printing of secure hash in EBS(INDIA) payment page integration

[shahimadhur]

Hi,

i am trying to integrate payment provided by EBS. However i am getting the error as "INVALID SECURE HASH KEY". THE EBS SUPPORT TEAM IS ASKING ME TO PRINT THE SECUREHASH KEY ON THE CHECKOUT PAGE BEFORE THE PAGE IS PASSED TO EBS.

KINDLY HELP ME FOR IDENTIFYING THE EXACT PAGE WHICH NEEDS TO BE MODIFIED.

IAM HERE WITH PASTING THE CODE OF EBS.

<?php
/*
Zencart
Copyright (c) 2003 Zencart
Released under the GNU General Public License
*/
/**
* RC4 stream cipher routines implementation
*
* in PHP4 based on code written by Damien Miller <[email protected]>
*
* Usage:
* $key = "pear";
* $message = "PEAR rulez!";
*
* $rc4 = new Crypt_RC4;
* $rc4->key($key);
* echo "Original message: $message <br>\n";
* $rc4->crypt($message);
* echo "Encrypted message: $message <br>\n";
* $rc4->decrypt($message);
* echo "Decrypted message: $message <br>\n";
*
* @version $Revision: 1.6 $
* @access public
* @package Crypt
* @author Dave Mertens <[email protected]>
*/
class Crypt_RC4 {

/**
* Real programmers...
* @var array
*/
var $s= array();
/**
* Real programmers...
* @var array
*/
var $i= 0;
/**
* Real programmers...
* @var array
*/
var $j= 0;
/**
* Key holder
* @var string
*/
var $_key;

/**
* Constructor
* Pass encryption key to key()
*
* @see key()
* @param string key - Key which will be used for encryption
* @return void
* @access public
*/
function Crypt_RC4($key = null) {
if ($key != null) {
$this->setKey($key);
}
}

function setKey($key) {
if (strlen($key) > 0)
$this->_key = $key;
}

/**
* Assign encryption key to class
*
* @param string key - Key which will be used for encryption
* @return void
* @access public
*/
function key(&$key) {
$len= strlen($key);
for ($this->i = 0; $this->i < 256; $this->i++) {
$this->s[$this->i] = $this->i;
}

$this->j = 0;
for ($this->i = 0; $this->i < 256; $this->i++) {
$this->j = ($this->j + $this->s[$this->i] + ord($key[$this->i % $len])) % 256;
$t = $this->s[$this->i];
$this->s[$this->i] = $this->s[$this->j];
$this->s[$this->j] = $t;
}
$this->i = $this->j = 0;
}

/**
* Encrypt function
*
* @param string paramstr - string that will encrypted
* @return void
* @access public
*/
function crypt(&$paramstr) {

//Init key for every call, Bugfix 22316
$this->key($this->_key);

$len= strlen($paramstr);
for ($c= 0; $c < $len; $c++) {
$this->i = ($this->i + 1) % 256;
$this->j = ($this->j + $this->s[$this->i]) % 256;
$t = $this->s[$this->i];
$this->s[$this->i] = $this->s[$this->j];
$this->s[$this->j] = $t;

$t = ($this->s[$this->i] + $this->s[$this->j]) % 256;

$paramstr[$c] = chr(ord($paramstr[$c]) ^ $this->s[$t]);
}
}

/**
* Decrypt function
*
* @param string paramstr - string that will decrypted
* @return void
* @access public
*/
function decrypt(&$paramstr) {
//Decrypt is exactly the same as encrypting the string. Reuse (en)crypt code
$this->crypt($paramstr);
}


} //end of RC4 class

// Please make sure you insert your merchant id in the OSC admin area

class ebs2_5 {
var $code, $title, $description, $enabled;

// class constructor

function ebs2_5() {
global $order;

$this->code = 'ebs2_5';
$this->title = MODULE_PAYMENT_EBS_TEXT_TITLE;
$this->description = MODULE_PAYMENT_EBS_TEXT_DESCRIPTION;
$this->sort_order = MODULE_PAYMENT_EBS_SORT_ORDER;
$this->enabled = ((MODULE_PAYMENT_EBS_STATUS == 'True') ? true : false);

if(MODULE_PAYMENT_EBS_TESTMODE=="TEST"){
$this->form_action_url = "https://secure.ebs.in/pg/ma/payment/request/";
} else {
$this->form_action_url = 'https://secure.ebs.in/pg/ma/payment/request/';
}
}

function update_status() {
/* Check whether the zones/geo_zones is valid */
global $order;
if (((int) MODULE_PAYMENT_EBS_VALID_ZONE > 0)) {
$checkFlag = false;
global $db;
$sql = "select zone_id from " . TABLE_ZONES_TO_GEO_ZONES . " where geo_zone_id = '" . MODULE_PAYMENT_EBS_VALID_ZONE . "' and
zone_country_id = '".$order->delivery['country']['id']."' order by zone_id";
$result = $db->Execute($sql);
if($result) while(!$result->EOF) {
if ($result->fields['zone_id'] < 1) {
$checkFlag = true;
break;
}
elseif ($result->fields['zone_id'] == $order->delivery['zone_id']) {
$checkFlag = true;
break;
}
// Move Next
}

