Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

ogone installation


Guest

Recommended Posts

  • 1 year later...

I get the following error when trying to pay thrue ogone :

 

unknown order/0/r/

 

Anyone an idea what is going wrong.

I got this from their facts:

When starting a payment from my site, I get the error "unknown order/0/x".

If the payment data in the hidden fields match the data in your database, this error is caused by a misconfiguration of your XML page:

 

- Your XML reply is not in the correct format. Note this should be of the type orderID="" amount="" currency="". An XML header should not be generated.

 

- Your XML page is not reachable. Please make sure our server can call it.

 

- Your XML page is in written in a case sensitive language, like PHP, and you are not testing for the right parameters. For example, our server sends orderID, not orderid.

 

and yes at my database it's orderid and not orderID

How can i fix this ?

Link to comment
Share on other sites

Also don't i need to use my PSPID for Merchant ID as it is now on TESTSTD

I've also added a template and added this in /includes/modules/payment/ogone.php :

 

tep_draw_hidden_field('TP','http://hetpoppenhuisje.be/template.htm')

 

But when i do a testpayment the template isn't integrated. Am i forgetting something?

 

Thanks in advance

Link to comment
Share on other sites

Still have the same questions so if anyone has an idea or knows more about this please let me know

 

Super8Man,

 

the Ogone support FAQ section will help you understand the famous unknown order/0/r problem. The 'r' is the giveaway, it stands for 'referrer'. The server does not match the referrer of your page to the value you entered in the technical configuration screen (where, BTW, you will find a direct link to the relevant FAQ section).

 

If you run into more problems, let me know. I have done my share of Ogone installs, I'll be able to help you fix things.

Link to comment
Share on other sites

Thanks for the help.

It still doesn't work. What could i be doing wrong.

I'll go over my technical setup step by step. Hope you can see where the error is, cause i have no idea.

 

For 1.1 method i choose POST

 

For 1.2 my emails

 

For 2.1 i used the IP of the website where i'm installing ogone

 

For 2.2 (where the error should be) URL of the merchant page containing the payment form that will call the page: orderstandard.asp :

i put http://www.hetpoppenhuisje.be/catalog/checkout

 

For 3.1 en 3.2 i didn't fill anything in

 

For 4.1 : http://www.hetpoppenhuisje.be/catalog/checkout_success.php and nothing for the cancellation page

 

For 4.2 : none and no

 

For 4.3 : i checked send an email to the merchant and didn't fill in the SHA-1 Sig

 

For 5.1 : 10

 

For 5.2 : checked display a ticket

 

For 5.3 and 5.4 not checked

 

For 6 : Yes

 

For 7.1 : checked warn for every offline status change

 

For 7.2 : checked by email

didn't fill in an url for offline http requests

 

For 8 : checked Online

 

For 9 : checked Automatic authorisation and payment (data capture) on request

Link to comment
Share on other sites

For 2.2 (where the error should be) URL of the merchant page containing the payment form that will call the page: orderstandard.asp :

i put http://www.hetpoppenhuisje.be/catalog/checkout

 

Hmm... is there a .php missing at the end ?

 

For 3.1 en 3.2 i didn't fill anything in

 

Oops, that's not an option, buddy. One way or the other, you need to provide a way of validating the data that was received by Ogone. SHA1 is easiest all you need to do is add a SHA1 calculation. Use code like this :

 

	$giftTimes100 = intval($amount*100 + 0.5);
$shaSignature = sha1( $orderID . $giftTimes100 ."EUR". $myPSP . $mySecretWord );

 

Set $mySecretWord to something like 'ICANNOTREMEMBERWHATITWAS', and enter the same value in 3.2.

 

Oh, and add the hidden field

 

	<INPUT TYPE="hidden" NAME="SHASign" VALUE="<?= $shaSignature ?>">

 

For 4.1 : http://www.hetpoppenhuisje.be/catalog/checkout_success.php and nothing for the cancellation page

 

For 4.2 : none and no

 

Ah ... this is the offline postsale request, not to be confused with the URLs you specify in the call to orderStandard.asp. Those are the ones your user gets redirected to. The URL you specify here (if you want to use one, in which case setting 4.2 to 'none' is not the right approach) is a back-office request you can use to update your database with the status of the order.

 

Using this, you are more certain to get a status back. If you rely on the end-user redirect to send you to a page where you do an update (I assume that is what you do in checkout_success.php), but the client closes the browser or (if it is IE) it crashes, you will never find out (well, never ... at least not automatically).

 

This ought to put you on the right track. Definitely, these things need to be resolved for anything to work.

