Payment Gateway Module Development

[Dids]

Hey everyone,

 

been working on a custom gw module for some time now, for a finnish payment gateway provider called Checkout.

 

The problem I'm facing is that after I checkout in WHMCS, I see the progress bar, then boom, I'm back in the cart. Gateway log is empty aswell. :-/

 

There's quite a few values that the payment gateway requires the POST to post to their url, so I've just set static values in the module, for now.

 

Any idea what could be causing this? I'd be happy to provide the code if anyone's interested in having a look (I'm more into C# than I am into PHP, so might've missed something really obvious, plus there's a lot of unneeded template code still there).

[DedicatedPros]

Show the code and the information the gateway wants you to send them and where

[Dids]

Thanks for the quick reply.

 

Basically, the gateway handles all the payments, as it supports both finnish web-bank transactions and credit cards, so the usual WHMCS -> gateway -> WHMCS.

 

I'll just copy & paste the required info here, so there's the the name, value and an explanation:

 

ACTION = https://payment.checkout.fi/

METHOD = POST

 

VERSION "0001" - Always 0001

STAMP - Unique ID (invoice ID should work, I think)

AMOUNT - Price in cents, not euros and with no commas etc.

REFERENCE - Your standard transaction/invoice reference number

MERCHANT - ID of the merchant, I've got a test merchant user ID for this

RETURN - The return URL

CANCEL - The cancel URL

CURRENCY EUR - Currency, which should just be set to EUR by default

DEVICE 1 - Just sets the transaction "device/termnial" as HTML

CONTENT 1 - The 1 sets the purchase to be a "normal" purchase

TYPE 0 - The type 0 sets the type of payment

ALGORITHM 1 - Always set to 1

DELIVERY_DATE - This should be the date of the transaction, YYYYMMDD

MAC - This is an MD5 hash that gets calculated from the info above

 

So basically, the ones that don't have a value still require one.

 

Also, just tell me if this seems confusing.

[Dids]

Actually, been honing my skills a bit today.

 

Here's what I've got at the moment: http://slexy.org/view/s2vmHs6rEA

 

The script fails when it has to calculate the $mac attribute. You can see that I'm just trying to sum 'em all together then MD5 it, but something's not right, apparently.

[DedicatedPros]

Does the merchant want all the coded sent to them or just the MD5 code? In the script provided you're posting all the sparate variables and the variables in md5 which seems useless

[Dids]

As far as I know, it needs all of the variables, as it doesn't state that it wants just the MD5 hash, or just the variables.

 

Guess is gets the variables and the "MAC", then compares them all together?

[DedicatedPros]

Do you have any documentation the merchant gave you? This is very simple once you know what needs to be posted, they usually provide the details once you look through their support pages.

[Dids]

Oh I do, and they just mention the values I mentioned before.

Here's the API documentation, although it's in finnish: http://bit.ly/8BR0U

 

You should atleast spot the values and MD5 hash generation in that PDF.

 

I'm pretty sure I need to include all the variables in the POST, as the first one, "VERSION", had to be included (without it, it just kept telling me that the version number is wrong). So now with all the info, it tells me the hash is incorrect.

[Dids]

Here's the latest source: http://didstopia.com/laskutus/checkout.sphp

 

I've looked over it with a friend of mine, and it seems valid.

 

Somehow the payment gateway still doesn't think the MD5 hash is valid though.

 

Anyone spot anything odd about the code?

[DedicatedPros]

Not really, just besides quotes not being used, but that's an issue that won't affect you

[Dids]

The only idea I have is with the "'s, because using "0001" as the VERSION didn't work.

 

So I'll try setting everything up statically (not using $parameters) and see if I get any further with that.

[Dids]

Alright, I got the payment module for osCommerce from the finnish payment gateway provider, so atleast now I have an example that should work.

 

However, I can't seem to spot what I'm doing wrong, at all.

 

Here's mine: http://slexy.org/view/s20E6RRZ3I

 

Here's osCommerce: http://slexy.org/view/s2ADO7qHlT

[DedicatedPros]

You should take the module apart and run it as a standalone php script to see if it generates all the code correctly. For example, substitute all your variables with static code and check if the md5 generates and all that, just have it echo to your browser.

[Dids]

I've tried several ways of debugging it, but so far I'm still not getting the md5 hash right, even though I'm using the same code for the hash generation as in the working osCommerce module.

 

Here's the source for the test code: http://didstopia.com/laskutus/testmodule.sphp

 

And the actual test: http://didstopia.com/laskutus/testmodule.php

 

I can see that it spits out the right values (as far as I can tell) but after I hit Test, it still whines about the "MAC".

[Dids]

Did another test, an even simpler one, and used a 3rd party MD5 hash generation tool to verify that the hash actually does match.

 

I mean, I don't see anything wrong with this?

 

Test it: http://didstopia.com/laskutus/test2.php

Source: http://didstopia.com/laskutus/test2.txt

[sparky]

Are you sure that you need the "+" in-between all of the variables when you create your hash.

eg...

this is the hash you are creating with the extra "+"'s

F6A887FFB3135A0D62C00AE886B6A314

and here, the same info without them

D5B003F8A327F31DE41B8F22BD22B39D

 

Maybe you should go back to the API specs to see exactly how the hash is to be created.

[Dids]

The API requires that the hash is in uppercase, aswell as the +'s between the values. That's what the API says anyway.

 

The sample code for osCommerce also includes the +'s (as $value . "+" . $value2)

[sparky]

Can you paste the "hash creation" part of the API here?

[Dids]

Sure.

 

First it says how it calculates the fields together to form the hash, then that the fields are separated by the + sign.

 

Then it has the hash creation like this:

 

MD5(VERSION+

STAMP+

AMOUNT+

REFERENCE+

MESSAGE+

LANGUAGE+

MERCHANT+

RETURN+

CANCEL+

REJECT+

DELAYED+

COUNTRY+

CURRENCY+

DEVICE+

CONTENT+

TYPE+

ALGORITHM+

DELIVERY_DATE+

FIRSTNAME+

LASTNAME+

ADDRESS+

POSTCODE+

POSTOFFICE+

CONFIRMCODE)

[DedicatedPros]

http://pastebin.com/f4b93afbb

 

I came to my senses a bit, that should work Hopefully...

[Dids]

I'm afraid it still doesn't work. :-/

I can't seem to wrap my head around the problem, since it all seems good to me.

[Dids]

A-ha!

 

The support at the payment gateway just gave me a working copy of a simple form that actually works (they said the input data I have differs from the md5 hash, but the hash generation's correct).

 

Now I just need to find out what I'm doing wrong by looking at this: http://demo1.checkout.fi/vahvista.txt

[Dids]

I'm happy to say that the module now works superbly well.

 

A british PHP guru cleaned up the code a bit, and in the process of doing that, it started working!

 

Now, time for that callback code.

 

(and time to figure out what URLs I need to use when cancelling WHMCS orders)

[DedicatedPros]

What was the issue

[Dids]

The only thing I can think of, is the formatting.

 

If you'd like, you can take a look at the latest working code here: http://didstopia.com/laskutus/checkout.sphp

 

It's changed a bit from the last time, but after the cleanup, it suddenly worked.