/* Set whether this should be valid or not */
if ($checkFlag == false) {
$this->enabled = false;
}
}
}

// class methods

function javascript_validation() {
return '';
}

function selection() {

global $order;
for ($i=1; $i < 13; $i++) {
$expires_month[] = array('id' => sprintf('%02d', $i), 'text' => strftime('%B',mktime(0,0,0,$i,1,2000)));
}
$today = getdate();
for ($i=$today['year']; $i < $today['year']+10; $i++) {
$expires_year[] = array('id' => strftime('%y',mktime(0,0,0,1,1,$i)), 'text' => strftime('%Y',mktime(0,0,0,1,1,$i)));
}
$selection = array('id' => $this->code,
'module' => $this->title,
'fields' => array());
return $selection;

}

function pre_confirmation_check() {

return false;
}

function confirmation() {

$confirmation = array ('title' => $this->description);
return $confirmation;
}

function process_button() {

global $order,$order_total_modules,$currencies;
$temp=mysql_query("select value from currencies where code='INR'")or die(mysql_error());
$currency_value=mysql_fetch_array($temp);
$products_ordered = '';
for ($i=0, $n=sizeof($order->products); $i<$n; $i++) {
$products_ordered .= $order->products[$i]['qty'] . ' x ' . $order->products[$i]['name'] . ' (' . $order->products[$i]['model'] . ') = ' .
$currencies->display_price($order->products[$i]['final_price'], $order->products[$i]['tax'], $order->products[$i]['qty']) . $products_ordered_attributes . "\n";
}
$products_ordered .= "\n";
$order_totals = $order_total_modules->process();
for ($i=0, $n=sizeof($order_totals); $i<$n; $i++) {
$products_ordered .= strip_tags($order_totals[$i]['title']) . ' ' . strip_tags($order_totals[$i]['text']) . "\n";
}
$amount = $order->info['total'];
$reference_no = date('YmdHis');
$return_url = zen_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL');
$description = $reference_no;

$params = array(
'channel' => "0",
'securityToken' => $_SESSION['securityToken'],
'account_id' => MODULE_PAYMENT_EBS_ACCOUNTID,
'mode' => MODULE_PAYMENT_EBS_TESTMODE,
'page_id' => MODULE_PAYMENT_EBS_PAGEID,
'currency' => 'INR',
'reference_no' => $reference_no,
'amount' => $amount,
'description' => $description,
'name'=> $order->customer['firstname'] . ' ' . $order->customer['lastname'],
'address' => $order->customer['street_address'],
'city' => $order->customer['city'],
'state' => $order->customer['state'],
'postal_code' => $order->customer['postcode'],
'country' => $order->customer['country']['iso_code_3'],
'email' => $order->customer['email_address'],
'phone' => $order->customer['telephone'],
'ship_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'],
'ship_address' => $order->delivery['street_address'],
'ship_city' => $order->delivery['city'],
'ship_state' => $order->delivery['state'],
'ship_postal_code' => $order->delivery['postcode'],
'ship_country' => $order->delivery['country']['iso_code_3'],
'ship_phone' => $order->customer['telephone'],
'return_url' => $return_url
);

$hashData = MODULE_PAYMENT_EBS_SECRET_KEY;
$hashType = MODULE_PAYMENT_EBS_HASH;
ksort($params);
foreach ($params as $key => $value){
if (strlen($value) > 0) {
$hashData .= '|'.$value;
}
}

