Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Jul 2012
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    URGENT HELP REQUIRED: BARCLAYS EDPQ Intergration, Sha-1 STUCK HELP!

    I have been setting up a site for a while now, Barclaycard have accepted me got into my back-office ... Not what Barclaycard described.

    Also it is not a cart I am using it is just a website with a simple form and a pay now button.

    I was under the impression I could use code snippets...

    But they didn't explain I need to use Sha-1 and all that.

    I am a bit of a newbie when it comes to secure browsers ect.

    Some Guidance step's would be great.

    Barclaycard have replied to my support ticket with this...
    As we understand you have received the error: “unknown order/1/s/”.
    The error means that the SHA signature that you have sent in the hidden fields of your order form is not the same as the SHA signature that we calculated with the data that we received from you.
    See below an example of an order where you got this error. Please bear in mind that the SHA calculation is case sensitive: f.e. the currency (EUR) must be spelled in capital letters, the same counts if your PSPID contains capitals.
    With this example, you should be able to find the cause for this error. String to hash (passphrase is replaced by +++HASHKEY+++):

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,439
    Thanks
    62
    Thanked 537 Times in 524 Posts
    Well unless you're going to show code as to what you are doing there is nothing we can do to help.

    All you have effectively done is come here, rant about how it doesn't work and then signed off. You've not told us anything useful that will allow anyone here to help.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    Regular Coder Redcoder's Avatar
    Join Date
    May 2012
    Location
    /dev/null
    Posts
    334
    Thanks
    2
    Thanked 48 Times in 47 Posts
    Means that there is data you are supposed to send to their script but you are sending incorrect data, misspelled or wrong case. The SHA-1 is for data validation, to ensure that the data came from you so that they do not charge data to the wrong account or deposit to the wrong one.

    You should find out the data that they use to calculate the SHA-1 hash and verify that you have it correct to the letter. Just a simple example- they may use a combination of the domain name + your unisque ID then hashing it.

    The other, unlikely, your server may be victim to a man in the middle attack where data transmitted is changed then retransmitted.

    Debug what's wrong and maybe call their customer care.
    Last edited by Redcoder; 11-19-2012 at 07:35 PM.

  • #4
    New Coder
    Join Date
    Jul 2012
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts
    As we understand you have received the error: “unknown order/1/s/”.
    The error means that the SHA signature that you have sent in the hidden fields of your order form is not the same as the SHA signature that we calculated with the data that we received from you.
    See below an example of an order where you got this error. Please bear in mind that the SHA calculation is case sensitive: f.e. the currency (EUR) must be spelled in capital letters, the same counts if your PSPID contains capitals.
    With this example, you should be able to find the cause for this error. String to hash (passphrase is replaced by +++HASHKEY+++):
    That was there answer to my error code,

    Can you please explain the sha-1 function to me, I do alot of web design and coding but rarely with this, Most of my google results were garbage too...

    Thanks!

  • #5
    Regular Coder Redcoder's Avatar
    Join Date
    May 2012
    Location
    /dev/null
    Posts
    334
    Thanks
    2
    Thanked 48 Times in 47 Posts
    SHA-1 is a cryptographic hash function. A hash cannot be reversed back to the original string or file. A hash != encryption.
    If you want to find out about SHA-1 implementation, go to :

    http://php.net/manual/en/function.sha1.php

    http://www.w3schools.com/php/func_string_sha1.asp

    What you need to make sure of is that the signature of your hidden form is correct and also how they calculate the SHA-1 hash on their end so that you can know what fields are wrong. Also follow their instructions and change accordingly --> "Please bear in mind that the SHA calculation is case sensitive: f.e. the currency (EUR) must be spelled in capital letters, the same counts if your PSPID contains capitals.".

    And could you provide the link or the example mentioned below:

    Code:
    See below an example of an order where you got this error.

  • #6
    New Coder
    Join Date
    Jul 2012
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This is the whole thing.
    As we understand you have received the error: “unknown order/1/s/”.
    The error means that the SHA signature that you have sent in the hidden fields of your order form is not the same as the SHA signature that we calculated with the data that we received from you.
    See below an example of an order where you got this error. Please bear in mind that the SHA calculation is case sensitive: f.e. the currency (EUR) must be spelled in capital letters, the same counts if your PSPID contains capitals.
    With this example, you should be able to find the cause for this error. String to hash (passphrase is replaced by +++HASHKEY+++):

    ACCEPTURL=http://nhs-e111.org.uk/done.php+++HASHKEY+++AMOUNT=100+++HASHKEY+++BACKURL=http://nhs-e111.org.uk/+++HASHKEY+++BGCOLOR=#4e84c4+++HASHKEY+++BUTTONBGCOLOR=#00467F+++HASHKEY+++BUTTONTXTCOLOR=#FFFFFF+++ HASHKEY+++CANCELURL=http://nhs-e111.org.uk/+++HASHKEY+++CATALOGURL=http://nhs-e111.org.uk/+++HASHKEY+++COM=Three telephone cards+++HASHKEY+++COMPLUS=123XXXXXXXXXXX6789123456789+++HASHKEY+++CURRENCY=GBP+++HASHKEY+++DECLINEUR L=http://nhs-e111.org.uk/+++HASHKEY+++ECOM_BILLTO_POSTAL_NAME_FIRST=Bill+++HASHKEY+++ECOM_BILLTO_POSTAL_NAME_LAST=Smith+++HAS HKEY+++EXCEPTIONURL=http://nhs-e111.org.uk/+++HASHKEY+++FONTTYPE=Verdana+++HASHKEY+++HOMEURL=http://nhs-e111.org.uk/+++HASHKEY+++LANGUAGE=en_US+++HASHKEY+++ORDERID=1+++HASHKEY+++PARAMPLUS=SessionID=126548354&ShoperID =73541312+++HASHKEY+++PSPID=epdq89288938+++HASHKEY+++TBLBGCOLOR=#FFFFFF+++HASHKEY+++TBLTXTCOLOR=#000 000+++HASHKEY+++TITLE=Title of "my page"+++HASHKEY+++TXTCOLOR=#FFFFFF+++HASHKEY+++

    Received SHA-1 string: ecKIPTndZE8FQwXkzojW4NBbr1g
    Expected SHA-1 string: 7E5997CDAF92E885C7A1A7FA33BAB2ED0A007F58

  • #7
    Regular Coder Redcoder's Avatar
    Join Date
    May 2012
    Location
    /dev/null
    Posts
    334
    Thanks
    2
    Thanked 48 Times in 47 Posts
    For one, SHA-1 is a 160 bit hash so it is 40 characters long. ALL Sha-1 hashes ARE 40 CHARACTERS LONG. I don't know why the hash you send is 27 characters long. Maybe it is being truncated somewhere? Although if it were being just truncated, the first 27 characters of both would be similar.

    Try to follow your original code to find out where a 27 characters long code is being sent. I do not know of any 108 bit(27 characters) hash code.
    Last edited by Redcoder; 11-19-2012 at 09:25 PM.

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,439
    Thanks
    62
    Thanked 537 Times in 524 Posts
    Quote Originally Posted by farnhamit View Post
    That was there answer to my error code,

    Can you please explain the sha-1 function to me, I do alot of web design and coding but rarely with this, Most of my google results were garbage too...

    Thanks!
    That maybe so but you're still not showing any source code are you. Without that (as I previously suggested and you ignored) we still can't really help you.

    If you want help, provide code. If you don't want to provide code then good luck fixing it

    Providing their reply doesn't help us. We need to see your code to figure out what you're doing wrong.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •