WorldPay Module for ZenCartv1.3x

[philip_clarke]

Please try this

Line 186 that says (worldpay.php from the "fix")

Code:

$md5_signature = MODULE_PAYMENT_WORLDPAY_MD5KEY . ':'.$OrderAmt.':' . $language_code . ':' . $order->customer['email_address'];

try this

Code:

$md5_signature = MODULE_PAYMENT_WORLDPAY_MD5KEY . ':'.$OrderAmt.':' . $_SESSION['languages_code'] . ':' . $order->customer['email_address'];

and put a transaction through. It appears Alan has changed the currency language construction higher up in the worldpay.php file but not changed it lower down.

[philip_clarke]

We also have some other potential bugs in worldpay.php depending on shop configuration.

line 142 and 143 in the worldpay.php "fix" states

Code:

$callback_url = zen_href_link(FILENAME_WP_CALLBACK, '', 'SSL');
$worldpay_callback = explode('https://', $callback_url);

and further down on line 181 we have this

Code:

zen_draw_hidden_field('MC_callback', $worldpay_callback[1]);

Now this is going to cause problems. Firstly, $worldpay_callback[1] does not work if one is has been forced to manually alter the script to not using SSL, One should have to do this. Really FOR EVERYONE NONSSL OR SSL, then line 143 should be

Code:

$repl = array('http://','https://');
$worldpay_callback = str_replace($repl,'', $callback_url);

and then line 181 should be replaced with

Code:

zen_draw_hidden_field('MC_callback', $worldpay_callback);

There are however still problems. Alan has omitted the $zenId variable that he had previously, so unless the cartId re-established the session in his code (I haven't checked as I have pointed out, I have no worldpay access and so must code using my imagination as to what could happen). then really line 142 should read

Code:

$callback_url = zen_href_link(FILENAME_WP_CALLBACK, zen_session_name() . '=' . zen_session_id(), 'SSL');

The above code does set up an SSL callback, but it's stripped out later and then you enter whether your callback is SSL or not when you enter the details into the worldpay admin interface (well that's what I've understood from the general installation instructions).

Thank you
Philip.

[philip_clarke]

I'll correct myself too:

line 142 should probably read

Code:

$callback_url = zen_href_link(FILENAME_WP_CALLBACK, zen_session_name() . '=' . zen_session_id());

since the SSL is superflous as one apparently enters either http:// or https:// into the worldpay module anyway.

[philip_clarke]

I have a rough replacement for the worldpay.php file that was in includes/modules/payment it is located here:

http://bouncing.org/worldpay.zip

it may not work as it's bee done in a rush this morning. It contains last night's modifications. Use at your own risk

[philip_clarke]

There have been some errors with the beta of this module. On occasion Worldpay is not submitting the new secret password and so is being treated like a hacker

Some people will report a 302 error. Also slow servers on cheap hosts time out on the last page and so do not present the shop back to the shopper, they present a worldpay page, which apparently can be customised so I would suggest people put links on there's if possible back to their shop's front page if they are using a cheap host (I still have no access to worldpay, so I do not know how easy the customisation process is though I have seen people's logos when popping through the gateway during testing).

Things I would suggest for the development of this module. The idea that people have to edit their files depending on whether they use SSL or not is lunacy. In the includes/configure.php file there is this

Code:

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'false');

so it is easy to work out whether the callback should be SSL enabled. You know, there are many more things that could be done to make this module easier to use and install, but it's 2am, it's not my module, and I'm going for a .

[philip_clarke]

One Very important thing and Alan Duncan should be reading this,

THEIR ARE PEOPLE HERE WHO JUST UNZIP THEIR FILES.

I.e. they are leaving a file in their directory structure which still has an exploit in it, so you should create a blank 0kb file, so that when the copy or ftp their files across they wipe it out.

[AfterHouR]

Alan, are you any further forward with this?

Regards
AfterHouR

[thomasharding]

Hey Guys,

I'm nearly there with my installation with WorldPay on ZC, but it's constantly dogged with errors leaving me confused about what Ive done so far, and what I have to do.

Simply put, I need advice on the following points (please!)

1) Worldpay Returning to ZC - It doesn't do anything! No redirect or anything. I've searched this thread and can't seem to find anything that answers it.

2) The "https://<wpdisplay item="MC_callback">" payment response - the url is set to the url of the website, and when I try to change it back to this, i get a 'database error' from World Pay.

3) So I guess without point 1, the order isn't going to hit the database and update on the admin area, which it doesn't.

Any help would be appreciated.

Thankyou

[philip_clarke]

Hello the module is not mine but I do some of the work, PM me with the database error so I can have a look, as it's best not to publish those things, we can sort out the re-direct afterwards.

Philip.

[snow-man]

thomas - I am sure Philip may have sorted you out by now, he's a star however I had similar troubles and the fixes were quite simple:

If you don't log into Production in Worldpay admin setup then you get the database error. Log in to production, edit in Production and then switch to Test using the button at the bottom of the page if you want to edit the Test setup.

Don't add the URL of your site - add the <<wd_display... string as you are trying to do but make sure the first 3 box options are ticked.

Regards