if (strlen($hashData) > 0) {
if($hashType == "SHA512")
$hashValue = strtoupper(hash('SHA512',$hashData));
if($hashType == "SHA1")
$hashValue = strtoupper(sha1($hashData));
}
$secureHash = $hashValue;
$process_button_string = zen_draw_hidden_field('channel', $params['channel']).
zen_draw_hidden_field('account_id', $params['account_id']) .
zen_draw_hidden_field('amount', $params['amount']).
zen_draw_hidden_field('description', $params['description']).
zen_draw_hidden_field('reference_no', $params['reference_no']) .
zen_draw_hidden_field('name', $params['name']) .
zen_draw_hidden_field('currency', $params['currency']) .
zen_draw_hidden_field('page_id', $params['page_id']) .
zen_draw_hidden_field('address', $params['address']) .
zen_draw_hidden_field('city', $params['city']) .
zen_draw_hidden_field('state', $params['state']) .
zen_draw_hidden_field('postal_code', $params['postal_code']) .
zen_draw_hidden_field('country', $params['country']) .
zen_draw_hidden_field('email', $params['email']) .
zen_draw_hidden_field('phone', $params['phone']) .
zen_draw_hidden_field('ship_name', $params['ship_name']).
zen_draw_hidden_field('ship_address', $params['ship_address']) .
zen_draw_hidden_field('ship_city', $params['ship_city']) .
zen_draw_hidden_field('ship_state', $params['ship_state']) .
zen_draw_hidden_field('ship_postal_code', $params['ship_postal_code']) .
zen_draw_hidden_field('ship_country', $params['ship_country']) .
zen_draw_hidden_field('ship_phone', $params['ship_phone']) .
zen_draw_hidden_field('mode', $params['mode']) .
zen_draw_hidden_field('secure_hash', $secureHash) .
zen_draw_hidden_field('return_url', $params['return_url']);
return $process_button_string;
}

function before_process() {

$secret_key = MODULE_PAYMENT_EBS_SECRET_KEY;
$response = $_REQUEST;
$secureHash = $response['SecureHash'];
$params = $secret_key;
unset($response['main_page']);
unset($response['SecureHash']);
$hashType = MODULE_PAYMENT_EBS_HASH;
ksort($response);
foreach ($response as $key => $value){
if (strlen($value) > 0) {
$params .= '|'.$value;
}
}
if (strlen($params) > 0) {
if($hashType == "SHA512")
$hashValue = strtoupper(hash('SHA512',$params));
if($hashType == "SHA1")
$hashValue = strtoupper(sha1($params));
}
$hashValid = ($hashValue == $secureHash) ? true : false;
print_r($hashValue);
if (!isset($response['ResponseCode']) || !is_numeric($response['ResponseCode']) || $response['ResponseCode'] != '0' || (!$hashValid)) {
zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode(MODULE_PAYMENT_EBS_TEXT_ERROR_MESSAGE), 'SSL', true, false));
}

}

function after_process() {

return false;

}

function get_error() {

$error = array('title' => MODULE_PAYMENT_EBS_TEXT_ERROR,
'error' => stripslashes(urldecode($_GET['error'])));
return $error;
}

function check() {
global $db;
if (!isset($this->_check)) {
$check_query = $db->Execute("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_EBS_STATUS'");
$this->_check = $check_query->RecordCount();
}
return $this->_check;
}

function install() {

global $db;

$db->Execute("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values
('Enable EBS Payment Module', 'MODULE_PAYMENT_EBS_STATUS', 'True', 'Do you want to accept EBS payments?', '6', '0', 'zen_cfg_select_option(array(\'True\', \'False\'), ', now())");

$db->Execute("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values
('Merchant User ID', 'MODULE_PAYMENT_EBS_ACCOUNTID', '5', 'Your Merchant Account ID of EBS', '', '0', now())");

$db->Execute("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values
('Secret key', 'MODULE_PAYMENT_EBS_SECRET_KEY', '', 'Your secret key of EBS', '6', '0', now())");

$db->Execute("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values
('Test Mode', 'MODULE_PAYMENT_EBS_TESTMODE', 'TEST', 'Test mode used for the EBS', '6', '0', 'zen_cfg_select_option(array(\'TEST\', \'LIVE\'), ', now())");

$db->Execute("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values
('Sort order of display', 'MODULE_PAYMENT_EBS_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', '6', '2', now())");

$db->Execute("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values
('Hash Type', 'MODULE_PAYMENT_EBS_HASH', 'SHA512', 'Hash Type Algorithm', '6', '0', 'zen_cfg_select_option(array(\'SHA512\', \'SHA1\'), ', now())");

$db->Execute("insert into " . TABLE_CONFIGURATION . " (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values
('Page Id', 'MODULE_PAYMENT_EBS_PAGEID', '', 'Template Page Id', '6', '0', now())");

}

function remove() {

global $db;
$db->Execute("delete from " . TABLE_CONFIGURATION . " where configuration_key in ('" . implode("', '", $this->keys()) . "')");
}

function keys() {

return array('MODULE_PAYMENT_EBS_STATUS', 'MODULE_PAYMENT_EBS_ACCOUNTID', 'MODULE_PAYMENT_EBS_SECRET_KEY', 'MODULE_PAYMENT_EBS_TESTMODE', 'MODULE_PAYMENT_EBS_HASH', 'MODULE_PAYMENT_EBS_PAGEID', 'MODULE_PAYMENT_EBS_SORT_ORDER');

}

}
?>

[kobra]

EBS claims to be for international payments and as such they would fall under PCI/DSS rules
These rules prevent printing the secure hash you are attempting