] = $_REQUEST['transaction_id'];
$pp_response["reason_text"] = $_REQUEST['response_code'] . ": " . $_REQUEST['transaction_id']);
fn_order_placement_routines('route', $_REQUEST['order_id'], false);
}
}
The key "functions" are: fn_finish_payment() and fn_order_placement_routines(). If you did not finish the payment, you will be redirected to the checkout page, because this means, something went wrong.
I think this is a problem we Web Designers are going to run into frequently working with CMS scripts.
and with all the new shopping carts and eCommerce Payment Gateways coming out.
I have a Component with a newer shopping cart running on Joomla that generates a Unique
URL for each order. Need to process it in Authorize.net SIM
compatible Gateway. (Hosted Payment Page)
I used a 2 Form solution to get the correct information to the Gateway, and payment can be made successfully.
Now I have to get the data back to Validate the payment and update the shopping cart.
I need to move the response code data to a dynamic URL.
The Gateway only posts to a static URL.
They suggested I have the Gateway post back to a static page that then auto posts to the correct unique generated URL.
They advise that the static page will pick up the response elements the shopping cart requires in the database, and then push the information to the second URL that is unique to the Individual transaction.
Also advise redirect be Auto Post or Post.
The Developer kindly wrote a snippet of code that is supposed to pick up the unique identifier for the order, generate the correct URL and to act as the Redirect,
<?php
if($_POST || $_GET) {
$vik = explode('_', $_REQUEST['x_fp_sequence']);
$querystring = '';
foreach($_REQUEST as $k=>$v) {
$querystring .= '&'.$k.'='.$v;
}
header('Location: http://allstoplimo.com/reservations/index.php?option=com_vikrentcar&task=notifypayment&sid='.$vik[0].'&ts='.$vik[1].$querystring);
}
?>
Which I have tried to combine with static standard static receipt page example provided by the Gateway:
<?php
if ($_REQUEST['x_response_code'] == '1') {
echo "<p>";
echo "Your order was processed successfully. Here is your receipt.";
echo "Your order will be shipped in two business days.";
echo "</p>";
echo "<pre>";
echo $_REQUEST["exact_ctr"];
echo "</pre>";
if (!empty($_REQUEST["exact_issname"])) {
echo "<p>";
echo "Issuer: " .$_REQUEST["exact_issname"] . "<br/>";
echo "Confirmation Number: " . $_REQUEST["exact_issconf"];
echo "</p>";
}
echo "<p>";
$track_url = "http://allstoplimo.com/reservations/" . $_REQUEST["x_invoice_num"];
echo "You can track it at <a href=\"" . $track_url . "\">" .
$track_url . "</a>";
echo "</p>";
} elseif ($_REQUEST['x_response_code'] == '2') {
echo "<p>";
echo "Your payment failed.";
echo "Here is your receipt.";
echo "</p>";
echo "<pre>";
echo $_REQUEST["exact_ctr"];
echo "</pre>";
} else {
echo "<p>";
echo "An error occurred while processing your payment.";
echo "Please try again later.";
echo "</p>";
}
?>
The receipt info is posting to the static page but
Of course it is not redirecting anywhere???
Any suggestions on an alternative?