 

Let me know how this works. I'm available later today if you need online help. Mail your phone details to [email protected].

Link to comment
Share on other sites

Hi,

 

thanks for all the help!

It seems to work now but the template i added so it resembles my eshop doesn't get loaded.

Or does this never work in the test program?

 

 

I didn't add .php because of the following:

(2.2.) This check helps to ensure that the payment form was not save on the client hard disk, then modified and sent to Ogone e-Commerce. Ogone e-Commerce checks that the addresses you gave are included in the address of the payment request. Thus if you have several pages with an ordering form : order1.htm, order2.htm, order3.htm, the following address : http://www.theshop.com/order will identify them all.
Link to comment
Share on other sites

I don't think the test environment is the issue. Test accounts are just like real ones, everything works the same except the payment itself.

 

Look at the source of the form you generated to check whether the TP variable is properly set. The URL seems to work, perhaps you can add 'www.' in front just to be on the safe side.

 

Do you have a publicly viewable URL where I can see the page from where you post to orderStandard.asp ? I can take a look.

Link to comment
Share on other sites

  • 4 weeks later...

Paul;

 

Your dialog on this thread has been a big help in geeting my configuration set-up, but I think you had part of the conversation in some other medium because there are few things that I am unclear about.

 

1. your references to SHA1 - does this mean we need to create an new SHA file or just add this code to the exixting SHA.PHP?

 

2. your reference to the XML page - I am not sure what this is about, I am assuming that the data being passed to ogone is going via the POST. Where do I look for the XML element to verify this section.

 

3. Your reference to the Back-office updating of the Ogone status - does this require a new code unit, do I need to create a new .PHP file to update the order status as sent from Ogone on completion or is there a code unit there.

 

I am leaving this on the forum for others to reference.

 

Danke je

Link to comment
Share on other sites

1. your references to SHA1 - does this mean we need to create an new SHA file or just add this code to the exixting SHA.PHP?

 

I'm not sure which SHA.php you are refering to. But the fact is that there needs to be a verification of the data sent which uses a non-public key -- else your security layer is useless. Both your script (aka. payment module) and Ogone compute a signature on the data using the formula I indicated. Since you introduce the secret word in your Ogone account configuration, only you and Ogone know about it, and if you do the same math and agree on the results, you can assume noone tampered with the data.

 

So : you need to calculate the SHA1 string (see my code snippet) and add this in a hidden field as indicated. So this code goes into the payment module.

 

2. your reference to the XML page - I am not sure what this is about, I am assuming that the data being passed to ogone is going via the POST. Where do I look for the XML element to verify this section.

 

I did not mention an XML page. It was part of the very first post of this thread. You simply post the form as you would any other.

 

3. Your reference to the Back-office updating of the Ogone status - does this require a new code unit, do I need to create a new .PHP file to update the order status as sent from Ogone on completion or is there a code unit there.

 

The integration in the widely available Ogone module is basic (no offence to its kind and gratious author) and does not use the backoffice request. It requires you to configure a URL in the Ogone account, where Ogone will post a result. This is a new page you'll have to write (unless you can hold off for a few weeks until I submit mine) which reads the statu, updates the database with it and dies gracefully. This is a request sent from the Ogone server to yours, invisible to the client.

 

So yes, a new file to add, but a simple one.

 

More questions ? Send them on.

Link to comment
Share on other sites

I'm not sure which SHA.php you are refering to. But the fact is that there needs to be a verification of the data sent which uses a non-public key -- else your security layer is useless. Both your script (aka. payment module) and Ogone compute a signature on the data using the formula I indicated. Since you introduce the secret word in your Ogone account configuration, only you and Ogone know about it, and if you do the same math and agree on the results, you can assume noone tampered with the data.

 

So : you need to calculate the SHA1 string (see my code snippet) and add this in a hidden field as indicated. So this code goes into the payment module.

 

The Ogone Contribution (ogone 1.1r2 by Frank) that I loaded included a SHA.php. I orginally got errors on this module because there was a function named final() which I think is a reserved word in my version of php, so I changed this to finalstep() everywhere and it now looks to be working fine. The configuration in the Admin side requires a SHA1 ID, so I assume that the requirements in this area have been met?

 

The integration in the widely available Ogone module is basic (no offence to its kind and gratious author) and does not use the backoffice request. It requires you to configure a URL in the Ogone account, where Ogone will post a result. This is a new page you'll have to write (unless you can hold off for a few weeks until I submit mine) which reads the statu, updates the database with it and dies gracefully. This is a request sent from the Ogone server to yours, invisible to the client.

