Archive for the ‘wordpress’ tag
Fixing wp-e-commerce for iDEAL payments
Last Friday a friend approached me with a problem he was having. He was trying to setup a small webshop in a existing Wordpress site. For the webshop he was using a plug-in called wp-e-commerce. He chose this plug-in because it is one of few that supports iDEAL payments. Because this shop only serves Holland the only payment option they need is iDEAL.
The iDEAL plug-in seemed to function properly. But the bank portal didn’t respond as expected. The first error i spotted was the mis configured referrer. The error code for this was.
unknown order/0/r
This didn’t solve the problem though. The message change from the previous to
unknown order/1/s
So i spend the next hours reading the manual he got from his bank. And came to the conclusion they do it just a bit different then for what this plug-in was written. The bank expects a hash to be send along each order made. This hash is build up from parts of the order and a secret string. This combined is hashed with the SHA-1 algorithm And added to the form as a hidden field. I wrote a small function to create hash and changed a few other small things in the order form.
The original form looks like this:
<script type="text/javascript">
var Amount = ;
var PSPID = "";
var AM;
if (isNaN(Amount)) {
alert("Amount not a number: " + Amount + " !");
AM = "";
} else {
AM = Math.round(parseFloat(Amount)*100);
}
</script>
<form method='post' action='' id='ideal_form' name='ideal_form'>
<script type="text/javascript">
document.write("
");
document.write("
");
</script>
<INPUT TYPE="hidden" NAME="SHASign" VALUE="4FF8C2FB03B0AA45EA5DE9503AEACB6B603DCFCC">
<input type="hidden" NAME="orderID" value="" />
<input type="hidden" name="currency" value="" />
<input type="hidden" name="language" value="" />
<input type="hidden" name="accepturl" value="">
<input type="hidden" name="cancelurl" value="">
<!--customer information starts-->
<input type="hidden" name="CN" value="">
<input type="hidden" name="EMAIL" value="">
<input type="hidden" name="ownerZIP" value="">
<input type="hidden" name="owneraddress" value="">
<input type="hidden" name="ownercty" value="">
<input type="hidden" name="ownertown" value="">
<input type="hidden" name="ownertelno" value="">
<!--customer information ends-->
<input type="hidden" name="PM" value="iDEAL" />
I didn’t really understand why some values were written by JavaScript. So i removed the JavaScript lines and added the fields to the form. And after adding the hash function statement it looks like this.
<form method='post' action='' id='ideal_form' name='ideal_form'> <input type="hidden" NAME="PSPID" value="" /> <input type="hidden" NAME="orderID" value="" /> <input type="hidden" NAME="amount" value="" /> <input type="hidden" name="currency" value="" /> <input type="hidden" name="language" value="" /> <input type="hidden" name="accepturl" value=""> <input type="hidden" name="cancelurl" value=""> <!--customer information starts--> <input type="hidden" name="CN" value=""> <input type="hidden" name="EMAIL" value=""> <input type="hidden" name="ownerZIP" value=""> <input type="hidden" name="owneraddress" value=""> <input type="hidden" name="ownercty" value=""> <input type="hidden" name="ownertown" value=""> <input type="hidden" name="ownertelno" value=""> <!--customer information ends--> <input type="hidden" name="PM" value="iDEAL" />
echo createSHA1Hash(array(
$purchase_log[0]['id'],
($amount*100),
get_option('ideal_currency'),
get_option('ideal_id'),
'[SHA1-IN-HASH]'
));
</form>
The function i can be placed anywhere in the page. Or a include file. Here’s the code. The only thing that has to be done is replace [SHA1-IN-HASH] with the Hash configured in the bank’s ideal admin.
function createSHA1Hash($hashOptions) {
$str = implode('', $hashOptions);
return '
';
}
While doing some searches i noticed there are more people having issues with this plug-in. So maybe this will save somebody a bit of time.
Wordpress and NO-WWW rewrite
On almost all of my domains i rewrite the WWW sub domain to the no-WWW version. This however went wrong on my own site. And i didn’t even notice it. My friend Alex pointed out that he couldn’t post any comment to the site anymore. So what went wrong?
Normally i use the following lines to do the rewrite.
RewriteCond %{HTTP_HOST} ^www\.lenss\.nl$ [NC]
RewriteRule ^(.*)$ http://lenss.nl/$1 [R=301,L]
My own site however still runs Wordpress and this package comes with it’s own set of rewrite rules. And i just dropped my new lines under the Wordpress rewrite rules.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteRule . index.php [L]
The result was that the WWW sub domain got rewritten to the no-www version. But everything after the trailing slash got dismissed. So rewrites for blog posts didn’t work. And all request would land on the main index. So i did some testing and combined the two sets of rewrite rules. This seems to function properly 
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.lenss\.nl$ [NC]
RewriteRule ^(.*)$ http://lenss.nl/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteRule . index.php [L]
Next time i just need to check my changes more thoroughly. And thank you Alex for point that out to me.
