search

2Checkout / 2checkout-php

2Checkout PHP Library
MIT License
83 stars 66 forks source link

Incorrect hash validation #8

Closed vbezruchkin closed 11 years ago

vbezruchkin commented 11 years ago

Greetings,

I'm working on a plugin integration for Subrion CMS. Here is what I have now:

$form_values = array();

if ($iaCore->get('checkout_demo'))
{
    $form_values['demo'] = 'Y';
}

$form_values['sid'] = $iaCore->get('checkout_id');
$form_values['total'] = $plan['cost'];
$form_values['custom'] = $plan['title'];

$form_values['id_type'] = 1;
$form_values['cart_order_id'] = time();
$form_values['x_Receipt_Link_URL'] = IA_RETURN_URL . 'completed' . IA_URL_DELIMITER;
$form_values['id_account'] = iaUsers::hasIdentity() ? iaUsers::getIdentity()->id : 0;
$form_values['item_number'] = $plan['title'];
$form_values['vip'] = $_SERVER['REMOTE_ADDR'];

// print form values
if (isset($iaLog))
{
    $iaLog->logInfo('2checkout form values', $form_values);
}

// require 2co API library
require_once dirname(__FILE__) . '/lib/Twocheckout.php';

Twocheckout_Charge::redirect($form_values);

that's used to send the form data. I'm redirected to 2checkout and it seems I pass all the needed details there.

Here is the code to process response:

if (isset($_POST['item_number']) && !empty($_POST['item_number']))
{
    $params = array();
    foreach($_POST as $k => $v)
    {
        $params[$k] = $v;
    }

    if (isset($iaLog))
    {
        $iaLog->logInfo('2checkout $_POST response', $params);
    }

    // require 2co API library
    require_once dirname(__FILE__) . '/lib/Twocheckout.php';

    // validate response
    $result = Twocheckout_Return::check($params, $iaCore->get('checkout_secret'), 'array');

I always get incorrect hash. Even when I try to validate the data manually I see I get different hashes. What could be the case? Please advise!

vbezruchkin commented 11 years ago

$iaCore->get('checkout_secret') returns correct string that's configured in my 2checkout account $iaCore->get('checkout_id') - returns correct account number

logInfo method only prints debug information in the file

craigchristenson commented 11 years ago

If the hashes are not matching, the most common cause is that you are placing a demo sale. 2Checkout intentionally breaks the hash on demo sales by using a "1" for the order number when the hash is computed. If you handle this in your app like below it should match correctly on demo sales.

if ($params['demo'] == 'Y') {
    $params['order_number'] = '1';
}
vbezruchkin commented 11 years ago

Thanks Craig. Worked fine.