 

So yes, a new file to add, but a simple one.

 

If I know the format of the string that they send back I can write the query, but i would be happy to help you debug yours too.

 

Thanks

Link to comment
Share on other sites

My PHP has SHA1 included in the distribution, so that was taken care of easily.

 

If you want to understand the integration, it's worth lokkign through Ogone's support documentation, which has an extensive manual on integrating. You can find it in the support section of the admin environment. I'll assume you have created a test account, have chosen your PSP and login and know how to login to the backend. Find support in the topright corner of the site, then choose documentation, click on 'Ogone e-Commerce Standard Mode integration manual', and you'll discover Bob married your father's sister.

 

And on page 25, it was Written :

5.7.1 Automating back-office tasks

 

To automate your back office tasks, you can define in the Technical information (see Ogone e-

Commerce Administration Menu/Account/Technical information) the URL of 2 executable

pages of your site: a post-sale page and a cancel-deny page.

 

Once the sale process is complete, Ogone e-Commerce will make an http request to one of those

pages, sending as parameter the following data:

 

http://www.abssys.be/post.asp?orderID=9999...000&ACCEPTANCE=.

..&STATUS=...&NCERROR=....&PAYID=...&PM=..&BRAND=...&CARDNO=...&CCCTY=..&I

PCTY=..&ECI=..&CVCCheck=...&AAVCheck=...&VC=...&IP=...&COMPLUS=..&[PARAMPL

US Fields]=... &SHASIGN=...

 

And there was light, and joy, and those salted things on a stick which go so wonderfully well with dark beer.

 

 

Hope this helps.

Link to comment
Share on other sites

  • 4 months later...
  • 2 years later...

Hi,

 

I'd like to point out that there's a quite similar french thread here. Since most of the ogone users originate from benelux and france, this could be usefull. I certainly found some intresting things.

 

Unfortunately for me, I seem to have a unique problem (according to google).

When choosing payment via ogone on the "checkout_payment.php" page the "checkout_confirmation.php" page starts to load but doesn't load completely. When checking the source code my browser receives I can see that it ends with the line

<td align="right" class="main bg_input">

 

Offcourse this gives some strange layout, but more important I don't get any confirm button.

 

I've been looking around in the "checkout_confirmation.php" soure code, there I found the last line received by the browser wich is immediatly followed by an "if statement". I suppose thats where it goes wrong.

<td align="right" class="main bg_input">

<?php

  if (is_array($payment_modules->modules)) {

    echo $payment_modules->process_button();

  }



  echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . "\n";

?>

 

Does anyone know where I should be looking?

thanks, Timothy

Link to comment
Share on other sites

I've been looking around in the "checkout_confirmation.php" soure code, there I found the last line received by the browser wich is immediatly followed by an "if statement". I suppose thats where it goes wrong.

<td align="right" class="main bg_input">

<?php
  if (is_array($payment_modules->modules)) {
    echo $payment_modules->process_button();
  }

  echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . "\n";
?>

 

Does anyone know where I should be looking?

Very strange since this is standard osC code. You could try to echo a few things see if you get some more info?

  if (is_array($payment_modules->modules)) {
echo $payment_modules->process_button();
 } else {
echo '<pre>Something is not working here. Echo payment_modules:<br>';
print_r($payment_modules->modules);
echo '</pre>';
}

 echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . "\n";

Link to comment
Share on other sites

Very strange since this is standard osC code. You could try to echo a few things see if you get some more info?

  if (is_array($payment_modules->modules)) {
    echo $payment_modules->process_button();
  } else {
echo '<pre>Something is not working here. Echo payment_modules:<br>';
print_r($payment_modules->modules);
echo '</pre>';
}

  echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . "\n";

 

I think I have localised the problem,

 

in "/catalog/includes/modules/payment/ogone.php" there are 4 lines about the SHA encryption.

If I remove these, everything works (without sha offcourse).

 	 include(DIR_WS_CLASSES . 'sha.php');
 	 $sha = new SHA;
 	 $hasharray = $sha->hash_string($ogone_orderID . $ogone_amount . $order->info['currency'] . MODULE_PAYMENT_OGONE_PSPID . MODULE_PAYMENT_OGONE_SHA_STRING);
 	 $process_button_string .= tep_draw_hidden_field('SHASign', $sha->hash_to_string($hasharray));

 

If I add the first line (include ...) again, then the layout and confirm button disappears again.

So the error is in sha.php?

Edited by ctimothy
Link to comment
Share on other sites

I think I have localised the problem,

 

in "/catalog/includes/modules/payment/ogone.php" there are 4 lines about the SHA encryption.

If I remove these, everything works (without sha offcourse).

 	 include(DIR_WS_CLASSES . 'sha.php');
 	 $sha = new SHA;
 	 $hasharray = $sha->hash_string($ogone_orderID . $ogone_amount . $order->info['currency'] . MODULE_PAYMENT_OGONE_PSPID . MODULE_PAYMENT_OGONE_SHA_STRING);
 	 $process_button_string .= tep_draw_hidden_field('SHASign', $sha->hash_to_string($hasharray));

 

If I add the first line (include ...) again, then the layout and confirm button disappears again.

So the error is in sha.php?

Maybe the server cannot find the class sha.php with this relative link. Perhaps use something like:

include(DIR_FS_CATALOG . DIR_WS_CLASSES . 'sha.php');

or write out the full path to that file on your server?

Link to comment
Share on other sites

Maybe the server cannot find the class sha.php with this relative link. Perhaps use something like:

include(DIR_FS_CATALOG . DIR_WS_CLASSES . 'sha.php');

or write out the full path to that file on your server?

Strange, if I try 

include(DIR_FS_CATALOG . DIR_WS_CLASSES . 'sha.php');

nothing changes.

 

 

So I tested with the full url (http://www.luxury-outlet.be/includes/classes/sha.php),

for a moment I thought it was ok, but actually it doesn't matter what I enter apparantly it even works with fake url's.

So as long as the include code doesn't find the sha.php file it's ok.

 

I do wonder why I seem to be the only one having problems with that code, maybe this is because of bad php server settings?

 

 

you can find the sha.php file here

Edited by ctimothy
Link to comment
Share on other sites

Strange, if I try 

include(DIR_FS_CATALOG . DIR_WS_CLASSES . 'sha.php');

nothing changes.

 

So I tested with the full url (http://www.luxury-outlet.be/includes/classes/sha.php),

You shouldn't use a url but a path: e.g. /Library/WebServer/Documents/catalog/includes/classes/sha.php

Anyway, when I include that class in e.g. checkout_shipping.php and use that function I get an error:

Parse error: syntax error, unexpected T_FINAL, expecting T_STRING in /Library/WebServer/Documents/cat_sppc_rc2/includes/classes/sha.php on line 313

Never seen that one before :)

Line 313 is:

	function final() {

When I google for the error: bingo:

http://www.webhostingtalk.nl/nl-internet-www-server-side/61032-fout-met-sha.html

final is a keyword (?) in PHP5 and cannot be used for functions. You should rename it to something like finalize (find all instances of final and change them too).

 

Note: only used in the function hash_bytes($bytes).

 

It looks like you could use native PHP functions to do the sha thing too.

Edited by Jan Zonjee
Link to comment
Share on other sites

You shouldn't use a url but a path: e.g. /Library/WebServer/Documents/catalog/includes/classes/sha.php

Anyway, when I include that class in e.g. checkout_shipping.php and use that function I get an error:

Parse error: syntax error, unexpected T_FINAL, expecting T_STRING in /Library/WebServer/Documents/cat_sppc_rc2/includes/classes/sha.php on line 313

Never seen that one before :)

Line 313 is:

    function final() {

When I google for the error: bingo:

http://www.webhostingtalk.nl/nl-internet-www-server-side/61032-fout-met-sha.html

final is a keyword (?) in PHP5 and cannot be used for functions. You should rename it to something like finalize (find all instances of final and change them too).

 

Note: only used in the function hash_bytes($bytes).

 

It looks like you could use native PHP functions to do the sha thing too.

 

Thanks Jan, you're my hero of the day.

 

 

It is indeed the keyword 'final' that shouldn't be used on a php5 server. 

 

 

If I manage to get rid of the "unknown order/0/s/" error, than everything works fine.

This message means that the sha key doesn't match...

Link to comment
Share on other sites

If I manage to get rid of the "unknown order/0/s/" error, than everything works fine.

This message means that the sha key doesn't match...

Does this ring a bell?

http://forum.dutchjoomla.org/showpost.php?p=216768&postcount=13

Link to comment
Share on other sites

Does this ring a bell?

http://forum.dutchjoomla.org/showpost.php?p=216768&postcount=13

 

I'm not sure, ok I moved the sha key from field 3.2 to 4.4 and now it works again.

But now it's only the reply from ogone to my webshop that's 'encrypted'?

 

Shouldn't the order no and order total be secured to?

Edited by ctimothy
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...